www: New login system

New login system: - default login: "admin", password "" - possibility of changing password Loging user&password are different from swith user/pass. It is now stored in /etc/phpusers.

www: New login system
New login system: - default login: "admin", password "" - possibility of changing password Loging user&password are different from swith user/pass. It is now stored in /etc/phpusers.
8c9b02d9 · José Luis Gutiérrez · Alessandro Rubini · e79da606 · 8c9b02d9 · 8c9b02d9
Commit 8c9b02d9 authored Jun 17, 2014 by José Luis Gutiérrez Committed by Alessandro Rubini Jul 28, 2014
Hide whitespace changes
Inline Side-by-side

Showing with 140 additions and 7 deletions

change_passwd.php userspace/rootfs_override/var/www/change_passwd.php +108 -0

login.php userspace/rootfs_override/var/www/login.php +32 -7

No files found.
--- a/userspace/rootfs_override/var/www/change_passwd.php
+++ b/userspace/rootfs_override/var/www/change_passwd.php
+<?php include 'functions.php'; include 'head.php'; ?>
+<body id="ptp">
+<div class="main">
+<div class="page">
+<div class="header" >
+<!--<h1>White-Rabbit Switch Tool</h1>-->
+<div class="header-ports" ><?php wrs_header_ports(); ?></div>
+<div class="topmenu">
+	<?php include 'topmenu.php' ?>
+</div>
+</div>
+<div class="content">
+<div class="leftpanel">
+<h2>Main Menu</h2>
+	<?php include 'menu.php' ?>
+</div>
+<div class="rightpanel">
+<div class="rightbody">
+<h1 class="title">User Administration <a href='help.php?help_id=network' onClick='showPopup(this.href);return(false);'><img align=right src="./img/question.png"></a></h1>
+
+	<?php session_is_started() ?>
+	<?php $_SESSION['advance']=""; ?>
+	
+	<table border="0" align="left">	
+		
+			<form method="post">
+			<tr><th>Username: </th><th><INPUT type="text" name="user" ></th></tr>
+			<tr><th>Old Password: </th><th><INPUT type="password" name="oldpasswd" > </th></tr>
+			<tr><th>New Password: </th><th> <INPUT type="password" name="newpasswd" > </th></tr>
+			<tr><th>Confirm Password: </th><th><INPUT type="password" name="confirmpasswd" > </th></tr>
+			<tr><th></th><th  align="center"><input type="submit" value="Change Password" class="btn"></th></tr>
+			</form>
+		
+	</table>
+	
+	
+	<?php 
+		wrs_change_wrfs("rw");
+		//Change user password
+		
+		$success=false;
+		if( empty($_POST['user'])){
+			echo '<br><br><br><p align=center>Please fill fields.<br></p>';
+				
+		}else{
+			$saved_hash = shell_exec("cat /etc/phpusers | grep ".$_POST["user"]." | awk '{print $2}'");
+			$saved_hash = str_replace("\n","",$saved_hash);
+			
+			$username = $_POST["user"];
+			$oldpassword = $_POST["oldpasswd"];
+			$newpasswd = $_POST["newpasswd"];
+			$confirmpasswd = $_POST["confirmpasswd"];
+			
+			//First confirm old password
+			$salt="wrs4.0salt";
+			$pass = $oldpassword;
+			$hash = md5($pass); // md5 hash #1 
+			$hash_md5 = md5($salt.$pass); // md5 hash with salt #2 
+			$hash_md5_double = md5(sha1($salt.$pass)); // md5 hash with salt & sha1 #3 
+			
+			
+			if (!strcmp($hash_md5_double, $saved_hash) && !strcmp($newpasswd, $confirmpasswd) && !strcmp($_POST["user"],$_SESSION['myusername'])){ //old password is correct && new and confirm are the same
+				//set the new one
+				
+				$pass = $confirmpasswd;
+				$hash = md5($pass); // md5 hash #1 
+				$hash_md5 = md5($salt.$pass); // md5 hash with salt #2 
+				$hash_md5_double = md5(sha1($salt.$pass)); // md5 hash with salt & sha1 #3 
+				
+				//Save in file
+				//We save the changes in a temporarely file in /tmp
+				$old_value=$username." ".$saved_hash;
+				$new_value=$username." ".$hash_md5_double;
+
+				$output = shell_exec('cat /etc/phpusers | sed -i "s/'.$old_value.'/'.$new_value.'/g" /etc/phpusers'); //replace password for the user
+				
+				//$file = fopen("/etc/phpusers","w+");
+				//fwrite($file,$output);
+				//fclose($file);
+				
+				
+				
+				$success=true;
+				echo '<br><br><br><p align=center>Password changed.<br></p>';
+			}else{
+				$success=false;
+				echo '<br><br><br><p align=center>Error changing password.<br></p>';
+			}
+			
+			
+		}
+		
+		wrs_change_wrfs("ro");
+		
+		if($success) header('Location: logout.php');
+	
+	?>
+
+</div>
+</div>
+</div>
+<div class="footer">
+	<?php include 'footer.php' ?>
+</div>
+</div>
+</div>
+</body>
+</html>
--- a/userspace/rootfs_override/var/www/login.php
+++ b/userspace/rootfs_override/var/www/login.php
@@ -23,25 +23,50 @@

 		$message="";
 		if(count($_POST)>0) {
-			$users = shell_exec('cat /etc/users');
-			$users = explode(" ", $users);
+			
+			//If /etc/phpusers does not exist we create the file and "admin" "" user&pass
+			if (!file_exists("/etc/phpusers")) {
+				$username = "admin";
+				$password = "";
+				$salt="wrs4.0salt";
+				$pass = $password;
+				$hash = md5($pass); // md5 hash #1 
+				$hash_md5 = md5($salt.$pass); // md5 hash with salt #2 
+				$hash_md5_double = md5(sha1($salt.$pass)); // md5 hash with salt & sha1 #3 
+				$output= $username." ".$hash_md5_double."\n";
+				wrs_change_wrfs("rw");
+				$file = fopen("/etc/phpusers","w+");
+				fwrite($file,$output);
+				fclose($file);
+				wrs_change_wrfs("ro");
+			}
+			
 			$username = $_POST["login"];
 			$password = $_POST["password"];
-			if ((!strcmp($username, "root")) && (!strcmp($password, ""))){
+			$saved_hash = shell_exec("cat /etc/phpusers | grep ".$username." | awk '{print $2}'");
+			$saved_hash = str_replace("\n","",$saved_hash);
+			$user_exists = shell_exec("cat /etc/phpusers | grep -c ".$username);
+			
+			
+			$salt="wrs4.0salt";
+			$pass = $password;
+			$hash = md5($pass); // md5 hash #1 
+			$hash_md5 = md5($salt.$pass); // md5 hash with salt #2 
+			$hash_md5_double = md5(sha1($salt.$pass)); // md5 hash with salt & sha1 #3 
+						
+			if (!strcmp($hash_md5_double,$saved_hash) && $user_exists>0){
 				session_start(); 
 				$_SESSION["myusername"] = $username;
 				
-				
-				
+					
 				echo 'Logged in as '.$_SESSION["myusername"];
 				header('Location: index.php');
 			}else{
 				echo 'Invalid Username or Password';
+				
 			}

 		}
-			//if(isset($_SESSION["user_id"])) {
-			//header("Location:index.php");
 		
 	?>