#!/usr/bin/perl
# wwwpass Version 1.0 - By Chris Candreva
# Back-end script to let a user change their password from a web page
# Interfaces to popassd daemon
#
require "sys/socket.ph";
require "cgi-lib.pl";

# Replace with the name of your password host.
$pass_host = "mala.vet.bg.ac.yu";

&ReadParse;
print &PrintHeader;

umask(077);
$ipadd = $ENV{"REMOTE_ADDR"};

$p = $in{"oldpasswd"};
$np = $in{"passwd"};
$np1 = $in{"passwd1"};

	$login = $in{"username"};

        @info = getpwnam($login);
        $i = index($info[6],' ');
        $fname = substr($info[6],0,$i);

if ($info[3] != 100) {
	print "<title>Error!</title><h1>Authorization Error</h1>
		You are not authorized to take this action.<P>";
	exit 0;
}

$l = length($np);
if (($np ne $np1) || ($l < 6) || ($np eq '')) {
	print "<title>Error!</title><h1>Password Error</h1>I'm sorry $fname, ";
	if ($np ne $np1) {
		print 'the two new passwords you entered did not match.';
	} elsif ($l < 6) {
		print 'your password must have a least 6 characters.';
	} else {
		print 'you may not enter a blank password.<P>';
	}
	print ' Your password was not changed. Would you like to <A HREF="/utils/change_passwd.html">try again</A>?';
	&show_tag;
	exit 0;
}

&start_poppassd($pass_host);

# Get hello prompt
$_ = <PASSD>;
unless (/^200/) {&pass_error;}

# Send username
print PASSD "user $login\n";
$_ = <PASSD>;
unless (/^200/) {&pass_error;}

# Send Old Password
print PASSD "pass $p\n";
$_ = <PASSD>;
if (/^500/) {
	# For now, a generic error
	&pass_error;
}

# Now new password
print PASSD "newpass $np\n";
$_ = <PASSD>;
if (/^500/) {
	# Generic error again
	&pass_error;
}

# We are done, quit;
print PASSD "quit\n";
$_ = <PASSD>;  

print "<TITLE>Change Password</TITLE><h1>Change Password</h1>";
print "$fname, your password has been successfully changed. Don't forget to
change your log-in script and your mail programs to reflect this new
password. Also, don't forget your new password!<P>";
&show_tag;
exit 0;


sub pass_error {
s/^\d\d\d //;
print "<title>Error!</title>";
print "<h1>Unable To Change Password</h1>";
print "I'm sorry, I was unable to change your password. The password server
returned the following error:<BR> <strong>$_</strong><P>
Would you like to <A HREF=\"http://www.westnet.com/change_passwd.html\">
try again</A> ?<p>\n";
&show_tag;
exit 0;
}


sub show_tag {
	open(IN,"/disk2/www/customer_tag.html");
	while(<IN>) {print $_;}
	close IN;
}


#**********
# START_POPPASSD -- Open poppassd connection to user server
#**********
sub start_poppassd {
  local($name)=@_;

  $SIG{'INT'}='dokill';

  $sockaddr='Sna4x8';
  chop($hostname=`hostname`);

  ($n,$aliases,$proto)=getprotobyname('tcp');
  ($n,$aliases,$port)=getservbyname('poppassd','tcp');
  ($n,$aliases,$type,$len,$thisaddr)=gethostbyname($hostname);
  $_ = $name;
  if (/^\d+\.\d+\.\d+\.\d+$/) {
    $thataddr = pack('cccc',split(/\./,$name));
  } else {
    ($n,$aliases,$type,$len,$thataddr)=gethostbyname($name);
  }
  $this=pack($sockaddr,&AF_INET,0,$thisaddr);
  $that=pack($sockaddr,&AF_INET,$port,$thataddr);

  socket(PASSD,&PF_INET,&SOCK_STREAM,$proto) || die "socket: $!";
  bind(PASSD,$this) || die "bind: $!";
  connect(PASSD,$that) || die "connect: $!";

  select(PASSD); $|=1;
  select(STDIN); $|=1;
  select(STDOUT); $|=1;
}

