#!/usr/bin/perl
use DBI;
use CGI::Carp qw(fatalsToBrowser);
print "Content-type:text/html\n\n";
$dbh = DBI->connect( "dbi:mysql:usertable", "usertable", "jutedi2") or
&dienice("Can't connect to db: ",$dbh->errstr);
read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
@pairs = split(/&/, $buffer);
@keys = ();
foreach $pair (@pairs) {
($name, $value) = split(/=/, $pair);
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
push(@keys, $name);
$FORM{$name} = $value;
}
$oldpass = $FORM{'oldpass'};
$newpass1 = $FORM{'newpass1'};
$newpass2 = $FORM{'newpass2'};
$username = $ENV{'REMOTE_USER'};
$sth = $dbh->prepare("select * from users where username = ?") or
&dienice("Can't select from table: ",$dbh->errmsg);
$sth->execute($username);
$hashref = $sth->fetchrow_hashref;
%uinfo = %{$hashref};
if (!(scalar %uinfo)) { # this really shouldn't ever happen...
&dienice("Can't find your username!?");
}
# now encrypt the old password and see if it matches what's in the database
if ($uinfo{password} ne crypt($oldpass,substr($uinfo{password},0,2)) ) {
&dienice("Your old password is incorrect. If you can't remember it, please use the reset password form instead.");
}
# a little redundant error checking to be sure they typed the same
# new password twice:
if ($newpass1 ne $newpass2) {
&dienice("You didn't type the same thing for both new password fields. Please check it and try again.");
}
# ok, everything checks out. Now we encrypt the new one:
$encpass = &encrypt($newpass1);
# now store it in the database...
$sth = $dbh->prepare("update users set password=? where username=?") or &dienice("Can't add data to user table: ",$dbh->errmsg);
$sth->execute($encpass, $username);
# we're not sending mail this time.
# Finally we print out a thank-you page telling the user what
# we've done.
print <Password Changed
Success!
Your password has been changed! Your new password is $newpass1.
Click Here to login again!