Chapter 8. Changing the passwords

The last part of the admin-site for now is making the user able to change his or her own passwords.

I have chosen to do this in the subdirectory /system on the admin site, which we password protected earlier. It is expected that if You get to that point, then You have successfully authenticated Yourself, and should be allowed to change Your passwords.

There is no ready made tools for this, so I have made some pages to do this task.

A short summary of what has been done:

Actually all three tasks are done in two (2) pages. enter_passwords.php4 and change_passwords.php4 . The first is a form that asks which passwords is to be changed and what the new password should be. The second is the page that actually does the job.

Both pages use the validation system we set up earlier, and the include file is the same as for the validation system...

So first we have the enter_passwords.php4 script:


<?
session_start();
if (!session_is_registered("SESSION")) {
	header("Location: /system/error.php4?error=2");
	exit();
}
?>
<html>
<head>
<title>&AElig;ndre passwords</title>
</head>
<body>
<h3>Hej <? echo $SESSION_UNAME; ?></h3>
<hr>
Her kan du &aelig;ndre dine passwords<br>
<br>
<form name="change_passwords"
      action="change_passwords.php4"
      method="post"
>
<table border="1" cellpadding="5">
<tr>
<td>V&aelig;lg hvilke password(s)<br>du vil skifte</td>
<td>
<input type="checkbox" name="c_system">System password<br>
<input type="checkbox" name="c_postgres">Postgres password<br>
<input type="checkbox" name="c_mysql">MySQL password<br>
</td>
</tr>
<tr>
<td>Nyt password</td>
<td><input type="password" name="new_password"><br>
</tr>
<tr>
<td>Gentag password</td>
<td>
<input type="password" name="confirm_password">
</td>
</tr>
<tr>
<td colspan="2" align="center">
<input type="submit" value="Skift password(s)">
<input type="reset" value="Nulstil">
</td>
</table>
</form>
<a href="/system/logout.php4">Log ud</a>
</body>
</html>

Then we have the change_passwords.php4 script:


<?
session_start();
if (!session_is_registered("SESSION")) {
	header("Location: /system/error.php4?error=2");
	exit();
}

include("functions.inc")
?>
<html>
<head><title>Skifte passwords</title></head>
<body>
<h3>Hej <? echo $SESSION_UNAME; ?></h3>
<hr>
<?
function validate_input()
{
	$retval=true;
	if (empty($_POST["c_system"]) &&
	    empty($_POST["c_postgres"]) &&
	    empty($_POST["c_mysql"])) {
	    	echo "Du skal vælge mindst eet password der skal skiftes<br>\n";
		$retval=false;
	}
	if (empty($_POST["new_password"]) ||
	    empty($_POST["confirm_password"])) {
	    	echo "Tomt password accepteres ikke.<br>\n";
	    	$retval=false;
	}
	if ($_POST["new_password"] != $_POST["confirm_password"]) {
		echo "Password matcher ikke.<br>\n";
		$retval=false;
	}
	if (strlen($_POST["new_password"]) < 5 && $retval) {
		echo "Password skal være mindst 5 tegn langt<br>\n";
		$retval=false;
	}
	if (!$retval) {
		echo "Prøv igen<br>\n";
	}
	return($retval);
}
function change_system_pw($user, $pass)
{
	if (!empty($_POST["c_system"]) &&
	    $_POST["c_system"] == 'on' ) {
		echo "Skifter system password for $user<br>\n";
		$return_code = change_ldap_password($user, $pass);
		switch ($return_code) {
			case -6:
				$message = "Password skift fejlede.";
				break;
			case -5:
				$message = "Kan ikke skifte password.";
				break;
			case 1:
				$message = "Password skiftet.";
				break;
			default:
				$message = "$return_code: LDAP fejl.";
				break;
		}
		echo $message . "<br>\n";
	}
	return($return_code);
}

function change_postgres_pw($user, $pass)
{
	$return_code=-1;
	if (!empty($_POST["c_postgres"]) &&
	    $_POST["c_postgres"] == 'on' ) {
		echo "Skifter PostgreSQL password for $user<br>\n";
		$return_code = change_postgres_password($user, $pass);
		switch ($return_code) {
			case -6:
				$message = "Password skift fejlede.";
				break;
			case -5:
				$message = "Kan ikke skifte password.";
				break;
			case 1:
				$message = "Password skiftet.";
				break;
			default:
				$message = "$return_code: Postgres fejl.";
				break;
		}
		echo $message . "<br>\n";
	}
	return($return_code);
}
function change_mysql_pw($user, $pass)
{
	$return_code=-1;
	if (!empty($_POST["c_mysql"]) &&
	    $_POST["c_mysql"] == 'on' ) {
		echo "Skifter MySQL password for $user til $pass<br>\n";
		$return_code = change_mysql_password($user, $pass);
		switch ($return_code) {
			case -6:
				$message = "Password skift fejlede.";
				break;
			case -5:
				$message = "Kan ikke skifte password.";
				break;
			case 1:
				$message = "Password skiftet.";
				break;
			default:
				$message = "$return_code: MySQL fejl.";
				break;
		}
		echo $message . "<br>\n";
	}
	return($return_code);
}

if (validate_input()) {
  change_system_pw($SESSION_UNAME, $_POST["new_password"]);
  change_postgres_pw($SESSION_UNAME, $_POST["new_password"]);
  change_mysql_pw($SESSION_UNAME, $_POST["new_password"]);
}
echo "<hr>\n";
?>
<a href="/system/">Tilbage</a>&nbsp;|&nbsp;
<a href="/system/logout.php4">Log ud</a><br>
</body>
</html>

The admin site is now finished, but it could of course be enhanced in various functions and looks. Also the coding could probably be much better.

Tip

One thing to be aware of, is the fact that for each system changing password, there is a file with the admin password, which is readable by the admin site. These files are read in the functions.inc script, and should be updated if You change an admin password on either of the LDAP, PostgreSQL or MySQL subsystems.