1 |
dashley |
23 |
<?php |
2 |
|
|
if (!$STDNWPSTYLE_INCLUDED) |
3 |
|
|
{ |
4 |
|
|
include("stdnwpstyle.inc"); |
5 |
|
|
$STDNWPSTYLE_INCLUDED=1; |
6 |
|
|
} |
7 |
|
|
?> |
8 |
|
|
<?php |
9 |
|
|
//******************************************************************************** |
10 |
|
|
//Copyright (C) 2003 David T. Ashley |
11 |
|
|
//******************************************************************************** |
12 |
|
|
//This program or source file is free software; you can redistribute it and/or |
13 |
|
|
//modify it under the terms of the GNU General Public License as published by |
14 |
|
|
//the Free Software Foundation; either version 2 of the License, or (at your |
15 |
|
|
//option) any later version. |
16 |
|
|
// |
17 |
|
|
//This program or source file is distributed in the hope that it will |
18 |
|
|
//be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of |
19 |
|
|
//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
20 |
|
|
//GNU General Public License for more details. |
21 |
|
|
// |
22 |
|
|
//You may have received a copy of the GNU General Public License |
23 |
|
|
//along with this program; if not, write to the Free Software |
24 |
|
|
//Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
25 |
|
|
//******************************************************************************** |
26 |
|
|
// |
27 |
|
|
function do_header(&$style) |
28 |
|
|
{ |
29 |
|
|
$style->header_title("HTPASSWD-Style Hashed Password Generator", |
30 |
|
|
"<i>htpasswd</i>-Style Hashed Password Generator", |
31 |
|
|
""); |
32 |
|
|
echo "<p align=\"center\"><b><font size=\"3\">(This cgi-bin form generates password hashes which are \n"; |
33 |
|
|
echo "understood by the <i>Apache</i> web server in directory access files and also by \n"; |
34 |
|
|
echo "the <i>CVS</i> version control system when such entries are placed in the \n"; |
35 |
|
|
echo "<i>CVSROOT/passwd</i> file. The algorithm used is the standard DES algorithm with \n"; |
36 |
|
|
echo "randomly selected two-character salt. To use this password hash generator, \n"; |
37 |
|
|
echo "you must normally paste the output into an <i>Apache</i> directory access file or into \n"; |
38 |
|
|
echo "the <i>CVSROOT/passwd</i> file of a <i>CVS</i> repository.)</font></b></p>\n"; |
39 |
|
|
$style->hrule_std(); |
40 |
|
|
echo "<p align=\"center\"><font size=\"3\" color=\"#FF0000\"><b>WARNING:</b> The username and "; |
41 |
|
|
echo "password you choose are "; |
42 |
|
|
echo "transmitted over the network to the server unencrypted and can be intercepted. "; |
43 |
|
|
echo "Use this utility "; |
44 |
|
|
echo "at your own risk.</font></p>\n"; |
45 |
|
|
$style->hrule_std(); |
46 |
|
|
} |
47 |
|
|
|
48 |
|
|
function do_footer(&$style) |
49 |
|
|
{ |
50 |
|
|
$style->footer_std(); |
51 |
|
|
} |
52 |
|
|
|
53 |
|
|
function do_form($Buttontext) |
54 |
|
|
{ |
55 |
|
|
echo "<form method=post action=\"htpasswd_gen.php\" width=\"100%\">\n"; |
56 |
|
|
echo "<table align=\"center\">\n"; |
57 |
|
|
echo "<tr>\n"; |
58 |
|
|
echo " <td width=\"10%\">\n"; |
59 |
|
|
echo " <p align=\"right\"><b>Username</b> (required):</td>\n"; |
60 |
|
|
echo " <td width=\"12%\"><p align=\"left\"><input type=\"text\" name=\"Username\" size=\"30\"></p></td>\n"; |
61 |
|
|
echo " </tr>\n"; |
62 |
|
|
echo " <tr>\n"; |
63 |
|
|
echo " <td width=\"10%\">\n"; |
64 |
|
|
echo " <p align=\"right\"><b>Password</b> (required):</td>\n"; |
65 |
|
|
echo " <td width=\"12%\"><p align=\"left\"><input type=\"Password\" name=\"Password\" size=\"30\"></p></td>\n"; |
66 |
|
|
echo " </tr>\n"; |
67 |
|
|
echo " <tr>\n"; |
68 |
|
|
echo " <td width=\"20%\" colspan=\"2\">\n"; |
69 |
|
|
echo " <p align=\"center\"><input type=\"submit\" value=\""; |
70 |
|
|
echo $Buttontext; |
71 |
|
|
echo "\" name=\"B1\" style=\"margin-top: 12\"></td>\n"; |
72 |
|
|
echo " </tr>\n"; |
73 |
|
|
echo "</table>\n"; |
74 |
|
|
echo "</form>\n"; |
75 |
|
|
} |
76 |
|
|
|
77 |
|
|
function do_err_msg($Err_msg) |
78 |
|
|
{ |
79 |
|
|
echo "<p align=\"center\"><b><font color=\"#FF0000\">"; |
80 |
|
|
echo $Err_msg; |
81 |
|
|
echo "</font></b></p>\n"; |
82 |
|
|
} |
83 |
|
|
|
84 |
|
|
function random_salt() |
85 |
|
|
{ |
86 |
|
|
//There are 64 possible values for each salt character, a-z, A-Z, 0-9, ., and /. |
87 |
|
|
//Can easily generate a suitably random value. |
88 |
|
|
$Matchstring = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./"; |
89 |
|
|
$Rand1 = rand(0,63); |
90 |
|
|
$Rand2 = rand(0,63); |
91 |
|
|
return(Substr($Matchstring, $Rand1, 1) . Substr($Matchstring, $Rand2, 1)); |
92 |
|
|
} |
93 |
|
|
|
94 |
|
|
//Main script begins here. |
95 |
|
|
// |
96 |
|
|
// |
97 |
|
|
$style = new Stdnwpstyle; |
98 |
|
|
//Assign the current style in force. Also, starts the CPU |
99 |
|
|
//usage clock. |
100 |
|
|
|
101 |
|
|
//Do the header unconditionally. The header is always used on this page. |
102 |
|
|
do_header($style); |
103 |
|
|
// |
104 |
|
|
//Load up a few variables based on what username and password values were supplied. |
105 |
|
|
if (isset($Username) && isset($Password)) |
106 |
|
|
{ |
107 |
|
|
$Usernamelen = strlen($Username); |
108 |
|
|
$Usernamevalid = 1; |
109 |
|
|
for ($i=0; $i<$Usernamelen; $i++) |
110 |
|
|
{ |
111 |
|
|
$Curchar = Substr($Username, $i, 1); |
112 |
|
|
$Ord = ord($Curchar); |
113 |
|
|
if (! |
114 |
|
|
( |
115 |
|
|
($Ord >= ord("A") && $Ord <= ord("Z")) |
116 |
|
|
|| |
117 |
|
|
($Ord >= ord("a") && $Ord <= ord("z")) |
118 |
|
|
|| |
119 |
|
|
($Ord >= ord("0") && $Ord <= ord("9")) |
120 |
|
|
) |
121 |
|
|
) |
122 |
|
|
{ |
123 |
|
|
$Usernamevalid = 0; |
124 |
|
|
} |
125 |
|
|
} |
126 |
|
|
|
127 |
|
|
$Passwordlen = strlen($Password); |
128 |
|
|
$Passwordvalid = 1; |
129 |
|
|
for ($i=0; $i<$Passwordlen; $i++) |
130 |
|
|
{ |
131 |
|
|
$Curchar = Substr($Password, $i, 1); |
132 |
|
|
$Ord = ord($Curchar); |
133 |
|
|
if (! |
134 |
|
|
( |
135 |
|
|
($Ord >= ord("A") && $Ord <= ord("Z")) |
136 |
|
|
|| |
137 |
|
|
($Ord >= ord("a") && $Ord <= ord("z")) |
138 |
|
|
|| |
139 |
|
|
($Ord >= ord("0") && $Ord <= ord("9")) |
140 |
|
|
|| |
141 |
|
|
($Ord == ord("/")) |
142 |
|
|
|| |
143 |
|
|
($Ord == ord(".")) |
144 |
|
|
) |
145 |
|
|
) |
146 |
|
|
{ |
147 |
|
|
$Passwordvalid = 0; |
148 |
|
|
} |
149 |
|
|
} |
150 |
|
|
|
151 |
|
|
} |
152 |
|
|
// |
153 |
|
|
//There are a few cases to break into here, and this affects the overall layout of the page. |
154 |
|
|
//The header and footer are fixed, but the "guts" will change. |
155 |
|
|
if (!isset($Username) || !isset($Password)) |
156 |
|
|
{ |
157 |
|
|
//In this case, we are probably visiting the form for the first time, and have not done a submit. |
158 |
|
|
//Just display the form itself. |
159 |
|
|
do_form("Click To Generate Hashed Password"); |
160 |
|
|
} |
161 |
|
|
elseif ($Usernamelen < 1 || !$Usernamevalid) |
162 |
|
|
{ |
163 |
|
|
//The user name is suspicious. Must flag it. |
164 |
|
|
do_err_msg("The <i>Username</i> you supplied is not valid. User names must contain at least one character and may consist only of lower-case and upper-case letters and digits. Please try again."); |
165 |
|
|
$style->hrule_std(); |
166 |
|
|
do_form("Click To Generate Hashed Password"); |
167 |
|
|
} |
168 |
|
|
elseif ($Passwordlen < 2 || !$Passwordvalid) |
169 |
|
|
{ |
170 |
|
|
//The password is suspicious. Must flag it. |
171 |
|
|
do_err_msg("The <i>Password</i> you supplied is not valid. Passwords must contain at least two characters and may consist only of lower-case and upper-case letters and digits and the \"/\" and \".\" characters. Please try again."); |
172 |
|
|
$style->hrule_std(); |
173 |
|
|
do_form("Click To Generate Hashed Password"); |
174 |
|
|
} |
175 |
|
|
else |
176 |
|
|
{ |
177 |
|
|
//Username and password seem within minimums. Should be clear to generate hashed password. |
178 |
|
|
$Hashedpwd = crypt($Password, random_salt()); |
179 |
|
|
echo "<p align=\"left\">The hashed username/password is:</p>\n"; |
180 |
|
|
echo "<p align=\"left\"><font size=\"5\"> <b>"; |
181 |
|
|
echo $Username; |
182 |
|
|
echo ":"; |
183 |
|
|
echo $Hashedpwd; |
184 |
|
|
echo "</b></font></p>\n"; |
185 |
|
|
echo "<p align=\"left\">You may paste this value directly into an <i>Apache</i> directory \n"; |
186 |
|
|
echo "access file or <i>CVS</i> <i>CVSROOT/passwd</i> file. Note that if the period (\".\") \n"; |
187 |
|
|
echo "character or other punctuation appears as the last character(s) of the hash above, \n"; |
188 |
|
|
echo "it <i>is</i> part of the hash and \n"; |
189 |
|
|
echo "must be included when copying and pasting.</p>\n"; |
190 |
|
|
$style->hrule_std(); |
191 |
|
|
do_form("Click To Generate Another Hashed Password"); |
192 |
|
|
} |
193 |
|
|
|
194 |
|
|
//Now do the footer unconditionally. The footer is always used on this web page. |
195 |
|
|
do_footer($style); |
196 |
|
|
?> |