Access Denied -- Solution Scripts

#!/usr/bin/perl # # ####################################################### # Access Denied version 1.1 # # Created by: Solution Scripts # Email: solutions@solutionscripts.com # Web: http://solutionscripts.com # ####################################################### # # # COPYRIGHT NOTICE: # # Copyright 1999 Solution Scripts All Rights Reserved. # # This program is being distributed as freeware. It may be used and # modified free of charge, so long as this copyright notice, the header # above and all the footers in the program that give me credit remain # intact. Please also send me an email, and let me know # where you are using this script. # # By using this program you agree to indemnify Solution Scripts from any liability. # # Selling the code for this program without prior written consent is # expressly forbidden. Obtain permission before redistributing this # program over the Internet or in any other medium. In all cases # copyright and header must remain intact. # ###################################################### # # $protect{'Test 1'} = "/www/htdocs/vault/access_denied/.htpasswd"; $protect{'Test 2'} = "/www/htdocs/vault/access_denied/.htpasswd1"; # Full path password file ....... including file name # THATS ALL FOLKS.................. ######################################################## $thisurl = $ENV{'SCRIPT_NAME'}; $use_password = 0; read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'}); @pairs = split(/&/, $buffer); foreach $pair (@pairs) { ($name, $value) = split(/=/, $pair); $value =~ tr/+/ /; $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; if ($INPUT{$name}) { $INPUT{$name} = $INPUT{$name}.",".$value; } else { $INPUT{$name} = $value; } } @passset = ('a'..'z'); for ($i = 0; $i < 2; $i++) { $randum_num = int(rand($#passset + 1)); $salt .= @passset[$randum_num]; } print "Content-type: text/html \n\n"; &set_defaults; &Top; if ($INPUT{'add'}) { &add; } elsif ($INPUT{'remove'}) { &remove; } elsif ($INPUT{'newpass'}) { &newpass; } elsif ($INPUT{'delete_select'}) { &delete_select; } elsif ($INPUT{'delete_final'}) { &delete_final; } else { &admin; } exit; sub admin { open (PASSWORD, "password.html"); $password = ; close (PASSWORD); chop ($password); unless ($password || $use_password) { print""; print"

"; print"Before you can do anything else, "; print"you'll need to set your administrative password. "; print"This will allow you to use the administrative functions, "; print"

"; print"Please enter your desired password below. "; print"(Enter it twice.)

"; print""; &Bottom; exit; } print < EOF unless ($use_password) { print < EOF } print "

Add or remove logins
Login:		Select Dir:
Password:		Use rules:
Retype:

Enter Admin Password:

"; &Bottom; exit; } ##### SET NEW ADMIN PASSWORD #### sub newpass { unless ($INPUT{'passad'} eq $INPUT{'passad2'}) { print < Your administrative password was not set, as the two entries were different! EOF &Bottom; exit; } if ($INPUT{'passad'}) { $newpassword = crypt($INPUT{'passad'}, $salt); } else { print < You must enter a password! EOF &Bottom; exit; } unless ( -e "password.txt" ) { open (PASSWORD, ">password.txt")|| &error("Error setting Password");; print PASSWORD "$newpassword"; close (PASSWORD); } else { print < Error setting your admin password

A password.txt file was found in this dir.

Due to security reasons, it will not be overwritten. EOF &Bottom; exit; } print < Your administrative password has been set. EOF &admin; exit; } #### ADD A NEW PASSWORD #### sub add { &checkpassword; $err = ''; unless ($INPUT{'login'}) { $err .= "You have not entered a login, please go back an try again"; } unless ($INPUT{'pass'} eq $INPUT{'pass2'}) { $err .= "The two passwords you entered must be the same
\n"; } if ($INPUT{'rules'}) { if ($INPUT{'pass'} eq $INPUT{'login'}) { $err .= "The login and password can not be the same"; } @out = split(//,$INPUT{'login'}); $a=0; foreach $char (@out) { $a++; unless ($char =~ /[A-Za-z0-9]/) { $err .= "Invalid login character -- $char
"; } } if ($a < 3 || $a > 12) { $err .= "Login is too long or short
"; } @out = split(//,$INPUT{'pass'}); $a=0; foreach $char (@out) { $a++; unless ($char =~ /[A-Za-z0-9]/) { $err .= "Invalid Password character -- $char
"; } } if ($a < 5 || $a > 12) { $err .= "Password is too long or short
"; } } if ($err) { print < Error setting login/password

$err

To set the password as-is, be sure to uncheck the rules box. EOF &Bottom; exit; } $password = crypt($INPUT{'pass'}, $salt); open(LIST,"$protect{$INPUT{'dir'}}"); @addresses=; close(LIST); foreach $line(@addresses) { @login = split(/\:/,$line); if ($login[0] eq $INPUT{'login'}) { print < The login you entered, $INPUT{'login'} is already exists in the $INPUT{'dir'} directory, therefore was not set. EOF &Bottom; exit; } } open(LIST,">>$protect{$INPUT{'dir'}}") || &error("Unable to print to $protect{$INPUT{'dir'}}"); print LIST "$INPUT{'login'}:$password\n"; close(LIST); print < The login $INPUT{'login'} was successfully added to the $INPUT{'dir'} directory EOF &admin; exit; } #### REMOVE A PASSWORD #### sub remove{ &checkpassword; open(LIST,"$protect{$INPUT{'dir'}}"); @addresses=; close(LIST); open(LIST,">$protect{$INPUT{'dir'}}") || &error("Unable to write to $protect{$INPUT{'dir'}}"); $found=0; foreach $line (@addresses) { @login = split(/\:/,$line); if ($login[0] eq $INPUT{'loginn'}) { $found=1; } else { print LIST $line; } } close(LIST); if ($found) { print < The login $INPUT{'loginn'} has been removed from the $INPUT{'dir'} directory EOF &admin; exit; } else { print < The login $INPUT{'loginn'} has was not found in the $INPUT{'dir'} directory, therefore not removed EOF &admin; exit; } } #### DELETE MULTIPLE #### sub delete_select { &checkpassword; open(LIST,"$protect{$INPUT{'dir'}}") || &error("Can not open $protect{$INPUT{'dir'}} for reading"); @addresses=; close(LIST); @addresses = sort {$a cmp $b} @addresses; print < EOF &Bottom; exit; } #### DELETE MULITIPLEVLOGIN #### sub delete_final { &checkpassword; open(LIST,"$protect{$INPUT{'dir'}}")|| &error("Unable to open $protect{$INPUT{'dir'}}"); @addresses=; close(LIST); print < The following logins were deleted from the $INPUT{'dir'} directory

EOF @deleting = split(/\,/,$INPUT{'delete'}); foreach $line(@deleting) { @addresses = grep{ !(/$line/i) } @addresses; @login = split(/\:/,$line); print "$login[0]
"; } print < EOF open(LIST,">$protect{$INPUT{'dir'}}") || &error("Unable to write to $protect{$INPUT{'dir'}}"); print LIST @addresses; close(LIST); &admin; exit; } #### CHECK PASSWORD #### sub checkpassword { unless ($use_password) { open (PASSWORD, "password.txt") || &error("Unable to open password.txt"); $password = ; close (PASSWORD); if ($INPUT{'password'}) { $newpassword = crypt($INPUT{'password'}, $password); unless ($newpassword eq $password) { print < Wrong Password EOF &Bottom; exit; } } else { print < You must enter your admin password EOF &Bottom; exit; } } } #### PRINT TOP #### sub Top { print < Access Denied -- Solution Scripts

Access Denied

EOF } #### BOTTOM #### sub Bottom { print <

Acess Denied v1.1
Free from Solution Scripts

EOF } #### ERROR #### sub error{ $errors = $_[0] ; print < An error has occured

The error is: $errors

$!

If you are having troubles running Access Denied, please come visit http://solutionscripts.com where we have both a Help Forum and a F.A.Q. setup to help you get over your troubles. EOF &Bottom; exit; } #### SET DEFAULT COLORS ## sub set_defaults { $over_bg= "white"; $table_bg= "slateblue"; $table_head_bg= "MediumBlue"; $text_color= "black"; $link_color= "orange"; $text_table= "white"; $text_table_head= "white"; $text_highlight= "red"; $font_face= "$font_face"; $font_size= "2"; $alt1= "MediumSlateBlue"; $alt2= "SlateBlue"; }

"; print " -- $login[0]
EOF unless ($use_password) { print <Enter your admin password: EOF } print <