-
Notifications
You must be signed in to change notification settings - Fork 11
/
changepass.html
124 lines (105 loc) · 2.6 KB
/
changepass.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
<%args>
$current => undef
$new1 => undef
$new2 => undef
</%args>
<%perl>
#print "<pre> $current, $new1, $new2\n</pre>";
if( ! defined($session{'userid'}) ) {
</%perl>
<font size="+3">
Bad User!
</font>
<p>You can't change your password if you're not logged in!</p>
<%perl>
<font size="+3">
} else {
unless( defined($new2) && defined($new1) && defined($current) ) {
</%perl>
<font size="+3">
<font size="+3">
Password Change
</font>
<hr />
<form method="post" action="changepass.html">
<%perl>
# reCaptcha Output form
# Public key
print $c->get_html_v2( '6Lf1RwAAAAAAANZIsJS0Ra-ycdARlCNMTzOkkC-v' );
</%perl>
<table>
<tr>
<td>Current Password</td>
<td><input name="current" type="password" size="80"></td>
</tr>
<tr>
<td>New Password</td>
<td><input name="new1" type="password" size="80"></td>
</tr>
<tr>
<td>New Password (Confirm)</td>
<td><input name="new2" type="password" size="80"></td>
</tr>
<tr>
<td><input type="submit"></td>
</tr>
</table>
</form>
<%perl>
# Check the form results (both of them)
} else {
# Verify ReCaptcha submission
my $result = $c->check_answer_v2(
# Private key
'6Lf1RwAAAAAAAP6IcWCSHjdtZ5yh1y2muHE7f1Zy', $recaptcha_response, $ENV{'REMOTE_ADDR'}
);
# Munge just like login.html
$current =~ y/A-Za-z/N-ZA-Mn-za-m/;
my $current_check = $dbh->selectrow_array("SELECT userid FROM
users WHERE username=? AND password=?", undef,
$session{'username'}, md5_hex($current));
#print "<pre> $current_check\n</pre>";
if ( $current_check && ($new1 eq $new2) ) {
</%perl>
<font size="+3">
Password Changed
</font>
<%perl>
# Munge it the same way the login form does
my $dbpassword = $new1;
$dbpassword =~ y/A-Za-z/N-ZA-Mn-za-m/;
$dbh->do("UPDATE users SET password = ? WHERE userid = ?",
undef,
md5_hex($dbpassword), $current_check );
} else {
if( $result->{is_valid} )
{
</%perl>
<font size="+3">
ReCaptcha correct, but input invalid, sorry. Try again. <pre><% Dumper($result) %>, <% $recaptcha_response %></pre>
</font>
<%perl>
} else {
</%perl>
<font size="+3">
ReCaptcha failed, sorry. Try again. <pre><% Dumper($result) %>, <% $recaptcha_response %></pre>
</font>
<%perl>
}
}
}
}
</%perl>
<%method title>
Password Change
</%method>
<%init>
our($dbh,%session);
use utils;
use Unicode::String;
use Digest::MD5 qw(md5_hex);
$r->content_type("text/html; charset=utf-8");
use Captcha::reCAPTCHA;
my $c = Captcha::reCAPTCHA->new;
my $recaptcha_response = $ARGS{'g-recaptcha-response'};
</%init>