#! /usr/bin/perl
#
### Variables

# Password file with full system path .
$file = '/www/business/istug/.htpasswd';
$url ='http://istug.fast.net.uk/cgi-bin/control.cgi';

### End of Variables

# Create form and exit on GET
&make_form unless ($ENV{'REQUEST_METHOD'} eq "POST");

# Get POST input
read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});

# Split the name-value pairs
@pairs = split(/&/, $buffer);

foreach $pair (@pairs)
{
  ($name, $value) = split(/=/, $pair);

  $value =~ tr/+/ /;
  $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
  $name =~ tr/+/ /;
  $name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;

  $FORM{$name} = $value;
}

if ($FORM{user}) {
  $user = $FORM{user};
} else {
  &error("Error", "Username missing from form.");
}
$pwd = $FORM{old};
$command = $FORM{command};
unless (($command eq 'remove')
    ||($FORM{new} && $FORM{new} eq $FORM{new2})) {
  &error("Password Mismatch", "New password mismatch or missing.");
}

# Get existing passwords
if (-e $file) {
  open (IN, $file) or &error("Error", "Can't open password file: $!");
  flock(IN,2);
  seek(IN,0,0);
  while (<IN>) {
    chomp;
    ($name, $value, $tail) = split(/:/, $_, 3);
    $hash{$name} = $value;
    $tail{$name} = $tail;	# maintain any additional fields
  }
  close IN;
}

# Salt for crypt
@range = ('0'..'9','a'..'z','A'..'Z','.','/');
srand ( time() ^ ($$ + ($$ << 15)) );
$salt = $range[rand(int($#range)+1)] . $range[rand(int($#range)+1)];

# Check for valid password or existing user
$pass = $hash{$user} if $hash{$user};
$cpwd = crypt($pwd, $pass);
$admin = $hash{admin} && crypt($pwd, $hash{admin}) eq $hash{admin};

if (($command ne 'new') && ($admin || $pass && $cpwd eq $pass)) {
  if ($command eq 'remove') {
    delete($hash{$user}); delete($tail{$user});
    $msg = "User <B>$user</B> was removed from password file.<BR> Click <A HREF=$url>HERE</A> to return.";
  } elsif (!$pass) {
    $msg = "WARNING! 'Change Password' checked for non-existing user?\n"
    . "<P>Creating new user <B>$user</B>.\n"
    . "<P>If this was an error, go back and 'Remove User'<BR> Click <A HREF=$url>HERE</A> to return.";
  } else {
    $msg = "Password has been updated for $user.<BR> Click <A HREF=$url>HERE</A> to return.";
  }
} elsif ($FORM{command} eq 'new') {
  if ($pass) {
    &error("Sorry", "User <B>$user</B> is already assigned.<BR> Click <A HREF=$url>HERE</A> to return.");
  }elsif ($admin) {
    $msg = "Password has been assigned for new user $user.<BR> Click <A HREF=$url>HERE</A> to return.";
  } else {
    &begin_html("Sorry");
    print "Have you entered the admin password correctly ?.<BR> Click <A HREF=$url>HERE</A> to return.";
    &end_html;
    exit;
  }
} else {
  &error("Password Error", 
    "Invalid user or password or forgot to check 'New User'.<BR> Click <A HREF=$url>HERE</A> to return.");
}

# Assign new password to user and write to file
$hash{$user} = crypt($FORM{new}, $salt) if $command ne 'remove';
if (open(OUT, ">$file")) {
  flock(OUT,2);
  seek(OUT,0,0);
  foreach $name (sort keys %hash) {
    print OUT "$name:$hash{$name}";
    print OUT ":$tail{$name}" if $tail{$name};
    print OUT "\n";
  }
} else {
  &error("Error","Can't update password file: $!");
}

# Print Return HTML
&begin_html("Thank You");
print "$msg\n";
&end_html;

### Subroutines

#subroutine begin_html(title)
sub begin_html {
  local ($title) = @_;
  print "Content-type: text/html\n\n";
  print "<html><head><title>$title</title></head><body bgcolor=#ffffff>\n";
  print <<END;

<TABLE cellspacing="0" cellpadding="0" width="400">
<tr>
<td><img src="../images/logo.gif" border="0" vspace="8" hspace="15">
<td align="center" valign="bottom">
<font face="arial,helvetica" size=-1 color="#000000"><h4>User Administration</h4>
</td>
</TABLE>

END
}

#subroutine end_html
sub end_html {
# Add footer links here
  print "<P></body></html>\n";
}

#subroutine make_form
sub make_form {
  &begin_html("User Administration");

print <<NEW_FORM;

<CENTER>
<TABLE border="0" cellspacing="0" cellpadding="0" bgcolor="#dddddd">

<tr>
<td valign="center" bgcolor="#669966" width="200" colspan="5" height="20"><font face="arial,helvetica" size="-2" color="#ffffff">&nbsp <b> User and Password Control Form</b></td>

<tr>

<td bgcolor="#dddddd" width="20">&nbsp</td>



<td valign="top" bgcolor="#dddddd" width="200"><br>

<FORM METHOD="POST" ACTION="$ENV{SCRIPT_NAME}">

<DT><font face="arial,helvetica" size=-1 color="#000000"> <b>Request:</b><br><br>
 <DD>
  <INPUT TYPE="radio" NAME="command" VALUE="change" CHECKED> Change Password
 <DD>
  <INPUT TYPE="radio" NAME="command" VALUE="new"> New User
 <DD>
  <INPUT TYPE="radio" NAME="command" VALUE="remove"> Remove User
</DL>

</td>

<td bgcolor="#dddddd" width="80">&nbsp</td>


<td bgcolor="#dddddd">
<br>

<DL>
<DT><font face="arial,helvetica" size=-1 color="#000000"> <b>Username</b> for modification/creation: 
 <DD><INPUT NAME="user">

<DT> <b>Admin</b> Password: 
 <DD><INPUT TYPE=PASSWORD NAME="old">

<DT> <b>New</b> Password: 
 <DD><INPUT TYPE=PASSWORD NAME="new">

<DT> <b>Confirm</b> New Password: 
 <DD><INPUT TYPE=PASSWORD NAME="new2">

<p>&nbsp</p>


</td>

<td bgcolor="#dddddd" width="25">&nbsp</td>


<tr>
<td colspan="5" align="center" bgcolor="#ffffff"><br>

<P><INPUT TYPE="submit" VALUE=" Submit Request ">
</FORM>
</td>

</TABLE>
</CENTER>


NEW_FORM

		print '<CENTER><TABLE width="520" cellspacing="0" cellpadding="10" border=1>';
		open (USERS, "$file");
		print '<tr>';
		print '<td valign="center" bgcolor="#669966" colspan="3" ><font face="arial,helvetica" size="-2" color="#ffffff">&nbsp <b> CURRENT USERS ON SYSTEM</b></td>';
		print '</tr>';
		print '<tr><td>';
			while (<USERS>) {
				($username,$password) = split (/:/);
				print "$username";
				print '<br>';
			}
		close USERS;
		print '</td></tr>';
		print '</table>';

  &end_html;
  exit;
}

sub error {
  local($title,$msg) = @_;
  &begin_html($title);
  print "<P>$msg\n";
  print "<P>Please check your name and re-enter passwords.<BR> Click <A HREF=$url>HERE</A> to return.\n";
  &end_html;
  exit;
}