用 php 變更系統密碼

[yehlu]

http://serverfault.com/questions/150306 ... eb-browser

代碼: 選擇全部

<?php

$messages = array();

function change_password ($user, $currpwd, $newpwd) {

    // Open a handle to expect in write mode
    $p = popen('/usr/bin/expect','w');

    // Log conversation for verification
    $log = '/tmp/passwd_' . md5($user . time());
    $cmd .= "log_file -a \"$log\"; ";

    // Spawn a shell as $user
    $cmd .= "spawn /bin/su $user; ";
    $cmd .= "expect \"Password:\"; ";
    $cmd .= "send \"$currpwd\\r\"; ";
    $cmd .= "expect \"$user@\"; ";

    // Change the unix password
    $cmd .= "send \"/usr/bin/passwd\\r\"; ";
    $cmd .= "expect \"(current) UNIX password:\"; ";
    $cmd .= "send \"$currpwd\\r\"; ";
    $cmd .= "expect \"Enter new UNIX password:\"; ";
    $cmd .= "send \"$newpwd\\r\"; ";
    $cmd .= "expect \"Retype new UNIX password:\"; ";
    $cmd .= "send \"$newpwd\\r\"; ";
    $cmd .= "expect \"passwd: password updated successfully\"; ";

    // Commit the command to expect & close
    fwrite($p, $cmd); pclose ($p);

    // Read & delete the log
    $fp = fopen($log,r);
    $output = fread($fp, 2048);
    fclose($fp); unlink($log);
    $output = explode("\n",$output);

    return (trim($output[count($output)-2]) == 'passwd: password updated successfully') ? true : false;
}

function process_post() {

    if ((!isset($_SERVER['HTTP_REFERER'])) 
        || (strpos($_SERVER['HTTP_REFERER'], $_SERVER['SCRIPT_NAME']) === FALSE)) {

        echo "GO AWAY!";
        exit();
        return FALSE;

    }

    global $messages;

    $username           = trim($_POST['username']);
    $password_current   = trim($_POST['password_current']);
    $password_new       = trim($_POST['password_new']);
    $password_confirm   = trim($_POST['password_confirm']);

    // Check for blanks
    if ($username == '' || $password_current == '' || $password_new == '' || $password_confirm == '') {
        array_push(&$messages, "ERROR: You cannot leave any field empty.");
        return FALSE;
    }

    // Check username
    if (!ctype_alnum($username)) {
        array_push(&$messages, "ERROR: You've entered an invalid username.");
        return FALSE;
    }

    // Check to see if new password is correctly typed
    if ($password_new != $password_confirm) {       
        array_push(&$messages, "ERROR: New Password and Confirmation do not match.");
        return FALSE;
    }

    // Check if current password is valid (not really neccessary)
    if (!pam_auth($username, $password_current, &$error, FALSE)) {
        if (trim($error) == "Permission denied (in pam_authenticate)")
            array_push(&$messages, "ERROR: You've username/password was not accepted.");    
        else
            array_push(&$messages, "ERROR: " . $error);
        return FALSE;
    }

    if (change_password ($username, $password_current, $password_new))
        array_push(&$messages, "Password Successfully Changed");
    else 
        array_push(&$messages, "ERROR: Password change failed.");

}

if ($_SERVER['REQUEST_METHOD'] == 'POST') process_post();


?><html>
<head>


<title>Passwords</title>

<style type="text/css">

body {
    font-family: Verdana, Arial, sans-serif;
    font-size: 12px;
}

label {
    width: 150px;
    display: block;
    float: left;
}

input {
    float: left;
}

br {
    clear: both;
}

.message {
    font-size: 11px;
    font-weight: bold;
}

.error {
    color:#C00;
}


</style>

</head>


<body>

<h2>Change Passwords</h2>

<form action="<?= $_SERVER['SCRIPT_NAME'] ?>" method="post">

<fieldset>

<? if (count($messages) != 0) { 

    foreach ($messages as $message) { ?>

<p class="message<?= ((strpos($message, 'ERROR:') === FALSE) ? '' : ' error') ?>"><?= $message ?></p>

<? } } ?>

<label>Username: </label>
<input type="text" name="username" /><br />

<label>Current Password:</label>
<input type="password" name="password_current" /><br />

<label>New Password:</label>
<input type="password" name="password_new" /><br />

<label>Confirm Password:</label>
<input type="password" name="password_confirm" /><br />

<input type="reset" value="Reset" /> <input type="submit" value="Submit" />

</fieldset>


</form>


</body>
</html>

[yehlu]

代碼: 選擇全部

dpkg -i php5-dev_5.2.10.dfsg.1-2ubuntu6_amd64.deb
apt-get install re2c
apt-get install libpam0g-dev
pecl install pam

[yehlu]

Build process completed successfully
Installing '/usr/lib/php5/20060613/pam.so'
install ok: channel://pecl.php.net/pam-1.0.3
configuration option "php_ini" is not set to php.ini location
You should add "extension=pam.so" to php.ini


/etc/php5/apache2/conf.d/pam.ini
extension=pam.so

[yehlu]

http://stackoverflow.com/questions/303 ... 4#3067974

代碼: 選擇全部

cd /etc/pam.d
ln -s login /etc/pam.d/php
chmod g+r,o+r /etc/shadow
apt-get install expect
/etc/init.d/apache2 reload

[yehlu]

/var/log/auth.log

Dec 20 16:38:53 postest apache2: pam_smbpass(php:auth): Cannot access samba password database, not running as root.
Dec 20 16:38:53 postest su[16968]: pam_sm_authenticate: Called
Dec 20 16:38:53 postest su[16968]: pam_sm_authenticate: username = [xxxxx]
Dec 20 16:38:53 postest su[16968]: Successful su for xxxxx by www-data
Dec 20 16:38:53 postest su[16968]: + /dev/pts/1 www-data:xxxxx
Dec 20 16:38:53 postest su[16968]: pam_unix(su:session): session opened for user xxxxx by (uid=33)
Dec 20 16:38:53 postest passwd[16986]: pam_unix(passwd:chauthtok): password changed for xxxxx
Dec 20 16:38:54 postest passwd[16986]: pam_smbpass(passwd:chauthtok): password for (xxxxx/1002) changed by (xxxxx/1002)
Dec 20 16:38:54 postest passwd[16986]: Passphrase file wrapped
Dec 20 16:38:54 postest passwd[16987]: Error attempting to open [/home/xxxxx/.ecryptfs/wrapped-passphrase] for reading
Dec 20 16:38:54 postest passwd[16987]: Error attempting to unwrap passphrase; rc = [-5]
Dec 20 16:38:54 postest su[16968]: pam_unix(su:session): session closed for user xxxxx