diff options
| author | John Klug <john.klug@multitech.com> | 2019-11-27 11:13:23 -0600 |
|---|---|---|
| committer | John Klug <john.klug@multitech.com> | 2019-11-27 11:13:23 -0600 |
| commit | 6420e7fbbf3a1020fb75f222b21d38e522e7b67c (patch) | |
| tree | 07a78483d34b254aecf8205a2b5f9fb6c9fa2598 /www | |
| parent | 9d3728f5eac745fe66937aec98969d316ad9ad81 (diff) | |
| download | commissioning-6420e7fbbf3a1020fb75f222b21d38e522e7b67c.tar.gz commissioning-6420e7fbbf3a1020fb75f222b21d38e522e7b67c.tar.bz2 commissioning-6420e7fbbf3a1020fb75f222b21d38e522e7b67c.zip | |
Fix passwd command execution
Diffstat (limited to 'www')
| -rw-r--r-- | www/pages/index.php | 147 |
1 files changed, 90 insertions, 57 deletions
diff --git a/www/pages/index.php b/www/pages/index.php index 3dcb684..4a9d6b1 100644 --- a/www/pages/index.php +++ b/www/pages/index.php @@ -1,6 +1,9 @@ <?php -// Include config file - +/*! + * Bootstrap v3.3.7 (http://getbootstrap.com) + * Copyright 2019 Multi-Tech, Inc. + * Licensed under MIT + */ $cmd = "/usr/sbin/mts-io-sysfs show product-id"; $handle = popen($cmd, 'r'); $product = fread($handle,4192); @@ -14,74 +17,104 @@ $finished = ""; $pwdscore = ""; $status = 0; $save_password = ""; +$reset = ""; // Define variables and initialize with empty values $username = $password = $save_password = ""; $username_err = $password_err = $confirm_password_err = ""; -openlog("Commision:", LOG_PID | LOG_PERROR, LOG_LOCAL0); +openlog("Commission:", LOG_PID | LOG_PERROR, LOG_LOCAL0); // Processing form data when form is submitted if($_SERVER["REQUEST_METHOD"] == "POST"){ $mismatch = 1; // We have two different passwords - - $save_password = trim($_POST["save_password"]); - - syslog(LOG_ALERT, "Enter post: save_password = $save_password"); - // Validate username - if(empty(trim($_POST["username"]))){ - $username_err = "Please enter a username."; - } else - $username = trim($_POST["username"]); - // Validate password - if(empty(trim($_POST["password"]))){ - $password_err = "Please enter a password."; - $mismatch = 0; + $reset = trim($_POST["reset"]); + syslog(LOG_ALERT, "Reset: $reset"); + if ($reset === "Reset") { + $save_password = ""; + $reset = ""; + $username = $password = $save_password = ""; + $username_err = $password_err = $confirm_password_err = ""; } else { - $password = trim($_POST["password"]); - if (empty($save_password)) { + $save_password = trim($_POST["save_password"]); + + syslog(LOG_ALERT, "Enter post: save_password = $save_password"); + + // Validate username + if(empty(trim($_POST["username"]))){ + $username_err = "Please enter a username."; + } else + $username = trim($_POST["username"]); + // Validate password + if(empty(trim($_POST["password"]))){ + $password_err = "Please enter a password."; $mismatch = 0; - $cmd = "echo '" . $password . "' | /usr/bin/pwscore"; - $handle = popen($cmd, 'r'); - $result = fread($handle,4192); - if (pclose($handle) === 0) { - $pwdscore = "Password score: " . $result; - $save_password = $password; - $password = ""; - $conftxt = "Re-Enter"; - } else { - $password_err = $result; - $password = ""; - syslog(LOG_ALERT, "Need password confirmation"); + } else { + $password = trim($_POST["password"]); + if (empty($save_password)) { + $mismatch = 0; + $cmd = "echo '" . $password . "' | /usr/bin/pwscore 2>&1"; + $handle = popen($cmd, 'r'); + $result = fread($handle,4192); + if (pclose($handle) === 0) { + $pwdscore = "Password score: " . $result; + $save_password = $password; + $password = ""; + $conftxt = "Re-Enter"; + } else { + $conftxt = "Re-Enter"; + $password_err = $result . + ". Confirm password if you really want this." . + " Click reset to start again"; + $save_password = $password; + $password = ""; + syslog(LOG_ALERT, "Need password confirmation"); + } + syslog(LOG_ALERT, "pwscore: score: $pwdscore msg = $password_err"); } - syslog(LOG_ALERT, "pwscore: score: $pwdscore msg = $password_err"); } - } - - if (!empty($password) && ($password === $save_password) && ! empty($username)) { - syslog(LOG_ALERT, "Have password: $password username: $password"); - if(empty($username_err) && empty($password_err) && empty($confirm_password_err)){ - // Create user in sudo group - $cmd = "/usr/sbin/useradd -U -m -G sudo,dialout,disk -s /bin/bash " . $username . " 2>&1"; - syslog(LOG_ALERT, "useradd cmd: $cmd"); - $handle = popen($cmd, 'r'); - $result = fread($handle, 4192); - $status = pclose($handle); - syslog(LOG_ALERT, "useradd: status: $status result: $result"); - $cmd = "/usr/bin/passwd" . $username . " 2>&1"; - $handle = popen($cmd, 'r'); - $pwdtxt = $password . "\n" . $password; - $result = fwrite($handle, $pwdtxt); - pclose($handle); - syslog(LOG_ALERT, "passwd: status: $status result: $result"); - $finished = "Commisioning Complete"; + + if (!empty($password) && ($password === $save_password) && ! empty($username)) { + syslog(LOG_ALERT, "Have password: $password username: $password"); + if(empty($username_err) && empty($password_err) && empty($confirm_password_err)){ + // Create user in sudo group + $cmd = "/usr/sbin/useradd -U -m -G sudo,dialout,disk -s /bin/bash " . $username . " 2>&1"; + syslog(LOG_ALERT, "useradd cmd: $cmd"); + $handle = popen($cmd, 'r'); + $result = trim(fread($handle, 4192)); + $status = pclose($handle); + syslog(LOG_ALERT, "useradd: status: $status result: $result"); + $tmpfile = tempnam("/var/volatile/tmp","commission"); + $cmd = "/usr/bin/passwd " . $username . " 2>&1 >$tmpfile"; + $handle = popen($cmd, 'w'); + $pwdtxt = $password . "\n" . $password; + fwrite($handle, $pwdtxt); + $status = pclose($handle); + $cmd = "/bin/cat $tmpfile"; + $handle = popen($cmd, 'r'); + $result2 = trim(fread($handle, 4192)); + $status2 = pclose($handle); + syslog(LOG_ALERT, "passwd: status: $status result: $result"); + if ($status === 0) { + $finished = "Commissioning Complete"; + $password_err = $result2; + $username_err = $result; + } else { + $finished = "Errors: " . $result; + $save_password = ""; + $password = ""; + $password_err = $result2; + $username_err = $result; + } + } + } else if ($mismatch === 1) { + $save_password = ""; + $password = ""; + $password_err = "Mismatch"; } - } else if ($mismatch === 1) { - $save_password = ""; - $password_err = "Mismatch"; + syslog(LOG_ALERT, "Leave post: save_password = $save_password"); } - syslog(LOG_ALERT, "Leave post: save_password = $save_password"); } ?> @@ -89,7 +122,7 @@ if($_SERVER["REQUEST_METHOD"] == "POST"){ <html lang="en"> <head> <meta charset="UTF-8"> - <title>Commision Multi-Tech mLinux</title> + <title>Commission Multi-Tech mLinux</title> <link rel="stylesheet" href="http://127.0.0.1/css/bootstrap.css"> <style type="text/css"> body{ font: 14px sans-serif; } @@ -98,7 +131,7 @@ if($_SERVER["REQUEST_METHOD"] == "POST"){ </head> <body> <div class="wrapper"> - <h2>Commision Multi-Tech mLinux</h2> + <h2>Commission Multi-Tech mLinux</h2> <p><label><?php echo $finished; ?></label></p> Product-ID: @@ -128,7 +161,7 @@ if($_SERVER["REQUEST_METHOD"] == "POST"){ <p><label><?php echo $pwdscore; ?></label></p> <div class="form-group"> <input type="submit" class="btn btn-primary" value="Submit"> - <input type="reset" class="btn btn-default" value="Reset"> + <input type="submit" name = "reset" class="btn btn-default" value="Reset"> </div> </form> </div> |