From fb2365425be9683163cc06c5e364e28cbf637627 Mon Sep 17 00:00:00 2001 From: John Klug Date: Wed, 27 Nov 2019 14:11:35 -0600 Subject: Improve spacing of error messages --- www/pages/index.php | 199 ++++++++++++++++++++++++++++++++-------------------- 1 file changed, 123 insertions(+), 76 deletions(-) diff --git a/www/pages/index.php b/www/pages/index.php index 4a9d6b1..c338424 100644 --- a/www/pages/index.php +++ b/www/pages/index.php @@ -18,13 +18,33 @@ $pwdscore = ""; $status = 0; $save_password = ""; $reset = ""; - +$userok = 0; // Define variables and initialize with empty values $username = $password = $save_password = ""; $username_err = $password_err = $confirm_password_err = ""; openlog("Commission:", LOG_PID | LOG_PERROR, LOG_LOCAL0); - + +// uid number must be 1000 or larger. +function chk_username($userid) { + $cmd = "/usr/bin/id -u " . $userid . " 2>/dev/null"; + syslog(LOG_ALERT, "/usr/bin/id cmd: $cmd"); + $handle = popen($cmd, 'r'); + $result = trim(fread($handle, 4192)); + $status = pclose($handle); + + if ((strlen($result) > 0) && ($status == 0)) { + $uid = intval($result,10); + syslog(LOG_ALERT, "id uid: $uid"); + } else { + syslog(LOG_ALERT, "id uid: failure"); + $uid = -1; + } + return $uid; +} + + + // Processing form data when form is submitted if($_SERVER["REQUEST_METHOD"] == "POST"){ $mismatch = 1; // We have two different passwords @@ -36,85 +56,108 @@ if($_SERVER["REQUEST_METHOD"] == "POST"){ $reset = ""; $username = $password = $save_password = ""; $username_err = $password_err = $confirm_password_err = ""; - } else { - $save_password = trim($_POST["save_password"]); + goto err_exit; + } - syslog(LOG_ALERT, "Enter post: save_password = $save_password"); + $save_password = trim($_POST["save_password"]); - // Validate username - if(empty(trim($_POST["username"]))){ - $username_err = "Please enter a username."; - } else - $username = trim($_POST["username"]); - // Validate password - if(empty(trim($_POST["password"]))){ - $password_err = "Please enter a password."; + + syslog(LOG_ALERT, "Enter post: save_password = $save_password"); + + // Validate username + if(strlen(trim($_POST["username"])) == 0){ + $username_err = "Please enter a username."; + } else { + $username = trim($_POST["username"]); + syslog(LOG_ALERT, "Enter username check: $username"); + $id = chk_username($username); + syslog(LOG_ALERT, "after username check: chk_username $id"); + if ($id > -1 && $id < 1000) { + $username_err = "User-id is in use by the system -- chose another"; + } + } + + // Validate password + if(strlen(trim($_POST["password"])) == 0){ + $password_err = "Please enter a password."; + $mismatch = 0; + } else { + $password = trim($_POST["password"]); + if (strlen($save_password) == 0) { $mismatch = 0; - } else { - $password = trim($_POST["password"]); - if (empty($save_password)) { - $mismatch = 0; - $cmd = "echo '" . $password . "' | /usr/bin/pwscore 2>&1"; - $handle = popen($cmd, 'r'); - $result = fread($handle,4192); - if (pclose($handle) === 0) { - $pwdscore = "Password score: " . $result; - $save_password = $password; - $password = ""; - $conftxt = "Re-Enter"; - } else { - $conftxt = "Re-Enter"; - $password_err = $result . - ". Confirm password if you really want this." . - " Click reset to start again"; - $save_password = $password; - $password = ""; - syslog(LOG_ALERT, "Need password confirmation"); - } - syslog(LOG_ALERT, "pwscore: score: $pwdscore msg = $password_err"); + $cmd = "echo '" . $password . "' | /usr/bin/pwscore 2>&1"; + $handle = popen($cmd, 'r'); + $result = trim(fread($handle,4192)); + if (pclose($handle) === 0) { + $pwdscore = "Password score: " . $result; + $save_password = $password; + $password = ""; + $conftxt = "Re-Enter"; + } else { + $conftxt = "Re-Enter"; + $password_err = $result . + ". Confirm password if you really want this." . + " Click reset to start again"; + $save_password = $password; + $password = ""; + syslog(LOG_ALERT, "Need password confirmation"); } + syslog(LOG_ALERT, "pwscore: score: $pwdscore msg = $password_err"); } + } - if (!empty($password) && ($password === $save_password) && ! empty($username)) { - syslog(LOG_ALERT, "Have password: $password username: $password"); - if(empty($username_err) && empty($password_err) && empty($confirm_password_err)){ - // Create user in sudo group - $cmd = "/usr/sbin/useradd -U -m -G sudo,dialout,disk -s /bin/bash " . $username . " 2>&1"; - syslog(LOG_ALERT, "useradd cmd: $cmd"); - $handle = popen($cmd, 'r'); - $result = trim(fread($handle, 4192)); - $status = pclose($handle); - syslog(LOG_ALERT, "useradd: status: $status result: $result"); - $tmpfile = tempnam("/var/volatile/tmp","commission"); - $cmd = "/usr/bin/passwd " . $username . " 2>&1 >$tmpfile"; - $handle = popen($cmd, 'w'); - $pwdtxt = $password . "\n" . $password; - fwrite($handle, $pwdtxt); - $status = pclose($handle); - $cmd = "/bin/cat $tmpfile"; - $handle = popen($cmd, 'r'); - $result2 = trim(fread($handle, 4192)); - $status2 = pclose($handle); - syslog(LOG_ALERT, "passwd: status: $status result: $result"); - if ($status === 0) { - $finished = "Commissioning Complete"; - $password_err = $result2; - $username_err = $result; - } else { - $finished = "Errors: " . $result; - $save_password = ""; - $password = ""; - $password_err = $result2; - $username_err = $result; - } + if ((strlen($password) != 0) && ($password === $save_password) && (strlen($username) != 0)) { + syslog(LOG_ALERT, "Have password: $password username: $password"); + if((strlen($username_err) == 0) && (strlen($password_err) == 0) && (strlen($confirm_password_err) == 0)){ + // Create user in sudo group + $cmd = "/usr/sbin/useradd -U -m -G sudo,dialout,disk -s /bin/bash " . $username . " 2>&1"; + syslog(LOG_ALERT, "useradd cmd: $cmd"); + $handle = popen($cmd, 'r'); + $username_err = trim(fread($handle, 4192)); + $status = pclose($handle); + syslog(LOG_ALERT, "useradd: status: $status result: $result"); + $uid = chk_username($username); + $cmd = "/usr/bin/id " . $username . " 2>/dev/null"; + if (! ($uid > 999)) { + syslog(LOG_ALERT, "useradd: system user-id cannot be chosen: $username uid: $uid"); + $username_err = "useradd: system user-id cannot be chosen: $username uid: $uid"; + $username = ""; + $save_password = ""; + $password = ""; + goto err_exit; + } // Must have uid > 999 + $tmpfile = tempnam("/var/volatile/tmp","commission"); + $cmd = "/usr/bin/passwd " . $username . " 2>&1 >$tmpfile"; + $handle = popen($cmd, 'w'); + $pwdtxt = $password . "\n" . $password; + fwrite($handle, $pwdtxt); + $status = pclose($handle); + $cmd = "/bin/cat $tmpfile"; + $handle = popen($cmd, 'r'); + $result2 = trim(fread($handle, 4192)); + $status2 = pclose($handle); + syslog(LOG_ALERT, "passwd: status: $status result: $result"); + if ($status === 0) { + $finished = "Commissioning Complete"; + $password_err = $result2; + $username_err = $result; + } else { + $finished = "Errors: " . $result; + $save_password = ""; + $password = ""; + $password_err = $result2; + $username_err = $result; } - } else if ($mismatch === 1) { - $save_password = ""; - $password = ""; - $password_err = "Mismatch"; - } - syslog(LOG_ALERT, "Leave post: save_password = $save_password"); + } // Create user, set password + } else if ($mismatch === 1) { + $save_password = ""; + $password = ""; + $password_err = "Mismatch"; } + syslog(LOG_ALERT, "Leave post: save_password = $save_password"); + + err_exit: + // Is there another way to return and leave the web form in good shape? } ?> @@ -126,7 +169,7 @@ if($_SERVER["REQUEST_METHOD"] == "POST"){ @@ -148,15 +191,19 @@ if($_SERVER["REQUEST_METHOD"] == "POST"){
" method="post"> -
+
+

+

-
+
+

+

-- cgit v1.2.3