Tengo una pagina en la que he pienso otrogar algunas direcciones de correo, y permitir que los usuarios cambien sus claves.
Obviamente no es posible dejarlos acceder al Cpanel para hacer esa modificación.
Así que buscando un poco encontré un código que permite modificar las contraseñas desde PHP.
El codigo en cuestión es este:
delphi
<?php $message = ""; $found = $valid = false; if ($_POST['username'] != "") { $domain_pos = strpos($_POST['username'], "@"); if ($domain_pos === false) { $username = $_POST['username']; $domain = $_POST['domain']; } else { $username = substr($_POST['username'], 0, $domain_pos); $domain = substr($_POST['username'], $domain_pos + 1); } $current_password = $_POST['current_password']; $new_password1 = $_POST['new_password1']; $new_password2 = $_POST['new_password2']; $root = $_SERVER['DOCUMENT_ROOT']; $path_elements = explode('/', $root); $root = "/{$path_elements[1]}/{$path_elements[2]}"; // for bluehost, extracts homedir ex: /homeN/blueuser may work with other hosts? $shadow_file = "$root/etc/$domain/shadow"; // check if the shadow file exists. if not, either an invalid // domain was entered or this may not be a bluehost account...? if (file_exists($shadow_file)) { // compare the new passwords entered to ensure they match. if ($new_password1 == $new_password2) { if (trim($new_password1) != "") { // get the contents of the shadow file. $shadow = file_get_contents($shadow_file); $lines = explode("\n", $shadow); // go through each line of shadow file, looking for username entered. for ($i = 0; $i < count($lines); $i++) { $elements = explode(":", $lines[$i]); // found the user... if ($elements[0] == $username) { $found = true; $passwd = explode("$", $elements[1]); $salt = $passwd[2]; // get the salt currently used // crypt the "Current Password" entered by user. Can use either builtin // php crypt function or command line openssl command. if (CRYPT_MD5 == 1) { // indicates whether or not the crypt command supports MD5. $current = crypt($current_password, '$1$'.$salt.'$'); } else { $current = trim(`openssl passwd -1 -salt "$salt" "$current_password"`); } // check if the current password entered by the user // matches the password in the shadow file. $valid = ($current == $elements[1]); if ($valid) { // if they match then crypt the new password using the same salt // and modify the line in the shadow file with the new hashed password if (CRYPT_MD5 == 1) { $new = crypt($new_password1, '$1$'.$salt.'$'); } else { $new = trim(`openssl passwd -1 -salt "$salt" "$new_password1"`); } $elements[1] = $new; $lines[$i] = implode(":", $elements); } break; } } if (!$found) { $message = "The username you entered is not valid."; } else if (!$valid) { $message = "The password you entered is not valid."; } else { // write the new contents of the shadow back to the shadow file. $shadow = implode("\n", $lines); file_put_contents($shadow_file, $shadow); $message = 'Your password has been updated.'; } } else { $message = "Your password cannot be blank."; } } else { $message = "Both new passwords must match."; } } else { $message = "The domain you entered is not valid."; } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="content-type" content="text/html; charset=UTF-8" /> <title>Change Password</title> </head> <body> <?php if ($message != "") { $color = $found && $valid ? "green" : "red"; echo "<span style=\"color:$color;\">$message</span>"; } ?> <form action="" method="post"> <input type="hidden" name="domain" value="somebluehostdomain.com" /> <table> <tbody> <tr> <td><label for="username">Username</label></td> <td><input name="username" id="username" type="text" /></td> </tr> <tr> <td><label for="current_password">Current Password</label></td> <td><input name="current_password" id="current_password" type="password" /></td> </tr> <tr> <td><label for="new_password1">New Password</label></td> <td><input name="new_password1" id="new_password1" type="password" /></td> </tr> <tr> <td><label for="new_password2">New Password</label></td> <td><input name="new_password2" id="new_password2" type="password" /></td> </tr> <tr> <td colspan="2" style="text-align:center;"> <input type="submit" value="Change Password" /> </td> </tr> </tbody> </table> </form> </body> </html>
Modifica localiza y modifica un archivo shadow, al parecer funciona la primera parte, pero al llegar a esta sección:
delphi
if ($elements[0] == $username) { $found = true; $passwd = explode("$", $elements[1]); $salt = $passwd[2]; // get the salt currently used // crypt the "Current Password" entered by user. Can use either builtin // php crypt function or command line openssl command. if (CRYPT_MD5 == 1) { // indicates whether or not the crypt command supports MD5. $current = crypt($current_password, '$1$'.$salt.'$'); } else { $current = trim(`openssl passwd -1 -salt "$salt" "$current_password"`); } // check if the current password entered by the user // matches the password in the shadow file. $valid = ($current == $elements[1]); if ($valid) { // if they match then crypt the new password using the same salt // and modify the line in the shadow file with the new hashed password if (CRYPT_MD5 == 1) { $new = crypt($new_password1, '$1$'.$salt.'$'); } else { $new = trim(`openssl passwd -1 -salt "$salt" "$new_password1"`); } $elements[1] = $new; $lines[$i] = implode(":", $elements); }[/b]
Me pierdo, pues mis conocimientos en criptografía son nulos.
El mensaje que me arroja es que "El password ingresasado no es valido"
delphi
$message = "The password you entered is not valid.";
El formato del archivo shadow es este:
delphi
prueba1:$6$3H43CuBDVvvAelSW$ZVzh9IAvZV.D2xtILRWutYPoU9DCjmWppZdWpl9rF4K6.7t6QnWaTypN6a7eEycua/miaiT1SQstYGxSYFgMC/:16128:::::: prueba2:$6$3H43CuBDVvvAelSW$ZVzh9IAvZV.D2xtILRWutYPoU9DCjmWppZdWpl9rF4K6.7t6QnWaTypN6a7eEycua/miaiT1SQstYGxSYFgMC/:16128:::::: prueba3:$1$PrLoWZDE$Bru2j2HN8475ic5SPdeQL1:16128::::::
Ojala alguien pueda ayudarme o darme un empujón en la dirección correcta.
Saludos.