From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Cc: Adolf Belka <adolf.belka@ipfire.org>
Subject: [PATCH v2] chpasswd.cgi: Fixes bug12755 - v2 with password verification correction
Date: Wed, 7 May 2025 14:42:11 +0200 [thread overview]
Message-ID: <20250507124211.16762-1-adolf.belka@ipfire.org> (raw)
- Realised that I had not tested the old password beinhg correct or not. Previous check
gave the same answer irrespective of the output coming from the htpasswd verification.
- This changes the variable used for the system_output result to an array and then
checks if the first element contains the failure message that htpasswd gives if
password verification fails.
- Tested out with correct and incorrect old passwords and gave the correct answer in
both cases. Confirmed also that the check for the user being present works correctly
for both an existing and new user name, which it did.
Fixes: bug12755
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
html/cgi-bin/chpasswd.cgi | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/html/cgi-bin/chpasswd.cgi b/html/cgi-bin/chpasswd.cgi
index c00caca20..46c3e02f6 100644
--- a/html/cgi-bin/chpasswd.cgi
+++ b/html/cgi-bin/chpasswd.cgi
@@ -77,11 +77,11 @@ if ($cgiparams{'SUBMIT'} eq $tr{'advproxy chgwebpwd change password'})
# Check if a user with this name and password exists in the userdb file
# and if it does then change the password to the new one
my $user = &General::system_output("grep", "$cgiparams{'USERNAME'}", "$userdb");
- my $old_password = &General::system_output("/usr/bin/htpasswd", "-bv", "$userdb", "$cgiparams{'USERNAME'}", "$cgiparams{'OLD_PASSWORD'}");
+ my @old_password = &General::system_output("/usr/bin/htpasswd", "-bv", "$userdb", "$cgiparams{'USERNAME'}", "$cgiparams{'OLD_PASSWORD'}");
if (!$user) {
$errormessage = $tr{'advproxy errmsg invalid user'};
goto ERROR;
- } elsif (!$old_password) {
+ } elsif (@old_password[0] =~ /password verification failed/) {
$errormessage = $tr{'advproxy errmsg password incorrect'};
goto ERROR;
} else {
--
2.49.0
next reply other threads:[~2025-05-07 12:42 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-07 12:42 Adolf Belka [this message]
2025-05-07 12:44 ` Michael Tremer
2025-05-07 13:52 ` Adolf Belka
2025-05-07 14:02 ` Adolf Belka
2025-05-08 13:11 ` Michael Tremer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250507124211.16762-1-adolf.belka@ipfire.org \
--to=adolf.belka@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox