#!/usr/bin/perl ################################################################ # pwdmanager.cgi # By BumbleBeeWare.com 2007 # make and manage passwords for website directories ################################################################ # CONFIGURATION ################################################################ # main data director to store password files in $datadir = "/var/www/website/data"; # list of password files @passfiles = ("admin","secure"); $dotpass = ".pass"; $dotdata = ".data"; ################################################################ # Main Program ################################################################ # parse the incoming form data &parseform; print "Content-Type: text/html\n\n"; if($ENV{"REQUEST_METHOD"} ne "POST") {&main_form;} elsif ($form{'action'} eq "adduser_form"){&adduser_form;} elsif ($form{'action'} eq "adduser"){&adduser;} elsif ($form{'action'} eq "removeuser_form"){&removeuser_form;} elsif ($form{'action'} eq "removeuser"){&removeuser;} elsif ($form{'action'} eq "getpass_form"){&getpass_form;} elsif ($form{'action'} eq "getpass"){&getpass;} elsif ($form{'action'} eq "listusers"){&listusers;} else {} # link back to main page print "

Action Completed

Back to Main

"; exit; # main page, select a password file sub main_form { # print list of all password files $passlistform = "\n"; print "
Add A New User
Directory $passlistform
Action
"; exit; } # add a new user to a file sub adduser { open (USERS, "<$datadir/$form{'passfile'}$dotpass"); @users=; close (USERS); foreach $user (@users) { ($checkusername,$checkpass)=split(/:/,$user); # exit if name is already used if ($checkusername eq "$form{'username'}"){ print "$form{'username'} is already in use."; exit; } } # get a random salt for the crypt @saltchars=(a..z,A..Z,0..9,'.','/'); $salt=$saltchars[int(rand($#saltchars+1))]; $salt.=$saltchars[int(rand($#saltchars+1))]; $cryptedpass = crypt($form{'password'},$salt); # add to password file open (FILE, ">>$datadir/$form{'passfile'}$dotpass"); flock(FILE, 2); print FILE "$form{'username'}:$cryptedpass\n"; flock(FILE, 8); close (FILE); chmod 0777, "$datadir/$form{'passfile'}$dotpass"; # log values for administration open (FILE, ">>$datadir/$form{'passfile'}$dotdata"); flock(FILE, 2); print FILE "$form{'username'}|$form{'password'}|\n"; flock(FILE, 8); close (FILE); chmod 0777, "$datadir/$form{'passfile'}$dotdata"; } # parse the STDIN sub parseform { read (STDIN, $buffer, {'CONTENT_LENGTH'}); @pairs = split(/&/, $buffer); foreach $pair (@pairs){ ($name, $value) = split(/=/, $pair); $value =~ tr/+/ /; $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; $form{$name} = $value;} } # print form to add a user sub adduser_form { print "
Add A New User to $form{'passfile'}
Username
Password
"; exit; } # print form to remove a user sub removeuser_form { open (USERS, "<$datadir/$form{'passfile'}$dotdata"); @usernames=; close (USERS); # print list of all secure directories $userlistform = "\n"; print "
Remove User from $form{'passfile'}
Username $userlistform
"; exit; } # remove a ser from the password list sub removeuser { # open password file open (USERS, "<$datadir/$form{'passfile'}$dotpass"); @allusers = ; close (USERS); foreach $keepuser (@allusers) { chomp $keepuser; # check name ($checkusername,$checkpass)=split(/:/,$keepuser); if ($form{'removeuser'} eq "$checkusername"){} elsif ("$checkusername" eq ""){} else {$newpassfile = "$newpassfile$keepuser\n";} } # update password file open (FILE, ">$datadir/$form{'passfile'}$dotpass"); flock(FILE, 2); print FILE "$newpassfile\n"; flock(FILE, 8); close (FILE); chmod 0777, "$datadir/$form{'passfile'}$dotpass"; # open the datafile open (USERS, "<$datadir/$form{'passfile'}$dotdata"); @alluserdata = ; close (USERS); foreach $keepuser (@alluserdata) { chomp $keepuser; # check name ($checkusername,$checkpass)=split(/\|/,$keepuser); if ($form{'removeuser'} eq "$checkusername"){} elsif ("$checkusername" eq ""){} else {$newdatafile = "$newdatafile$keepuser\n";} } # update the data file open (FILE, ">$datadir/$form{'passfile'}$dotdata"); flock(FILE, 2); print FILE "$newdatafile\n"; flock(FILE, 8); close (FILE); chmod 0777, "$datadir/$form{'passfile'}$dotdata"; } # print form to get password sub getpass_form { # open user datafile open (USERS, "<$datadir/$form{'passfile'}$dotdata"); @usernames=; close (USERS); # print list of all users $userlistform = "\n"; # print the form print "
Get Password from $form{'passfile'}
Username $userlistform
"; exit; } # get the password for a user sub getpass { # open the user datafile open (USERS, "<$datadir/$form{'passfile'}$dotdata"); @usernames=; close (USERS); # print the user data for the matching user foreach $username (@usernames) { ($username,$userpass,$blank)=split(/\|/,$username); if ($username eq $form{'username'}){ print "

Username:$username
Password:$userpass

\n";} } } # list all users in a file sub listusers { # open the user datafile open (USERS, "<$datadir/$form{'passfile'}$dotdata"); @usernames=; close (USERS); # print the user data for the matching user foreach $username (@usernames) { ($username,$userpass,$blank)=split(/\|/,$username); print "

Username:$username

\n"; } }