本配置参考网络中常用设置方法,做了安全机制控制。
主要有以下限定:
使密码输入位数最少为8位(以htpasswd -b选项来做该设置时,有效密码最多也只能为8位,可调整选项),最多为16位。
限定使输入框最多输入30位字符,防溢出。
限定密码必须由大小写字母和数字组成。
限定密码不可由特殊字符组成。
配置步骤如下:
1、将文件ChangePasswd.cgi和ChangePasswd.ini 放到apche安装目录下的cgi-bin下(我的:/usr/local/apache2/cgi-bin )
2、确认ChangePasswd.cgi 程序第1行 ,prel工具的位置 (我的:#!/usr/bin/perl -w)
/usr/bin/perl
3、修改ChangePasswd.cgi 第111行 改成htpasswd所在的路径(我的:/usr/local/apache2/bin/htpasswd)
4、修改ChangePasswd.cgi 155行 ini文件改成完整路径(我的:/usr/local/apache2/cgi-bin/ChangePasswd.ini)
5、配置文件 ChangePasswd.ini 第2行authuserfile= 密码存放路径(我的:/home/svnroot/conf/passwd)
6、配置文件 ChangePasswd.ini 第3行logfile= 操作日志存放路径(我的:/usr/local/apache2/cgi-bin/ChangPasswd.log)
7.chmod -R 755 ChangePasswd.ini ChangePasswd.cgi
注意:
1、用htpasswd时 切勿用-m参数 如果以前用的话,可重新输入一次进行更新
2、ChangPasswd.log 必须有“w”写入权限
登录:https://ip/cgi-bin/ChangePasswd.cgi 修改密码。
A:
ChangePasswd.cgi 内容为:
#!/usr/bin/perl -w
use strict;
use CGI;
my $time = localtime;
my $remote_id = $ENV{REMOTE_HOST} || $ENV{REMOTE_ADDR};
my $admin_email = $ENV{SERVER_ADMIN};
my $cgi = new CGI;
my $pwd_not_alldiginal = "密码须为大小写字母与数字组合,不能全为数字";
my $pwd_not_allchar = "密码须为大小写字母与数字组合,不能全为字母";
my $pwd_not_alllowchar = "密码须为大小写字母与数字组合,您未输入大写字母";
my $pwd_not_allcapchar = "密码须为大小写字母与数字组合,您未输入小写字母";
my $pwd_include_specialchar = "密码须为数字与字母组合,不能包含特殊字符";
my $user_not_exists = "该用户不存在";
my $file_not_found = "文件不存在,请联系管理员";
my $authuserfile;
my $logfile;
my $pwdminlen;
my $title;
my $description;
my $yourname;
my $oldpwd;
my $newpwd1;
my $newpwd2;
my $btn_change;
my $btn_reset;
my $delay_time;
my $changepwdok;
my $changepwdfailed;
my $oldpwderror;
my $passmustgreater;
my $twopassnotmatched;
my $entername;
my $enterpwd;
my $errorpwd;
my $back;
&IniInfo;
if ($cgi -> param())
{#8
my $User = $cgi->param('UserName');
my $UserPwd = $cgi->param('OldPwd');
my $UserNewPwd = $cgi->param('NewPwd1');
my $MatchNewPwd = $cgi->param('NewPwd2');
if (!$User)
{&Writer_Log("Enter no user name");
sleep($delay_time);
&otherhtml($title,$entername,$back);}
elsif (!$UserPwd )
{&Writer_Log("Enter no OldPasswd");
sleep($delay_time);
&otherhtml($title,$enterpwd,$back); }
elsif (length($UserNewPwd)<$pwdminlen)
{&Writer_Log("Password's length must greater than".$pwdminlen);
sleep($delay_time);
&otherhtml($title,$passmustgreater.$pwdminlen,$back);}
elsif (length($UserNewPwd)>16)
{&Writer_Log("Password's length must below than 16");
sleep($delay_time);
&otherhtml($title,"新密码必须小于16位",$back);}
elsif ($UserNewPwd !~/^[0-9a-zA-Z]+$/)
{&Writer_Log("New Passwd must use diginal or char,can't use special char");
sleep($delay_time);
&otherhtml($title,$pwd_include_specialchar,$back);}
elsif ($UserNewPwd =~/^\d+$/)
{&Writer_Log("New Passwd isn't all diginal");
sleep($delay_time);
&otherhtml($title,$pwd_not_alldiginal,$back);}
elsif ($UserNewPwd =~/^[A-Za-z]+$/)
{&Writer_Log("New Passwd isn't all char");
sleep($delay_time);
&otherhtml($title,$pwd_not_allchar,$back);}
elsif ($UserNewPwd =~/^[0-9A-Z]+$/)
{&Writer_Log("New Passwd isn't all capital char");
sleep($delay_time);
&otherhtml($title,$pwd_not_allcapchar,$back);}
elsif ($UserNewPwd =~/^[0-9a-z]+$/)
{&Writer_Log("New Passwd isn't all lower char");
sleep($delay_time);
&otherhtml($title,$pwd_not_alllowchar,$back);}
elsif ($UserNewPwd ne $MatchNewPwd)
{&Writer_Log("Two new passwords are not matched");
sleep($delay_time);
&otherhtml($title,$twopassnotmatched,$back);}
else
{if($authuserfile)
{#6
#sleep($delay_time);
open UserFile, "<$authuserfile" or die "打开文件失败:$!";
while (
{#5
my $varstr=$_;
if($varstr =~/($User)/)
{#3
my $eqpos =index($varstr, ":");
my $UserName = substr($varstr,0,$eqpos);
my $cryptpwd = substr($varstr,$eqpos + 1,13);
next if($UserName ne $User);
if(crypt($UserPwd,$cryptpwd) eq $cryptpwd)
{#a
my $rc = system("/usr/local/apache2/bin/htpasswd -b $authuserfile $User $UserNewPwd");
if ($rc == 0)
{#1
&Writer_Log( $User.":Change Passwd");
&otherhtml($title,$changepwdok,$back);
}#1
else
{#2
&Writer_Log( $User.":Change Passwd Failed");
&otherhtml($title,$changepwdfailed,$back);
}#2
exit;
}#a
else
{#b
&Writer_Log("Old Passwd is Incorrect ");
&otherhtml($title,$errorpwd,$back);
}#b
exit;
}#3
else
{#4
if(eof)
{ &Writer_Log($User.":no this user");
&otherhtml($title,$user_not_exists,$back);
exit;
}
else
{next;}
}#4
}#5
close UserFile;
}#6
else
{#7
&Writer_Log($authuserfile.":no found");
&otherhtml($title,$file_not_found,$back);
}#7
}
}#8
else
{&Index_Html;}
sub IniInfo{
my $inifile = "/usr/local/apache2/cgi-bin/ChangePasswd.ini";
open CGI_INI_FILE, "<$inifile" or die "打开文件失败:$!";;
while (
{
my $eqpos =index($_,'=');
my $len = length($_);
if ($_ =~/authuserfile/)
{$authuserfile= substr($_, $eqpos + 1, $len - $eqpos -2);}
elsif ($_ =~/logfile/)
{$logfile= substr($_, $eqpos + 1);}
elsif ($_ =~/pwdminlen/)
{$pwdminlen= substr($_, $eqpos + 1);}
elsif ($_ =~/title/)
{$title = substr($_, $eqpos + 1);}
elsif ($_ =~/description/)
{$description = substr($_, $eqpos + 1);}
elsif ($_ =~/yourname/)
{$yourname = substr($_, $eqpos + 1);}
elsif ($_ =~/oldpwd/)
{$oldpwd= substr($_, $eqpos + 1);}
elsif ($_ =~/newpwd1/)
{$newpwd1= substr($_, $eqpos + 1);}
elsif ($_ =~/newpwd2/)
{$newpwd2= substr($_, $eqpos + 1);}
elsif ($_ =~/btn_change/)
{$btn_change = substr($_, $eqpos + 1);}
elsif ($_ =~/btn_reset/)
{$btn_reset = substr($_, $eqpos + 1);}
elsif ($_ =~/changepwdok/)
{$changepwdok = substr($_, $eqpos + 1);}
elsif ($_ =~/changepwdfailed/)
{$changepwdfailed = substr($_, $eqpos + 1);}
elsif ($_ =~/oldpwderror/)
{$oldpwderror = substr($_, $eqpos + 1);}
elsif ($_ =~/passmustgreater/)
{$passmustgreater = substr($_, $eqpos + 1);}
elsif ($_ =~/twopassnotmatched/)
{$twopassnotmatched = substr($_, $eqpos + 1);}
elsif ($_ =~/entername/)
{$entername = substr($_, $eqpos + 1);}
elsif ($_ =~/enterpwd/)
{$enterpwd= substr($_, $eqpos + 1);}
elsif ($_ =~/errorpwd/)
{$errorpwd= substr($_, $eqpos + 1);}
elsif ($_ =~/back/)
{$back = substr($_, $eqpos + 1);}
elsif ($_ =~/delay_time/)
{$delay_time=substr($_, $eqpos + 1);}
}
close CGI_INI_FILE;
}
sub Index_Html 如有问题请与质量管理部**(csc\@126.com)联系
{
print "Content-type: text/html\n\n";
print <
$description
注意:新密码位数须大于等于$pwdminlen小于16,且须同时包含大写字母、小写字母与数字,不能包含特殊字符,如Zlglb001;
***市***有限公司
公司主页:http://www.****dom.com
sub otherhtml{
print "Content-type: text/html\n\n";
print <
$_[1]
如有问题请与admin联系E-Mail:csc\@126.com
END_OF_PAGE
}
sub Writer_Log{
if($logfile)
{
my $loginfo ="[".$time."] "." [".$remote_id."] "." || ".$_[0];
open LOGFILE,">>$logfile" or die "Couldn't open LOG FILE for writing: $!";
print LOGFILE ("$loginfo\n");
close LOGFILE;
}
}
B:ChangePasswd.ini文件内容:
[path]
authuserfile=/home/svnroot/conf/passwd
logfile=/usr/local/apache2/cgi-bin/ChangPasswd.log
[setup]
pwdminlen=8
[html]
title=SVN用户密码自助修改
description=SVN用户密码自助修改
yourname=用户名
oldpwd=旧密码
newpwd1=新密码
newpwd2=确认新密码
btn_change=修 改
btn_reset=重 置
delay_time=30
changepwdok=成功修改密码
changepwdfailed=修改密码失败
servererror=服务器错误
passmustgreater=新密码位数必须为
twopassnotmatched=两密码不一致
entername=请输入用户名
enterpwd=密码未输入
errorpwd=你的密码不正确
back=返回
申明:本配置参考网络中常用设置方法。参考地址:http://hi.baidu.com/deanlee1987/item/5f9fff0b3a6655813d42e279