#!/bin/sh

# change passwords from CGI
# Copyright (c) 2014 may safely be consumed by a BSD or GPL license.
# Written by:   Vladimir Oleynik <dzo@simtreas.ru>

# CFG is the file with any pairs:
# user1:password1
# user2:password2
# and must access to read/write for the httpd-server's user
CFG="/usr/local/etc/chpasswd.cfg"

# The special utilites for change password from pairs user:pass from STDIN
# NEED SUDO ACCESS!
CHPASSWD="sudo /usr/sbin/chpasswd"

# allow from the IP list
ACCESS_ADDRS="127.0.0.1 10.68.0.3 10.68.0.4 10.68.0.7 10.68.0.11 10.68.0.12 10.68.0.24"

# The my password generator
UNIPASS="/usr/local/bin/unipass"

# the salt for password generator, PLEASE CHANGE THIS!
SALT='DZO:'`/bin/date '+%D'`":$$"


# Messages (original russian)

#Charset="ISO-8859-1"
Charset="koi8-r"

#Title="Show and change passwords"
Title="Просмотр и смена паролей"

#Can_not_stat="Can not stat the file"
Can_not_stat="Не могу найти файл"

#Access_denied="Access denied"
Access_denied="Доступ запрещен"

#User=User
User="Имя"

#Password=Password
Password="Пароль"

#Make_random="Make random"
Make_random="Сгенерировать случайный"

#Restore_changes="Restore changes"
Restore_changes="Вернуть изменение"

#Can_not_lock="Can not lock"
Can_not_lock="Не могу включить блокировку"

#Unsupport_char="Unsupport char"
Unsupport_char="Не поддерживаемый символ"

#Button_Generate="Generate"
Button_Generate="Сгенерировать"
#Button_Restore="Restore"
Button_Restore="Вернуть"


# End for configure and need changes.


echo 'Content-type: text/html

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
 <meta http-equiv="content-type" content="text/html; charset='"$Charset"'">
 <title>'"$Title"'</title>
 <style>
  body { margin:10pt;padding:0px;background-color:#f0f0f0;}
  body, table { font-family:arial; }
  h1 { font-size:14pt;text-align:center; }
  h2 { font-size:13pt;text-align:center; }
  td, th { font-size: 11pt; white-space:nowrap; padding: 3px }
  input[type="text"] { font-size: 12px; }
  </style>

 </head>
<body>
<h1>'"$Title"'</h1>'


h2e(){
	echo '<h2>'"$1"'</h2>'
	echo '</body></html>'
	exit 1
}

if [ ! -w "$CFG" ]; then
	h2e "$Can_not_stat $CFG"
fi

if [ -z "$REMOTE_ADDR" ] ; then
	# Debug mode without http usage
	A=Ok
else
	A=deny
fi
for addr in $ACCESS_ADDRS; do
	if [ x"$REMOTE_ADDR" = x$addr ] ; then
		A=Ok
	fi
done
if [ $A = deny ] ; then
	h2e "$Access_denied"
fi

need_passwd=0
if [ x"$REQUEST_METHOD" = xPOST ]; then
	read QUERY_STRING
	need_passwd=1
fi

tdi(){
	echo -n '  <td>'
	if [ -z "$2" ]; then
		echo -n "$1"
	else
		echo -n '<INPUT'
		while [ -n "$1" ]; do
			echo -n " $1=\"$2\""
			shift
			shift
		done
		echo -n '>'
	fi
	echo '</td>'
}

out=""

# Form name
f=f
echo '
<form name='$f' action='"$SCRIPT_NAME"' method=POST>

<table border=1>
 <tr>
   <th>'"$User"'</th>
   <th>'"$Password"'</th>
   <th>'"$Make_random"'</th>
   <th>'"$Restore_changes"'</th>
 </tr>'

# start lock
(
  flock 200
  if [ ! $? =  0 ]; then
	h2e "$Can_not_lock $CFG"
  fi

  lines=0
  while read l; do
	let lines=lines+1
	cut=`expr index "$l" ':'`
	if [ ! $cut = 0 ]; then
		user=`expr substr "$l" 1 '(' $cut - 1 ')'`
		pass0=`expr substr "$l" '(' $cut + 1 ')' '(' length "$l" - $cut ')'`
		if [ $need_passwd -ne 0 ]; then
			pass=`echo "$QUERY_STRING" | sed -n 's/^.*pass_'$lines'=\([^&]*\).*$/\1/p' | sed "s/%2F/\//g" | sed "s/%2B/\+/g"`
			if echo "$pass" | grep -q '%'; then
				echo '<h2>'"$Unsupport_char"'</h2>'
				pass="$pass0"
			else if [ ! x"$pass" = x"$pass0" ]; then
				echo "$user:$pass" | $CHPASSWD
			     fi
			fi
			if [ -n "$out" ]; then
				out="$out\\n$user:$pass"
			else
				out="$user:$pass"
			fi
		else
			pass="$pass0"
		fi

		unipass=`$UNIPASS -m "$SALT" -r "$user@" -l 6`

		# The text field name
		tfn=pass_$lines

		echo ' <tr>'
		tdi "$user"
		tdi type text name $tfn size 14 value "$pass"
		tdi type button value "$Button_Generate" onClick document.$f.$tfn.value"='$unipass'"
		tdi type button value "$Button_Restore"  onClick document.$f.$tfn.value"='$pass'"
		echo ' </tr>'
	fi
  done < $CFG

  if [ $need_passwd -ne 0 ]; then
	echo -e "$out" > "$CFG"
  fi

) 2>&1 200>> "$CFG"
# end lock

echo '</table><br>
<input type=submit value=Ok name=Ok>
</form>
</body>
</html>'