Last active
September 23, 2020 12:06
-
-
Save bretton/7494004c0a5242bc72443d3f4b2ce205 to your computer and use it in GitHub Desktop.
simple php form to change samba password
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
// original script from https://www.cyberciti.biz/tips/change-linux-or-unix-system-password-using-php-script.html | |
// adapted by Bretton 2020-09-22 | |
// | |
// Requirements | |
// 1. webserver with https and php enabled | |
// 2. make sure you run visudo first and ensure it has | |
// | |
// www-data ALL=(ALL) NOPASSWD: /usr/bin/smbpasswd | |
// | |
// 3. then save this file to /var/www/html/dirname/index.php | |
// 4. open up https://yourhost.tld/dirname/index.php to use the tool | |
// 5. make sure you setup htpasswd for the directory, or limit access via allowed IPs only | |
session_start(); | |
// banned usernames | |
$bannedadmin = "admin"; | |
$bannedroot = "root"; | |
// script command for smbpasswd | |
// run smbpasswd with sudo and command line flags -L for local, -s to accept pass from stdin, and -U for user | |
$shellscript = "sudo /usr/bin/smbpasswd -L -s -U"; | |
// Make sure form is submitted by user | |
if(!(isset($_POST['pwdchange']))) { | |
// if not display them form | |
writeHead("Change password"); | |
writeForm(); | |
writeFoot(); | |
} | |
else { | |
// try to change the password | |
$callshell=true; | |
// get username and password | |
$_POST['username'] = stripslashes(trim($_POST['username'])); | |
$_POST['passwd'] = stripslashes(trim($_POST['passwd'])); | |
// if user skip our javascript ... | |
// make sure we can only change password if we have both username and password | |
if(empty($_POST['username'])) { | |
$callshell=false; | |
} | |
if(empty($_POST['passwd'])) { | |
$callshell=false; | |
} | |
if(strpos($_POST['username'],$bannedadmin)) { | |
$callshell=false; | |
} | |
if(strpos($_POST['username'],$bannedroot)) { | |
$callshell=false; | |
} | |
if ( $callshell == true ) { | |
// command to change password | |
// we have to specify the '-w' bit before the password for smbpasswd | |
$cmd="$shellscript " . $_POST['username'] . " -w " . $_POST['passwd']; | |
// call command | |
// $cmd - command, $output - output of $cmd, $status - useful to find if command failed or not | |
exec($cmd,$output,$status); | |
if ( $status == 0 ) { // Success - password changed | |
writeHead("Password changed"); | |
echo '<h3>Password changed! You can now connect to smb://YOUR-SERVER-IP with the new credentials</h3>'; | |
writeFoot(); | |
} | |
else { // Password failed | |
writeHead("Password change failed"); | |
echo '<h3>Password change failed</h3>'; | |
echo '<p>System returned following information:</p>'; | |
print_r($output); | |
echo '<p><em>Please email tech-support for more info! Or try <a href='.$_SERVER['PHP_SELF'].'again</a></em></p>'; | |
writeFoot(); | |
} | |
} | |
else { | |
writeHead("Something was wrong -- Please try again"); | |
echo 'Error - Please enter username and password'; | |
writeForm(); | |
writeFoot(); | |
} | |
} | |
// display html head | |
function writeHead($title) { | |
echo ' | |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> | |
<html> | |
<head> | |
<title> ' .$title. '</title> | |
<style type="text/css" media="screen"> | |
.passwdform { | |
position: static; | |
overflow: hidden; | |
} | |
.passwdleft { | |
width: 25%; | |
text-align: right; | |
clear: both; | |
float: left; | |
display: inline; | |
padding: 4px; | |
margin: 5px 0; | |
} | |
.passwdright { | |
width: 70%; | |
text-align: left; | |
float: right; | |
display: inline; | |
padding: 4px; | |
margin: 5px 0; | |
} | |
.passwderror { | |
border: 1px solid #ff0000; | |
} | |
.passwdsubmit { | |
} | |
</style> | |
</head> | |
<body>'; | |
} | |
// display html form | |
function writeForm() { | |
echo ' | |
<h3>Use following form to change samba password:</h3> | |
<p>Important: this will automatically reset your password for samba file sharing</p> | |
<script> | |
function checkForm() { | |
if (document.forms.changepassword.elements[\'username\'].value.length == 0) { | |
alert(\'Please enter a "Username"\'); | |
return false; | |
} | |
if (document.forms.changepassword.elements[\'passwd\'].value.length == 0) { | |
alert(\'Please enter a new "Password"\'); | |
return false; | |
} | |
if (document.forms.changepassword.elements[\'username\'].value == "root") { | |
alert(\'You cannot change the root user password\'); | |
return false; | |
} | |
if (document.forms.changepassword.elements[\'username\'].value == "admin") { | |
alert(\'You cannot change the admin user password\'); | |
return false; | |
} | |
return true; | |
} | |
</script> | |
<div class="contactform"> | |
<form action="' . $_SERVER[PHP_SELF]. '" method="post" onSubmit="return checkForm()" name="changepassword"> | |
<div class="passwdleft"><label for="lblusername">User Name: </label></div> | |
<div class="passwdright"><input type="text" name="username" id="lblusername" size="30" maxlength="50" value="" /> (required)</div> | |
<div class="passwdleft"><label for="lblpasswd">Password: </label></div> | |
<div class="passwdright"><input type="password" name="passwd" id="lblpasswd" size="30" maxlength="50" value="" /> (required)</div> | |
<div class="passwdright"><input type="submit" name="Submit" value="Change password" id="passwdsubmit" /> | |
<input type="hidden" name="pwdchange" value="process" /></div> | |
</form> | |
</div> | |
'; | |
} | |
// display footer | |
function writeFoot(){ | |
echo '</body> | |
</html> | |
'; | |
} | |
?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is not a very secure tool. It doesn't check if username is valid. It's simply an easy way to get web-based samba password changes.
Highly suggest SSL, and a web access user/pass.