bretton/changepass.php

## changepass.php
<?php
// original script from https://www.cyberciti.biz/tips/change-linux-or-unix-system-password-using-php-script.html
// adapted by Bretton 2020-09-22
//
// Requirements
// 1. webserver with https and php enabled
// 2. make sure you run visudo first and ensure it has
//
//      www-data    ALL=(ALL) NOPASSWD: /usr/bin/smbpasswd
//
// 3. then save this file to /var/www/html/dirname/index.php
// 4. open up https://yourhost.tld/dirname/index.php to use the tool
// 5. make sure you setup htpasswd for the directory, or limit access via allowed IPs only

session_start();

// banned usernames
$bannedadmin = "admin";
$bannedroot = "root";

// script command for smbpasswd
// run smbpasswd with sudo and command line flags -L for local, -s to accept pass from stdin, and -U for user
$shellscript = "sudo /usr/bin/smbpasswd -L -s -U";

// Make sure form is submitted by user
if(!(isset($_POST['pwdchange']))) {
 // if not display them form
 writeHead("Change password");
 writeForm();
 writeFoot();
}
else {
 // try to change the password
 $callshell=true;
 // get username and password
 $_POST['username'] = stripslashes(trim($_POST['username']));
 $_POST['passwd'] = stripslashes(trim($_POST['passwd']));

// if user skip our javascript ...
// make sure we can only change password if we have both username and password
 if(empty($_POST['username'])) {
   $callshell=false;
 }
 if(empty($_POST['passwd'])) {
   $callshell=false;
 }
 if(strpos($_POST['username'],$bannedadmin)) {
   $callshell=false;
 }
 if(strpos($_POST['username'],$bannedroot)) {
   $callshell=false;
 }
 if ( $callshell == true ) {
  // command to change password
  // we have to specify the '-w' bit before the password for smbpasswd
  $cmd="$shellscript " . $_POST['username'] . " -w " . $_POST['passwd'];
  // call command
  // $cmd - command, $output - output of $cmd, $status - useful to find if command failed or not
   exec($cmd,$output,$status);
   if ( $status == 0 ) { // Success - password changed
   writeHead("Password changed");
   echo '<h3>Password changed! You can now connect to smb://YOUR-SERVER-IP with the new credentials</h3>';
   writeFoot();
   }
   else { // Password failed
      writeHead("Password change failed");
      echo '<h3>Password change failed</h3>';
      echo '<p>System returned following information:</p>';
      print_r($output);
      echo '<p><em>Please email tech-support for more info! Or try <a href='.$_SERVER['PHP_SELF'].'again</a></em></p>';
      writeFoot();
   }
 }
 else {
   writeHead("Something was wrong -- Please try again");
   echo 'Error - Please enter username and password';
   writeForm();
   writeFoot();
 }
}
// display html head
function writeHead($title) {
echo '
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title> ' .$title. '</title>
<style type="text/css" media="screen">
.passwdform {
	position: static;
	overflow: hidden;
}
.passwdleft {
	width: 25%;
	text-align: right;
	clear: both;
	float: left;
	display: inline;
	padding: 4px;
	margin: 5px 0;
}
.passwdright {
	width: 70%;
	text-align: left;
	float: right;
	display: inline;
	padding: 4px;
	margin: 5px 0;
}
.passwderror {
	border: 1px solid #ff0000;
}
.passwdsubmit {
}
</style>
</head>
<body>';
}
// display html form
function writeForm() {
echo '
<h3>Use following form to change samba password:</h3>
<p>Important: this will automatically reset your password for samba file sharing</p>
<script>
function checkForm() {
if (document.forms.changepassword.elements[\'username\'].value.length == 0) {
    alert(\'Please enter a "Username"\');
    return false;
}
if (document.forms.changepassword.elements[\'passwd\'].value.length == 0) {
    alert(\'Please enter a new "Password"\');
    return false;
}
if (document.forms.changepassword.elements[\'username\'].value == "root") {
    alert(\'You cannot change the root user password\');
    return false;
}
if (document.forms.changepassword.elements[\'username\'].value == "admin") {
    alert(\'You cannot change the admin user password\');
    return false;
}
  return true;
}
</script>
<div class="contactform">
<form action="' . $_SERVER[PHP_SELF]. '" method="post" onSubmit="return checkForm()" name="changepassword">
<div class="passwdleft"><label for="lblusername">User Name: </label></div>
<div class="passwdright"><input type="text" name="username" id="lblusername" size="30" maxlength="50" value="" /> (required)</div>
<div class="passwdleft"><label for="lblpasswd">Password: </label></div>
<div class="passwdright"><input type="password" name="passwd" id="lblpasswd" size="30" maxlength="50" value="" /> (required)</div>
<div class="passwdright"><input type="submit" name="Submit" value="Change password" id="passwdsubmit" />
<input type="hidden" name="pwdchange" value="process" /></div>
</form>
</div>
';
}
// display footer
function writeFoot(){
echo '</body>
</html>
';
}
?>
	<?php
	// original script from https://www.cyberciti.biz/tips/change-linux-or-unix-system-password-using-php-script.html
	// adapted by Bretton 2020-09-22
	//
	// Requirements
	// 1. webserver with https and php enabled
	// 2. make sure you run visudo first and ensure it has
	//
	// www-data ALL=(ALL) NOPASSWD: /usr/bin/smbpasswd
	//
	// 3. then save this file to /var/www/html/dirname/index.php
	// 4. open up https://yourhost.tld/dirname/index.php to use the tool
	// 5. make sure you setup htpasswd for the directory, or limit access via allowed IPs only

	session_start();

	// banned usernames
	$bannedadmin = "admin";
	$bannedroot = "root";

	// script command for smbpasswd
	// run smbpasswd with sudo and command line flags -L for local, -s to accept pass from stdin, and -U for user
	$shellscript = "sudo /usr/bin/smbpasswd -L -s -U";

	// Make sure form is submitted by user
	if(!(isset($_POST['pwdchange']))) {
	// if not display them form
	writeHead("Change password");
	writeForm();
	writeFoot();
	}
	else {
	// try to change the password
	$callshell=true;
	// get username and password
	$_POST['username'] = stripslashes(trim($_POST['username']));
	$_POST['passwd'] = stripslashes(trim($_POST['passwd']));

	// if user skip our javascript ...
	// make sure we can only change password if we have both username and password
	if(empty($_POST['username'])) {
	$callshell=false;
	}
	if(empty($_POST['passwd'])) {
	$callshell=false;
	}
	if(strpos($_POST['username'],$bannedadmin)) {
	$callshell=false;
	}
	if(strpos($_POST['username'],$bannedroot)) {
	$callshell=false;
	}
	if ( $callshell == true ) {
	// command to change password
	// we have to specify the '-w' bit before the password for smbpasswd
	$cmd="$shellscript " . $_POST['username'] . " -w " . $_POST['passwd'];
	// call command
	// $cmd - command, $output - output of $cmd, $status - useful to find if command failed or not
	exec($cmd,$output,$status);
	if ( $status == 0 ) { // Success - password changed
	writeHead("Password changed");
	echo '<h3>Password changed! You can now connect to smb://YOUR-SERVER-IP with the new credentials</h3>';
	writeFoot();
	}
	else { // Password failed
	writeHead("Password change failed");
	echo '<h3>Password change failed</h3>';
	echo '<p>System returned following information:</p>';
	print_r($output);
	echo '<p><em>Please email tech-support for more info! Or try <a href='.$_SERVER['PHP_SELF'].'again</a></em></p>';
	writeFoot();
	}
	}
	else {
	writeHead("Something was wrong -- Please try again");
	echo 'Error - Please enter username and password';
	writeForm();
	writeFoot();
	}
	}
	// display html head
	function writeHead($title) {
	echo '
	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
	<html>
	<head>
	<title> ' .$title. '</title>
	<style type="text/css" media="screen">
	.passwdform {
	position: static;
	overflow: hidden;
	}
	.passwdleft {
	width: 25%;
	text-align: right;
	clear: both;
	float: left;
	display: inline;
	padding: 4px;
	margin: 5px 0;
	}
	.passwdright {
	width: 70%;
	text-align: left;
	float: right;
	display: inline;
	padding: 4px;
	margin: 5px 0;
	}
	.passwderror {
	border: 1px solid #ff0000;
	}
	.passwdsubmit {
	}
	</style>
	</head>
	<body>';
	}
	// display html form
	function writeForm() {
	echo '
	<h3>Use following form to change samba password:</h3>
	<p>Important: this will automatically reset your password for samba file sharing</p>
	<script>
	function checkForm() {
	if (document.forms.changepassword.elements[\'username\'].value.length == 0) {
	alert(\'Please enter a "Username"\');
	return false;
	}
	if (document.forms.changepassword.elements[\'passwd\'].value.length == 0) {
	alert(\'Please enter a new "Password"\');
	return false;
	}
	if (document.forms.changepassword.elements[\'username\'].value == "root") {
	alert(\'You cannot change the root user password\');
	return false;
	}
	if (document.forms.changepassword.elements[\'username\'].value == "admin") {
	alert(\'You cannot change the admin user password\');
	return false;
	}
	return true;
	}
	</script>
	<div class="contactform">
	<form action="' . $_SERVER[PHP_SELF]. '" method="post" onSubmit="return checkForm()" name="changepassword">
	<div class="passwdleft"><label for="lblusername">User Name: </label></div>
	<div class="passwdright"><input type="text" name="username" id="lblusername" size="30" maxlength="50" value="" /> (required)</div>
	<div class="passwdleft"><label for="lblpasswd">Password: </label></div>
	<div class="passwdright"><input type="password" name="passwd" id="lblpasswd" size="30" maxlength="50" value="" /> (required)</div>
	<div class="passwdright"><input type="submit" name="Submit" value="Change password" id="passwdsubmit" />
	<input type="hidden" name="pwdchange" value="process" /></div>
	</form>
	</div>
	';
	}
	// display footer
	function writeFoot(){
	echo '</body>
	</html>
	';
	}
	?>