Michael Quick wrote: > First off, I really appreciate everyone's responses. :-) Man, you guys > are making me work for this one! LOL!
Ok, but as long as we bashing things ... let's pick on the shells for
web scripting. One of the 'P' scripts would be better, perl, php,
python. As my person preference is perl, the example below will use
perl using the perl expect module. So why perl over bash, the -T flag
on the perl invocation turns on taint checking which is also referenced
as safe mode. The perl script will not trust anything coming from
outside of your program, your environment, the arguments to the
program, data from standard in or a file. It forces you to parse the
data to make it safe. Well there are no guarantees, but you were
forced to parse it, you can still screw up but you had to think about
it. In addition there are many many perl modules to deal with web stuff.
#!/usr/bin/perl -T # never ever trust anything outside the script
use strict;
use Expect; # good distro's make it easy to install cpan modules
$ENV{PATH} = "/usr/bin:/bin:/usr/sbin"; # must set your path!
my $timeout = 3; # so we don't hang around forever
print "\nYour passwd sir:";
chop(my $save_stty = `/bin/stty -g`);
system ("/bin/stty", "-echo"); # don't display the passwd
my $tmp = <>; # get a line of data
my $pass;
if($tmp =~ /([\w\d]+)/){ # letters and numbers only
$pass = $1;
}
system ("/bin/stty", "echo"); # restore echo
print "\nYour new passwd sir:";
chop(my $save_stty = `/bin/stty -g`);
system ("/bin/stty", "-echo"); # don't display the passwd
my $tmp2 = <>; # get a line of data
my $newpass;
if($tmp2 =~ /([\w\d]+)/){ # letters and numbers only
$newpass = $1;
}
system ("/bin/stty", "echo"); # restore echo
my $passwd = Expect->spawn('/usr/bin/passwd')
or die "$0: cannot spawn passwd cmd: $!";
my $rc = $passwd->expect($timeout, 'UNIX password:');
if ($rc != 1) {
die "abort rc $rc from expect UNIX password:";
}
$passwd->send("$pass\r");
my $rc = $passwd->expect($timeout, 'new UNIX password:');
if ($rc != 1) {
die "abort rc $rc from expect new UNIX password:";
}
$passwd->send("$newpass\r");
my $rc = $passwd->expect($timeout, 'new UNIX password:');
if ($rc != 1) {
die "abort rc $rc from expect new UNIX password:";
}
$passwd->send("$newpass\r");
my $rc = $passwd->expect($timeout, 'password updated successfully');
exit 0;
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Mid-Hudson Valley Linux Users Group http://mhvlug.org http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug Upcoming Meetings (6pm - 8pm) MHVLS Auditorium Dec 5 - Open Source Show and Tell Jan 2 - TBD Feb 6 - DBUS Mar 5 - Setting up a platform-independent home/small office network using Linux
