pwAdmin Force Password Plugin

[NaMeLeS]

Just quickly made this cause I was bored, and thought it might be of use to some people...

Download v1

Put it in your pwAdmin addons folder and you can use it to change a password of a persons account without the original password.

Here is a preview of it...


Just to make this clear:
I did NOT write this, credits go to ronny for the original script, all I have done is modified it and turned it into an addon for pwAdmin to make it easier use to people.

[MentaL]

[Romulan]

Credit to me Check this: http://forum.ragezone.com/f694/littl...admins-748752/

[NaMeLeS]

Ahh ok sorry, all I did was took the pwAdmin "ACCOUNTS" page, modified it to get rid of all the other stuff, deleted the if old password matches, change password else error and then put it into an addons folder

[Romulan]

Ah ok then ^^

[NaMeLeS]

:P
Posted via Mobile Device

[ronny1982]

there is an optimization since r55 of pwTools

pwAdmin uses the changepasswd function instead of manipulating the table entry directly...

i recommend to look into the affected code and update your script with this new code (which still contains old password match verification):

Code:

if(count <= 0)
{
	message = "<font color=\"ee0000\">User Don't Exists</font>";
}
else
{
	password_old = pw_encode(login + password_old, MessageDigest.getInstance("MD5"));
/*
	// Some hard encoding problems requires a strange solution...
	// changePasswd -> wrong encoding password destroyed...
	// Only a temp entry in database gives us a correct encoded password for comparsion

	rs = statement.executeQuery("call adduser('" + login + "_TEMP_USER', " + password_old + ", '0', '0', '0', '0', '', '0', '0', '0', '0', '0', '0', '0', '', '', " + password_old + ")");
	rs = statement.executeQuery("SELECT passwd FROM users WHERE name='" + login + "_TEMP_USER'");
	rs.next();
	password_old = rs.getString("passwd");

	// Delete temp entry
	statement.executeUpdate("DELETE FROM users WHERE name='" + login + "_TEMP_USER'");

	if(password_old.compareTo(password_stored) != 0)
	{
		message = "<font color=\"ee0000\">Old Password Mismatch</font>";
	}
	else
	{
		password_new = pw_encode(login + password_new, MessageDigest.getInstance("MD5"));

		// LOCK TABLE to ensure that nobody else get the original ID of the user
		statement.executeUpdate("LOCK TABLE users WRITE");
		// Delete old entry
		statement.executeUpdate("DELETE FROM users WHERE name='" + login + "'");
		// Add new entry
		rs = statement.executeQuery("call adduser('" + login + "', " + password_new + ", '0', '0', '0', '0', '', '0', '0', '0', '0', '0', '0', '0', '', '', " + password_new + ")");
		// change new entry ID to original ID - necessary to keep characters of this account
		statement.executeUpdate("UPDATE users SET ID='" + id_stored + "' WHERE name='" + login + "'");
		// UNLOCK TABLES
		statement.executeUpdate("UNLOCK TABLES");

		message = "<font color=\"00cc00\">Password Changed</font>";
	}
*/
	CallableStatement cs = connection.prepareCall("{call acquireuserpasswd(?,?,?)}");
	cs.setString(1, login);
	cs.registerOutParameter(3, Types.VARCHAR);
	cs.execute();

	if(password_old.compareTo(cs.getString(3)) != 0)
	{
		message = "<font color=\"ee0000\">Old Password Mismatch</font>";
	}
	else
	{
		password_new = pw_encode(login + password_new, MessageDigest.getInstance("MD5"));
		statement.executeQuery("CALL changePasswd('" + login + "', " + password_new + ")");
		statement.executeQuery("CALL changePasswd2('" + login + "', " + password_new + ")");
		message = "<font color=\"00cc00\">Password Changed</font>";
	}
}

[NaMeLeS]

Alright, cheers ronny, I will look into and update it when I get home later.

Thanks
Posted via Mobile Device

[343]

Although this original release may have been 'outdated' - even the 'update' will 'break' the email field in the database (If I'm not mistaken). See my original post about this eons ago here: http://forum.ragezone.com/f452/accou...6/#post5843875

Then, in the future, if a user attempts to change their own password from the 'user' password change portion of the 'website' (at least on my release) it will FAIL because it has an email verification, and cannot verify it after it's 'nulled' out from a 'script' like this one!

Here is my update to the original release of this thread (So that it does NOT 'break' the EMAIL field in DBO):

Code:

<%@page import="java.sql.*"%>
<%@page import="java.util.*"%>
<%@page import="java.security.*"%>
<%@include file="../../WEB-INF/.pwadminconf.jsp"%>

<%!
    	String pw_encode(String salt, MessageDigest alg)
	{
		alg.reset(); 
		alg.update(salt.getBytes());
		byte[] digest = alg.digest();
		StringBuffer hashedpasswd = new StringBuffer();
		String hx;
		for(int i=0; i<digest.length; i++)
		{
			hx =  Integer.toHexString(0xFF & digest[i]);
			//0x03 is equal to 0x3, but we need 0x03 for our md5sum
			if(hx.length() == 1)
			{
				hx = "0" + hx;
			} 
			hashedpasswd.append(hx);
		}
		salt = "0x" + hashedpasswd.toString();

        	return salt;
   	}
%>

<%
	boolean allowed = false;

	if(request.getSession().getAttribute("ssid") == null)
	{
		out.println("<p align=\"right\"><font color=\"#ee0000\"><b>Login for Account administration...</b></font></p>");
	}
	else
	{
		allowed = true;
	}

	String message = "<br>";
	if(request.getParameter("action") != null)
	{
			String action = new String(request.getParameter("action"));

			if(action.compareTo("passwd") == 0)
			{
				String login = request.getParameter("login");
                String login = login.toLowerCase();
				String password_old = request.getParameter("password_old");
				String password_new = request.getParameter("password_new");

				if(login.length() > 0 && password_new.length() > 0)
				{
					if(password_new.length() < 6 || password_new.length() > 32)
					{
						message = "<font color=\"ee0000\">Only 6-32 Characters</font>";
					}
					else
					{
						String alphabet = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-_";
						boolean check = true;
						char c;
						for(int i=0; i<password_new.length(); i++)
						{
							c = password_new.charAt(i);
							if (alphabet.indexOf(c) == -1)
							{
								check = false;
								break;
							}
						}

						if(!check)
						{
							message = "<font color=\"ee0000\">Forbidden Characters</font>";
						}
						else
						{
							try
							{
								Class.forName("com.mysql.jdbc.Driver").newInstance();
								Connection connection = DriverManager.getConnection("jdbc:mysql://" + db_host + ":" + db_port + "/" + db_database, db_user, db_password);
								Statement statement = connection.createStatement();
								ResultSet rs = statement.executeQuery("SELECT ID, passwd, email FROM users WHERE name='" + login + "'");
                                String email_stored = "";
								String password_stored = "";
								String id_stored = "";
								int count = 0;
								while(rs.next())
								{
                                    email_stored = rs.getString("email");
									id_stored = rs.getString("ID");
									password_stored = rs.getString("passwd");
									count++;
								}

								if(count <= 0)
								{
									message = "<font color=\"ee0000\">User Doesn't Exist</font>";
								}
								else
								{
									password_old = pw_encode(login + password_old, MessageDigest.getInstance("MD5"));

									// Some hard encoding problems requires a strange solution...
									// changePasswd -> wrong encoding password destroyed...
									// Only a temp entry in database gives us a correct encoded password for comparsion

									rs = statement.executeQuery("call adduser('" + login + "_TEMP_USER', " + password_old + ", '0', '0', '0', '0', '', '0', '0', '0', '0', '0', '0', '0', '', '', " + password_old + ")");
									rs = statement.executeQuery("SELECT passwd FROM users WHERE name='" + login + "_TEMP_USER'");
									rs.next();
									password_old = rs.getString("passwd");

									// Delete temp entry
									statement.executeUpdate("DELETE FROM users WHERE name='" + login + "_TEMP_USER'");

									{
										password_new = pw_encode(login + password_new, MessageDigest.getInstance("MD5"));

										// LOCK TABLE to ensure that nobody else get the original ID of the user
										statement.executeUpdate("LOCK TABLE users WRITE");
										// Delete old entry
										statement.executeUpdate("DELETE FROM users WHERE name='" + login + "'");
										// Add new entry
										rs = statement.executeQuery("call adduser('" + login + "', " + password_new + ", '0', '0', '0', '0', '" + email_stored + "', '0', '0', '0', '0', '0', '0', '0', '', '', " + password_new + ")");
										// change new entry ID to original ID - necessary to keep characters of this account
										statement.executeUpdate("UPDATE users SET ID='" + id_stored + "' WHERE name='" + login + "'");
										// UNLOCK TABLES
										statement.executeUpdate("UNLOCK TABLES");

										message = "<font color=\"00cc00\">Password Changed</font>";
									}
								}

								rs.close();
								statement.close();
								connection.close();
							}
							catch(Exception e)
							{
								message = "<font color=\"#ee0000\"><b>Connection to MySQL Database Failed</b></font>";
							}
						}
					}
				}
			}

			
	}
%>


<head>
	<link rel="shortcut icon" href="../../include/fav.ico">
	<link rel="stylesheet" type="text/css" href="../../include/style.css">
</head>

<table width="800" cellpadding="0" cellspacing="0" border="0">

<tr>
	<td height="1" align="center" valign="top" colspan="3">
		<b><% out.print(message); %></b>
	</td>
</tr>

<tr>
	<td height="1" align="center" valign="top" colspan="3">
		<br>
	</td>
</tr>


	<td align="center" valign="top">
		<form action="index.jsp?page=account&action=passwd" method="post" style="margin: 0px;">
			<table width="240" cellpadding="5" cellspacing="0" style="border:1px solid #cccccc;">
				<tr>
					<th align="center" colspan="2">
						<b><font color="#ffffff">CHANGE ACCOUNT PASSWORD</font></b>
					</th>
				</tr>
				<tr>
					<td>Login Name:</td><td align="right"><input type="text" name="login" style="width: 100; text-align: center;"></td>
				</tr>
				<tr>
					<td>New Password:</td><td align="right"><input type="password" name="password_new" style="width: 100; text-align: center;"></td>
				</tr>
				<tr>
					<td align="center" colspan="2"><input type="image" name="submit" src="../../include/btn_change.jpg" style="border: 0px;"></td>
				</tr>
			</table>
		</form>
	</td>
</table>

[kombinho]

Please someone give me a script to change password: /

[Jacknife]

i love love love love love this force password plugin it helps me sooo much.

[NaMeLeS]

Please someone give me a script to change password: /

The one in the first page is a script for changing passwords!

If you mean one that requires the old password then look on the pwadmin accounts page!

And thanks dolke, most of the credit goes to ronny :P

[kombinho]

Damn I needed for my players to exchange, please someone give me a script to change password pro site?

[rbb138]

would be nice to have an option to change it back afterwards if needed.

e.g. save original password to a variable that then gets printed inside the input box with the text "change password back", obviously needing their login name inside the login name box also.

I already have a script that does this but one integrated into pwadmin would be much nicer.

Also- shouldn't be we adding sqli protection to addons? I mean i know you need the pwadmin password to use it, but it might still be a good idea.

[Ozuru]

A while back I remember the one add on you didn't even need to login to use. Yeah, protection needs to be added because about 90% of servers I know have an open pwAdmin...
Posted via Mobile Device

[343]

A while back I remember the one add on you didn't even need to login to use. Yeah, protection needs to be added because about 90% of servers I know have an open pwAdmin...
Posted via Mobile Device

That's not a good idea at all! That's why my release has pwAdmin separated so that it can be kept closed to the WAN

[rbb138]

yea nobody should have an open pwAdmin, even changing the port to 1337 like some *cough*i dunno who*cough* isn't secure.

[343]

yea nobody should have an open pwAdmin, even changing the port to 1337 like some *cough*i dunno who*cough* isn't secure.

:rofl:

However, how would it not be secure to utilize a port (any port) that you do not open to the WAN (as long as you have a hardware firewall between the WAN and your server)...

IE: Even if I am running a web server on port 80 but do not open (if anything explicitly block) port 80 on the WAN any inbound traffic to 80 will be denied, even though there is a 'server' running there.

[Ozuru]

yea nobody should have an open pwAdmin, even changing the port to 1337 like some *cough*i dunno who*cough* isn't secure.

>.> lolol

[coolgirlpwns]

can somebody reupload this please.

[343]

can somebody reupload this please.

Are you blind, can you read?

http://forum.ragezone.com/f452/pwadm...7/#post6808868

Not only do I have index.jsp listed IN the post it's also available to DL there too

[Ozuru]

343, GET ON TEAMSPEAK! She has been banned!

[TheBow]

can somebody reupload this please.

this is frc psswd ,, but not addon pwAdmin..
ForcePsswd.rar

[coolgirlpwns]

this is frc psswd ,, but not addon pwAdmin..
ForcePsswd.rar

ok thanks :)

[blabla123]

After creating a new folder in /addons and adding 343's modified plugin, i get the following error:
__________________________________________

HTTP ERROR 500

Problem accessing /pw/addons/ForcePassword/. Reason:

PWC6033: Unable to compile class for JSP

PWC6197: An error occurred at line: 30 in the jsp file: /addons/Force Password/index.jsp
PWC6199: Generated servlet error:
Duplicate local variable login

Caused by:

org.apache.jasper.JasperException: PWC6033: Unable to compile class for JSP

PWC6197: An error occurred at line: 30 in the jsp file: /addons/Force Password/index.jsp
PWC6199: Generated servlet error:
Duplicate local variable login


at org.apache.jasper.compiler.DefaultErrorHandler.javacError(DefaultErrorHandler.java:123)
at org.apache.jasper.compiler.ErrorDispatcher.javacError(ErrorDispatcher.java:296)
at org.apache.jasper.compiler.Compiler.generateClass(Compiler.java:376)
at org.apache.jasper.compiler.Compiler.compile(Compiler.java:437)
at org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:608)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:360)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:486)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:380)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:538)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:478)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:119)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:517)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:225)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:937)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:406)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:183)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:871)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)
at org.eclipse.jetty.server.Dispatcher.forward(Dispatcher.java:284)
at org.eclipse.jetty.server.Dispatcher.forward(Dispatcher.java:115)
at org.eclipse.jetty.servlet.DefaultServlet.doGet(DefaultServlet.java:552)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:538)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:478)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:119)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:480)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:225)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:937)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:406)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:183)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:871)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:247)
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:149)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:110)
at org.eclipse.jetty.server.Server.handle(Server.java:346)
at org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:589)
at org.eclipse.jetty.server.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:1048)
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:601)
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:214)
at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:411)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:535)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:40)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:529)
at java.lang.Thread.run(Thread.java:679)

________________________________

Does anyone have an idea how to fix this?


Thx in advance!

[[D@nte]]

OMG WTF...

When will ppl finally learn to read those fucking error messages?!

PWC6197: An error occurred at line: 30 in the jsp file: /addons/Force Password/index.jsp
PWC6199: Generated servlet error:
Duplicate local variable login