# send passwd command
send — “passwd $user\r”
expect “assword:” {
send “$password\r”
expect “assword:”
send “$password\r”
send “\r”
send “exit\r”
expect eof
} “Unknown user” {
send “\r”
send “exit\r”
expect eof
}
if expect doesnt find the password, it will change to the unknown user statement and exit… you can treat the log later.

another suggestion would be to not allowing the webserver to have root and instead, save the command to a file and use chron to execute it later. this file can be outside the scope of webserver and you can block root change, etc.

Thanks for this script. It worked for me on Solaris 10.

regards;
Ashish

That’s a nice little function but it looks like it only works for users who have shell access. For instance, it looks like it won’t work for users with /sbin/nologin as a shell, such as is typical for FTP users.

One note for CentOS/RHEL users is that ‘requiretty’ is enabled by default in the sudoers file. To get around this add:

Defaults:www-data !requiretty

before the “www-data ALL=NOPASSWD: /var/www/chpasswd” line. Obviously you’ll need substitute the name of the user that the webserver runs under if it isn’t www-data (in CentOS it seems to be ‘apache’ by default).

Thanks again!

any help ?

use command chown in the script!!!
and watch the error_log of httpd

thanks again

With such a system in place, the user can change there own password…. using presetup authentication.

any ideas?

I’ve worked on combining your changePassword function with the original script. Unfortunately this expect script does not gracefully handle the case of a nonexistent user. I get the user’s typed-in password printed (in clear) in my http error_log:

send: spawn id exp16 not open
while executing
“send “xxx\r”"

Note: you may need to modify the expect strings, depending on your systems password chat.

function changePassword($user, $currpwd, $newpwd) {
	// Open a handle to expect in write mode
	$p = popen('/usr/bin/expect','w');
	// Log conversation for verification
	$log = '/tmp/passwd_' . $user . '_' . time();
	$cmd .= "log_file -a \"$log\"; ";
	// Spawn a shell as $user
	$cmd .= "spawn /bin/su $user; ";
	$cmd .= "expect \"Password:\"; ";
	$cmd .= "send \"$currpwd\\r\"; ";
	$cmd .= "expect \"$user@\"; ";
	// Change the unix password
	$cmd .= "send \"/usr/bin/passwd\\r\"; ";
	$cmd .= "expect \"(current) UNIX password:\"; ";
	$cmd .= "send \"$currpwd\\r\"; ";
	$cmd .= "expect \"Enter new UNIX password:\"; ";
	$cmd .= "send \"$newpwd\\r\"; ";
	$cmd .= "expect \"Retype new UNIX password:\"; ";
	$cmd .= "send \"$newpwd\\r\"; ";
	$cmd .= "expect \"passwd: password updated successfully\"; ";
	// Commit the command to expect & close
	fwrite($p, $cmd); pclose ($p);
	// Read & delete the log
	$fp = fopen($log,r);
	$output = fread($fp, 2048);
	fclose($fp); unlink($log);
	$output = explode("\n",$output);
	return (trim($output[count($output)-2]) == 'passwd: password updated successfully') ? true : false;
}

whn i use sh chpassword test test123 its working.

And I try to open the PHP file.
After I input username and password that also display error message.

=========
Password change failed
System returned following information…..:

Array
(
)

Please contact tech-support for more info! Or try

=========
in my /var/log/messages error shown as

authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=apache

What can I do to resolve this problem?

I try run below on my sytem
[root@localhost Code]# sh chpasswd admin mvc123
spawn passwd admin
Changing password for user admin.
New UNIX password: mvc123

Retype new UNIX password: mvc123

[root@localhost Code]#

That finish I think it ok
I try to login by name = admin and newpass
login not ok but old password still work
I don’ know why?

my system ES3