password changing

somersetdan · May 16, 2012, 9:21am

Hi all
Im trying to learn the basics of bash and am struggling with some file manipulation. I am trying to run a script that once you have logged in allows you to change your password which is held (along with the corresponding username) in a different file called usernames. When i try to run my code the logon part runs fine, but the change of password is not stored:wall:. Any advice would be greatly appreciated.

Thanks

#!/bin/bash

# script to change a password
username ()

{
while :
do
echo "please enter a username"
read user
grep -iq "$user" usernames
a=$?
echo "please enter pin"
read pin
grep -i "^$user" usernames | grep -q "$pin$"
b=$?

if [ $a -eq 0 -a $b -eq 0 ]
then
echo "Welcome"
change1
break
else
echo "Please try again"
fi
done
}


change1 ()
{
echo "please enter a new password"
read npass

sed 's/$pin/$npass/' usernames
echo "here are your logon details"
sed -n '/^$user/p' usernames
return
}

username

The file I am using looks like this:

#!/bin/bash

Username        Password

John    123
Dan     345
Matt    678

---------- Post updated at 02:21 PM ---------- Previous update was at 01:29 PM ----------

Ok, is there anyway of using a sed command to change the contents of a file, as I have found that whilst my sed command changes the value on the command screen but not in the file. Is it possible to alter the value in the file?

bakunin · May 16, 2012, 11:34am

First off, i think you are reinventing the wheel. Have a look at the passwd command, which does what you want already in a much better way than you could ever dream of in some shell script.

This will never work, because inside single quotes variables are not becoming expanded. You are searching for a literal "$pin" instead of the contents of the variable "pin".

To write sed output to a file just redirect its output to it. If you want to overwrite your old file move the output over the input afterwards (reasons explained):

sed '<some operations>' /path/to/input > /path/to/output
mv /path/to/output /path/to/input

I hope this helps.

bakunin

Chubler_XL · May 16, 2012, 6:54pm

Here are a couple of thoughts:

This is very insecure and shouldn't be used to protect anything.

Use read -s npass to avoid echo of entered password, prompt twice and compare two values.

Don't seearch and replace on password in case two users have the same password.

If you have openssl installed you might want to encrypt the password after entry so it's a little safer from casual observation in your password file:

$ openssl passwd -salt Xx -crypt 1234
Xx7LFoJpR7vp.

Store the encrypted value and reencrypt any entered password to compare.

---------- Post updated at 08:54 AM ---------- Previous update was at 07:35 AM ----------

Something like this?

#!/bin/bash
# script to change a password
username() {
while :
do
   read -p "please enter a username: " user
   ln=$(grep "^$user" usernames)
   pass=${ln#* }
   salt=${pass:0:2}
   if [ "$(openssl passwd -salt ${salt:-XX} | sed 's/\r//')" = "$pass" ]
   then
      echo "Welcome $user"
      break
   else
      echo "Password incorrect - please retry"
      echo
   fi
done
}
change1 () {
    new=$(while ! openssl passwd ; do echo "try again
">&2; done)
    sed -i "s:^${user} .*:${user} ${new}:" usernames
}
username
change1