From: ivan <ivan>
Date: Wed, 14 Apr 1999 11:27:06 +0000 (+0000)
Subject: showpasswords config option to show passwords
X-Git-Tag: freeside_1_2_2~71
X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=commitdiff_plain;h=6c44581c70239fcf331b072bbfb4b2e08ef04166

showpasswords config option to show passwords
---

diff --git a/TODO b/TODO
index f6eaf5ed1..114e010ae 100644
--- a/TODO
+++ b/TODO
@@ -1,4 +1,4 @@
-$Id: TODO,v 1.28 1999-04-14 08:58:59 ivan Exp $
+$Id: TODO,v 1.29 1999-04-14 11:27:06 ivan Exp $
 
 If you are interested in helping with any of these, please join the mailing
 list (send a blank message to ivan-freeside-subscribe@sisd.com) to avoid 
@@ -15,8 +15,6 @@ default (and ordering) state/county/country config file
 
 [Mon Apr 12 20:31:21 1999] [error] [Mon Apr 12 20:31:21 1999] null: Error closing true: Broken pipe at /usr/local/lib/site_perl/FS/cust_main.pm line 615.
 
-configuration option to show passwords
-
 javascript (yuck!) "are you sure?" confirmation on cancelations, etc.
 (view/cust_pkg and view/svc_*)
 
diff --git a/htdocs/docs/config.html b/htdocs/docs/config.html
index 1a30b525e..6937f48b0 100644
--- a/htdocs/docs/config.html
+++ b/htdocs/docs/config.html
@@ -48,6 +48,7 @@ All further configuration files and directories are located in
   <li>shellmachine - A single machine with user home directories mounted.  This enables home directory creation, renaming and archiving/deletion.  In conjunction with `qmailmachines', it also enables `.qmail-extension' file maintenance.
   <li>shellmachines - Your Linux and System V flavored shell (and mail) machines, one per line.  This enables export of `/etc/passwd' and `/etc/shadow' files.
   <li>shells - Legal shells (think /etc/shells).  You probably want to `cut -d: -f7 /etc/passwd | sort | uniq' initially so that importing doesn't fail with `Illegal shell' errors, then remove any special entries afterwords.  A blank line specifies that an empty shell is permitted.
+  <li>showpasswords - The existance of this file will allow unencrypted user passwords to be displayed.
   <li>smtpmachine - SMTP relay for Freeside's outgoing mail.
 </ul>
 </body>
diff --git a/htdocs/edit/svc_acct.cgi b/htdocs/edit/svc_acct.cgi
index a8c4cfb39..963bc1edf 100755
--- a/htdocs/edit/svc_acct.cgi
+++ b/htdocs/edit/svc_acct.cgi
@@ -1,6 +1,6 @@
 #!/usr/bin/perl -Tw
 #
-# $Id: svc_acct.cgi,v 1.9 1999-02-28 00:03:37 ivan Exp $
+# $Id: svc_acct.cgi,v 1.10 1999-04-14 11:27:06 ivan Exp $
 #
 # Usage: svc_acct.cgi {svcnum} | pkgnum{pkgnum}-svcpart{svcpart}
 #        http://server.name/path/svc_acct.cgi? {svcnum} | pkgnum{pkgnum}-svcpart{svcpart}
@@ -16,7 +16,10 @@
 # use conf/shells and dbdef username length ivan@sisd.com 98-jul-13
 #
 # $Log: svc_acct.cgi,v $
-# Revision 1.9  1999-02-28 00:03:37  ivan
+# Revision 1.10  1999-04-14 11:27:06  ivan
+# showpasswords config option to show passwords
+#
+# Revision 1.9  1999/02/28 00:03:37  ivan
 # removed misleading comments
 #
 # Revision 1.8  1999/02/23 08:09:22  ivan
@@ -121,10 +124,16 @@ $svc = $part_svc->getfield('svc');
 
 $otaker = getotaker;
 
-($username,$password)=(
-  $svc_acct->username,
-  $svc_acct->_password ? "*HIDDEN*" : '',
-);
+$username = $svc_acct->username;
+if ( $svc_acct->_password ) {
+  if ( $conf->exists('showpasswords') ) {
+    $password = $svc_acct->_password;
+  } else {
+    $password = "*HIDDEN*";
+  }
+} else {
+  $password = '';
+}
 
 $ulen = $svc_acct->dbdef_table->column('username')->length;
 $ulen2 = $ulen+2;
@@ -208,7 +217,7 @@ if ( $part_svc->svc_acct__slipip_flag eq "F" ) {
 }
 
 #submit
-print qq!<P><CENTER><INPUT TYPE="submit" VALUE="Submit"></CENTER>!; 
+print qq!<P><INPUT TYPE="submit" VALUE="Submit">!; 
 
 print <<END;
     </FORM>
diff --git a/htdocs/view/svc_acct.cgi b/htdocs/view/svc_acct.cgi
index a191c25dd..e203c7ec0 100755
--- a/htdocs/view/svc_acct.cgi
+++ b/htdocs/view/svc_acct.cgi
@@ -1,6 +1,6 @@
 #!/usr/bin/perl -Tw
 #
-# $Id: svc_acct.cgi,v 1.9 1999-04-08 12:00:19 ivan Exp $
+# $Id: svc_acct.cgi,v 1.10 1999-04-14 11:27:06 ivan Exp $
 #
 # Usage: svc_acct.cgi svcnum
 #        http://server.name/path/svc_acct.cgi?svcnum
@@ -33,7 +33,10 @@
 # displays arbitrary radius attributes ivan@sisd.com 98-aug-16
 #
 # $Log: svc_acct.cgi,v $
-# Revision 1.9  1999-04-08 12:00:19  ivan
+# Revision 1.10  1999-04-14 11:27:06  ivan
+# showpasswords config option to show passwords
+#
+# Revision 1.9  1999/04/08 12:00:19  ivan
 # aesthetic update
 #
 # Revision 1.8  1999/02/28 00:04:02  ivan
@@ -62,7 +65,7 @@
 
 use strict;
 use vars qw( $conf $cgi $mydomain $query $svcnum $svc_acct $cust_svc $pkgnum
-             $cust_pkg $custnum $part_svc $p $svc_acct_pop );
+             $cust_pkg $custnum $part_svc $p $svc_acct_pop $password );
 use CGI;
 use CGI::Carp qw( fatalsToBrowser );
 use FS::UID qw( cgisuidsetup );
@@ -119,11 +122,19 @@ print qq!<A HREF="${p}edit/svc_acct.cgi?$svcnum">Edit this information</A>!,
       "<BR>Service: <B>", $part_svc->svc, "</B>",
       "<BR><BR>Username: <B>", $svc_acct->username, "</B>"
 ;
-if (substr($svc_acct->_password,0,1) eq "*") {
-  print "<BR>Password: <I>(Login disabled)</I>";
+
+print "<BR>Password: ";
+$password = $svc_acct->_password;
+if ( $password =~ /^\*\w+\* (.*)$/ ) {
+  $password = $1;
+  print "<I>(login disabled)</I> ";
+}
+if ( $conf->exists('showpasswords') ) {
+  print "<B>$password</B>";
 } else {
-  print "<BR>Password: <I>(hidden)</I>";
+  print "<I>(hidden)</I>";
 }
+$password = '';
 
 $svc_acct_pop = qsearchs('svc_acct_pop',{'popnum'=>$svc_acct->popnum});
 print "<BR>POP: <B>", $svc_acct_pop->city, ", ", $svc_acct_pop->state,