Last active
December 16, 2017 22:58
-
-
Save pauamma/16977a9d0114d1a5e3a6f7417423f22a to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/perl | |
| # | |
| # This code was forked from the LiveJournal project owned and operated | |
| # by Live Journal, Inc. The code has been modified and expanded by | |
| # Dreamwidth Studios, LLC. These files were originally licensed under | |
| # the terms of the license supplied by Live Journal, Inc, which can | |
| # currently be found at: | |
| # | |
| # http://code.livejournal.org/trac/livejournal/browser/trunk/LICENSE-LiveJournal.txt | |
| # | |
| # In accordance with the original license, this code and all its | |
| # modifications are provided under the GNU General Public License. | |
| # A copy of that license can be found in the LICENSE file included as | |
| # part of this distribution. | |
| use strict; | |
| BEGIN { | |
| require "$ENV{LJHOME}/cgi-bin/ljlib.pl"; | |
| } | |
| my $dbh = LJ::get_dbh("master"); | |
| print " | |
| This tool will create your $LJ::SITENAMESHORT 'system' account and | |
| set its password. Or, if you already have a system user, it'll change | |
| its password to whatever you specify. | |
| "; | |
| print "Enter (non-empty) password for the 'system' account: "; | |
| my $pass = <STDIN>; | |
| chomp $pass; | |
| while ($pass eq "") { | |
| print "Password was empty, try again: "; | |
| $pass = <STDIN>; | |
| chomp $pass; | |
| } | |
| print "\n"; | |
| print "Creating system account...\n"; | |
| my $u = LJ::User->create( user => 'system', | |
| name => 'System Account', | |
| password => $pass ); | |
| unless ( $u ) { | |
| print "Already exists.\nModifying 'system' account...\n"; | |
| my $id = LJ::get_userid("system"); | |
| $dbh->do("UPDATE password SET password=? WHERE userid=?", | |
| undef, $pass, $id); | |
| } | |
| $u ||= LJ::load_user( "system" ); | |
| unless ( $u ) { | |
| print "ERROR: can't find newly-created system account.\n"; | |
| exit 1; | |
| } | |
| print "Checking password for consistency using several methods...\n"; | |
| my $stored_password = $u->password; | |
| if ( $stored_password ne $pass ) { | |
| print "WARNING: inconsistency using ->password (expected=$pass, stored=$stored_password)\n"; | |
| } | |
| use LJ::Auth; | |
| my $chal = LJ::challenge_generate( ); | |
| my %cc_opts = ( dont_check_count => 1 ); # Make challenge_check idempotent | |
| print "WARNING: challenge_check returned 0 on fresh challenge (with valid=$cc_opts{valid} expired=$cc_opts{expired})\n" | |
| unless LJ::challenge_check( $chal, \%cc_opts ); | |
| my $banned = 2; # So we can see whether it was set at all | |
| my %ccl_opts = (); # Let challenge_check not be idempotent this time | |
| print "WARNING: challenge_check_login returned 0 (with banned=$banned valid=$ccl_opts{valid} expired=$ccl_opts{expired} count=$ccl_opts{count})\n" | |
| unless LJ::challenge_check_login( $u, $chal, Digest::MD5::md5_hex( $chal . Digest::MD5::md5_hex( $pass ) ), \$banned, \%ccl_opts ); | |
| print "Giving 'system' account 'admin' priv on all areas...\n"; | |
| if ( $u->has_priv( "admin", "*" ) ) { | |
| print "Already has it.\n"; | |
| } else { | |
| my $sth = $dbh->prepare("INSERT INTO priv_map (userid, prlid, arg) ". | |
| "SELECT $u->{'userid'}, prlid, '*' ". | |
| "FROM priv_list WHERE privcode='admin'"); | |
| $sth->execute; | |
| if ($dbh->err || $sth->rows == 0) { | |
| print "Couldn't grant system account admin privs\n"; | |
| exit 1; | |
| } | |
| } | |
| print "Done.\n\n"; | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment