PHP/Powershell AD PW Changer Form

1. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
2. <html>
3. <head>
4. <title>Pw Changer</title>
5. <link rel="stylesheet" href="style.css">
6. </head>
7. <body>
8. <?php
9. $_SERVER['logdate'] = date('Dd_M_Y');
10. $psScriptPath = "..\..\..\Bin\Auth\adpwauth2014.ps1";// Path to the PowerShell script.
11. $logfile = './Logging/pwreset_'.$_SERVER['logdate'].'.txt';
12. $rand = mt_rand();
13.  
14. if(!empty($_SESSION["successstate"])){//Achievement Get: PW Changer
15.     echo '<div class="successstate">'. $_SESSION["successstate"] .'</div>';
16.     unset($_SESSION["successstate"]);
17.     exit(header('refresh:5; ../'));
18.     }
19.  
20. if(!isset($_POST["submit"])){// if there was no submit variable passed to the script (i.e. user has visited the page without clicking submit), display the form:
21.     if(!empty($_SESSION["errorstate"])){echo '<div class="errorstate">' . $_SESSION["errorstate"] . '</div><br /><br />';}
22.     echo '<form name="testForm" class="formbox" id="testForm" action="pwreset.php" method="post" />
23.     Username: <input type="text" name="username" id="username"/><br />
24.     Old Password: <input type="password" name="old_password"><br />
25.     New Password: <input type="password" name="new_password"><br />
26.     Confirm New Password: <input type="password" name="confirm"><br />
27.     <input type="submit" name="submit" id="submit" value="submit" />
28.     </form>';
29.     unset($_SESSION["errorstate"]);
30.  
31. }elseif(!empty($_POST["username"]) && !empty($_POST["old_password"]) && !empty($_POST["new_password"]) && !empty($_POST["confirm"])){
32.     $_SESSION['errorstate'] = '';
33.    
34.     //Check for matching Old and New Passwords
35.     if($_POST["new_password"] != $_POST["confirm"]){$_SESSION['errorstate'] .= 'New Password and Confirm do not match</br>';}
36.  
37.     //UTF-8 Standard only
38.     $username = utf8_decode($_POST["username"]);
39.     $old_password = utf8_decode($_POST["old_password"]);
40.     $new_password = utf8_decode($_POST["new_password"]);
41.     $confirm = utf8_decode($_POST["confirm"]);
42.  
43.     //Length Check equal or greater then
44.     if(strlen($new_password) <= 8){$_SESSION['errorstate'] .= 'Eight or more charictors needed</br>';}
45.  
46.     //New Password Matches username or old password
47.     if(strpos($new_password,$old_password) !== false){$_SESSION['errorstate'] .= 'Can not contain your old password</br>';}
48.     if(strpos($new_password, $username) !== false){$_SESSION['errorstate'] .= 'Can not contain your Username</br>';}
49.  
50.     /*
51.     Ignore this code block as it is for reference for something else
52.     //$operator = array('\\','#','+','<','>',';','\"','=',',',' ');//Operators that need to be escaped with
53.     //$replace = array('\\\\','\\#','\\+','\\<','\\>','\\;','\\"','\\=','\,','');//replacement
54.     //$username = str_replace ($operator, $replace, $username);
55.     //$new_password = str_replace ($operator, $replace, $new_password);
56.     //$old_password = str_replace ($operator, $replace, $old_password);
57.     */
58.  
59.     $check_upper = 0;
60.     $check_lower = 0;
61.     $check_digit = 0;
62.     $check_punct = 0;
63.  
64.     foreach(count_chars($new_password, 1) as $key => $value){//Strength Test Results can be derived from $value
65.         if(!ctype_upper(chr($key))){$check_upper=1;}//if Upper-case
66.         if(!ctype_lower(chr($key))){$check_lower=1;}//if Lower-case
67.         if(!ctype_digit(chr($key))){$check_digit=1;}//if Numeric
68.         if(!ctype_punct(chr($key))){$check_punct=1;}//if Symbol
69.         if($check_upper + $check_lower + $check_digit + $check_punct>= 3){break;}//Save us from checking the entire string
70.         }
71.  
72.     if($check_upper + $check_lower + $check_digit + $check_punct<= 2){
73.         $_SESSION['errorstate'] .= 'Password needs to contain at least 3 of the following criteria: Upper-case, Lower-case, Numeric and/or Symbol</br>';
74.         }
75.        
76.     //EXIT if error state is set. Do not pass go, do not collect $200.
77.     if(!empty($_SESSION['errorstate'])){exit(header('Location: ./pwreset.php'));}
78.  
79.     $base64_username = base64_encode($username); //Transport Layer Base64
80.     $base64_new_password = base64_encode($new_password); //Transport Layer Base64
81.     $base64_old_password = base64_encode($old_password); //Transport Layer Base64
82.  
83.     //The danger happens here as it is sent to powershell.
84.     $query = shell_exec('powershell.exe -ExecutionPolicy ByPass -command "' . $psScriptPath . '" < NUL  -rand "' . $rand . '" < NUL -base64_username "' . $base64_username . '" < NUL -base64_oldpassword "' . $base64_old_password . '" < NUL -base64_newpassword "' . $base64_new_password . '" < NUL');// Execute the PowerShell script, passing the parameters
85.  
86.     //Log Result and exit with status
87.     $logstr = "=================================================================\r\n";
88.     if(stristr($query, 'Success:'.$rand) !== false){$logstr .= '            ' . $_SERVER['date_'] . " - Success \r\n";}elseif(stristr($query, 'Failed:'.$rand) !== false){$logstr .= '          ' . $_SERVER['date_'] . " - Failed \r\n";}else{$logstr .= '         ' . $_SERVER['date_'] . " - Warning Error \r\n";}
89.     $logstr .= "=================================================================\r\n";
90.     $logstr .= $_SERVER['REQUEST_TIME_FLOAT'] . "\r\n";
91.     $logstr .= $_SERVER['REMOTE_ADDR'] . ' - ' . $username .": Attempted Password Change result \r\n";
92.     $logstr .= 'powershell.exe -ExecutionPolicy ByPass -command "' . $psScriptPath . '" < NUL  -rand "' . $rand . '" < NUL -base64_username "' . $base64_username . '" < NUL -base64_oldpassword "' . $base64_old_password . '" < NUL -base64_newpassword "' . $base64_new_password . '" < NUL '."\r\n";
93.     $logstr .= $query;
94.     file_put_contents($logfile, $logstr, FILE_APPEND | LOCK_EX);
95.    
96.     //This was a triumph
97.     if(stristr($query, 'Success:'.$rand) !== false){
98.     $_SESSION['successstate'] = '</br>Success: Password was changed</br>';
99.     exit(header('Location: ./pwreset.php'));
100.    
101.     //Failed password change
102.     }elseif(stristr($query, 'Failed:'.$rand) !== false){
103.     $_SESSION['errorstate'] = '</br>Failed: Password was not changed</br>';
104.     exit(header('Location: ./pwreset.php'));
105.    
106.     //someone broke something not that we tell them but we log the entry
107.     }else{
108.     $logstr .= 'Username: ' . $username . "\r\n Old Password: " . $old_password . "\r\n New Password: " . $new_password;
109.     $_SESSION['errorstate'] = '</br>Failed: Password was not changed</br>';
110.    
111.     //You could go one step further and ban IP for X time // you could also send an email to yourself
112.     $headers = "From: webmaster@domain.com \r\n" .
113.     "Reply-To: no-reply@domain.com \r\n" .
114.     "X-Mailer: PHP/" . phpversion();
115.     mail('bshea@riseupaustraliaparty.com', 'PHP/Powershell AD - Error Warning', $logstr, $headers);
116.     exit(header('Location: ./pwreset.php'));
117.     }
118.        
119. }else{// Else the user hit submit without all required fields being filled out:
120.     $_SESSION['errorstate'] = 'Please Complete all fields</br>';
121.     exit(header('Location: ./pwreset.php'));
122.     }
123. ?>