SF.net SVN: postfixadmin:[648] trunk
Brought to you by:
christian_boltz,
gingerdog
From: <chr...@us...> - 2009-05-02 20:25:01
|
Revision: 648 http://postfixadmin.svn.sourceforge.net/postfixadmin/?rev=648&view=rev Author: christian_boltz Date: 2009-05-02 20:24:58 +0000 (Sat, 02 May 2009) Log Message: ----------- setup.php: - added form to create setup password hash. It will be displayed if a) no setup password is defined yet b) the "lost password" link was clicked - moved checks for empty and too short passwort into check_setup_password() - added an optional $lostpw_mode parameter to check_setup_password() which causes slightly different behaviour (enforces generation of new hash, even if the password would match) - changed check_password_setup() return value to array($error, $message) - moved displaying $tMessage above the form - it is more useful there. - removed "see config.inc.php" notice from password field in "create superadmin" form - this hint doesn't help much with the hashed password ;-) - TODO: The if statements to decide which form to display is quite difficult (and will become unreadable in case we need another form ;-) We should think about a better way to select the form to display... (maybe flash_error / flash_info + redirect?) upgrade.php: - added missing <p> tag Modified Paths: -------------- trunk/setup.php trunk/upgrade.php Modified: trunk/setup.php =================================================================== --- trunk/setup.php 2009-04-30 12:00:26 UTC (rev 647) +++ trunk/setup.php 2009-05-02 20:24:58 UTC (rev 648) @@ -302,24 +302,28 @@ $pAdminCreate_admin_password_text = ""; $tUsername = ''; $tMessage = ''; + $lostpw_error = 0; + $setuppw = ""; + if (isset($CONF['setup_password'])) $setuppw = $CONF['setup_password']; - if ($_SERVER['REQUEST_METHOD'] == "POST") - { - # ensure setup password is correct - if (safepost('setup_password') == "" ) { - $error += 1; - $tMessage = "Setup password must be specified<br />If you didn't set up a setup password yet, enter the password you want to use."; - } elseif (strlen(safepost('setup_password')) < $CONF['min_password_length']) { - $error += 1; - $tMessage = "The setup password you entered is too short. Please choose a better one."; + if (safepost("form") == "setuppw") { + # "setup password" form submitted + if (safepost('setup_password') != safepost('setup_password2')) { + $tMessage = "The two passwords differ!"; + $lostpw_error = 1; } else { - $pw_check_result = check_setup_password(safepost('setup_password')); - if ($pw_check_result != 'pass_OK') { - $error += 1; - $tMessage = $pw_check_result; - } + list ($lostpw_error, $lostpw_result) = check_setup_password(safepost('setup_password'), 1); + $tMessage = $lostpw_result; + $setuppw = "changed"; } + } elseif (safepost("form") == "createadmin") { + # "create admin" form submitted + list ($pw_check_error, $pw_check_result) = check_setup_password(safepost('setup_password')); + if ($pw_check_result != 'pass_OK') { + $error += 1; + $tMessage = $pw_check_result; + } if($error == 0 && $pw_check_result == 'pass_OK') { if (isset ($_POST['fUsername'])) $fUsername = escape_string ($_POST['fUsername']); @@ -338,21 +342,52 @@ if (isset ($_POST['fUsername'])) $tUsername = escape_string ($_POST['fUsername']); } } - } + } - if ($_SERVER['REQUEST_METHOD'] == "GET" || $error != 0) - { -?> + if ( ($setuppw == "" || $setuppw == "changeme" || safeget("lostpw") == 1 || $lostpw_error != 0) /* && $_SERVER['REQUEST_METHOD'] != "POST" */ ) { +# show "create setup password" form + ?> +<div class="standout"><?php print $tMessage; ?></div> <div id="edit_form"> +<form name="setuppw" method="post" action="setup.php"> +<input type="hidden" name="form" value="setuppw" /> +<table> + <td colspan="3"><h3>Change setup password</h3></td> + </tr> + <tr> + <td>Setup password</td> + <td><input class="flat" type="password" name="setup_password" value="" /></td> + <td></td> + </tr> + <tr> + <td>Setup password (again)</td> + <td><input class="flat" type="password" name="setup_password2" value="" /></td> + <td></td> + </tr> + <tr> + <td colspan="3" class="hlp_center"><input class="button" type="submit" name="submit" value="Generate password hash" /></td> + </tr> +</table> +</form> +</div> + +<?php + + } elseif ($_SERVER['REQUEST_METHOD'] == "GET" || $error != 0 || $lostpw_error == 0) { + ?> + +<div class="standout"><?php print $tMessage; ?></div> +<div id="edit_form"> <form name="create_admin" method="post"> +<input type="hidden" name="form" value="createadmin" /> <table> <td colspan="3"><h3>Create superadmin account</h3></td> </tr> <tr> - <td>Setup password (see config.inc.php)</td> + <td>Setup password</td> <td><input class="flat" type="password" name="setup_password" value="" /></td> - <td></td> + <td><a href="setup.php?lostpw=1">Lost password?</a></td> </tr> <tr> <td><?php print $PALANG['pAdminCreate_admin_username'] . ":"; ?></td> @@ -372,9 +407,6 @@ <tr> <td colspan="3" class="hlp_center"><input class="button" type="submit" name="submit" value="<?php print $PALANG['pAdminCreate_admin_button']; ?>" /></td> </tr> - <tr> - <td colspan="3" class="standout"><?php print $tMessage; ?></td> - </tr> </table> </form> </div> @@ -401,22 +433,42 @@ return $salt . ':' . sha1($salt . ':' . $password); } -function check_setup_password($password) { + +/* + returns: array( + 'error' => 0 (or 1), + 'message => text + ) +*/ +function check_setup_password($password, $lostpw_mode = 0) { global $CONF; + $error = 1; # be pessimistic + $setuppw = ""; if (isset($CONF['setup_password'])) $setuppw = $CONF['setup_password']; list($confsalt, $confpass, $trash) = explode(':', $setuppw . '::'); $pass = encrypt_setup_password($password, $confsalt); - if ($pass == $setuppw) { # correct passsword + + if ($password == "" ) { # no password specified? + $result = "Setup password must be specified<br />If you didn't set up a setup password yet, enter the password you want to use."; + } elseif (strlen($password) < $CONF['min_password_length']) { # password too short? + $result = "The setup password you entered is too short. Please choose a better one."; + } elseif ($pass == $setuppw && $lostpw_mode == 0) { # correct passsword (and not asking for a new password) $result = "pass_OK"; + $error = 0; } else { $pass = encrypt_setup_password($password, generate_setup_password_salt()); - $result = '<p><b>Setup password not specified correctly</b></p>'; + $result = ""; + if ($lostpw_mode == 1) { + $error = 0; # non-matching password is expected when the user asks for a new password + } else { + $result = '<p><b>Setup password not specified correctly</b></p>'; + } $result .= '<p>If you want to use the password you entered as setup password, edit config.inc.php and set</p>'; $result .= "<pre>\$CONF['setup_password'] = '$pass';</pre>"; } - return $result; + return array ($error, $result); } /* vim: set expandtab softtabstop=4 tabstop=4 shiftwidth=4: */ Modified: trunk/upgrade.php =================================================================== --- trunk/upgrade.php 2009-04-30 12:00:26 UTC (rev 647) +++ trunk/upgrade.php 2009-05-02 20:24:58 UTC (rev 648) @@ -109,8 +109,8 @@ $target_version = preg_replace('/[^0-9]/', '', '$Revision$'); if ($current_version >= $target_version) { -# already up to date - echo "Database is up to date"; + # already up to date + echo "<p>Database is up to date</p>"; return true; } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |