SF.net SVN: postfixadmin:[648] trunk
Brought to you by:
christian_boltz,
gingerdog
Menu
▾
▴
SF.net SVN: postfixadmin:[648] trunk
|
From: <chr...@us...> - 2009-05-02 20:25:01
|
Revision: 648
http://postfixadmin.svn.sourceforge.net/postfixadmin/?rev=648&view=rev
Author: christian_boltz
Date: 2009-05-02 20:24:58 +0000 (Sat, 02 May 2009)
Log Message:
-----------
setup.php:
- added form to create setup password hash. It will be displayed if
a) no setup password is defined yet
b) the "lost password" link was clicked
- moved checks for empty and too short passwort into check_setup_password()
- added an optional $lostpw_mode parameter to check_setup_password() which
causes slightly different behaviour (enforces generation of new hash, even
if the password would match)
- changed check_password_setup() return value to array($error, $message)
- moved displaying $tMessage above the form - it is more useful there.
- removed "see config.inc.php" notice from password field in "create superadmin"
form - this hint doesn't help much with the hashed password ;-)
- TODO: The if statements to decide which form to display is quite difficult
(and will become unreadable in case we need another form ;-)
We should think about a better way to select the form to display...
(maybe flash_error / flash_info + redirect?)
upgrade.php:
- added missing <p> tag
Modified Paths:
--------------
trunk/setup.php
trunk/upgrade.php
Modified: trunk/setup.php
===================================================================
--- trunk/setup.php 2009-04-30 12:00:26 UTC (rev 647)
+++ trunk/setup.php 2009-05-02 20:24:58 UTC (rev 648)
@@ -302,24 +302,28 @@
$pAdminCreate_admin_password_text = "";
$tUsername = '';
$tMessage = '';
+ $lostpw_error = 0;
+ $setuppw = "";
+ if (isset($CONF['setup_password'])) $setuppw = $CONF['setup_password'];
- if ($_SERVER['REQUEST_METHOD'] == "POST")
- {
- # ensure setup password is correct
- if (safepost('setup_password') == "" ) {
- $error += 1;
- $tMessage = "Setup password must be specified<br />If you didn't set up a setup password yet, enter the password you want to use.";
- } elseif (strlen(safepost('setup_password')) < $CONF['min_password_length']) {
- $error += 1;
- $tMessage = "The setup password you entered is too short. Please choose a better one.";
+ if (safepost("form") == "setuppw") {
+ # "setup password" form submitted
+ if (safepost('setup_password') != safepost('setup_password2')) {
+ $tMessage = "The two passwords differ!";
+ $lostpw_error = 1;
} else {
- $pw_check_result = check_setup_password(safepost('setup_password'));
- if ($pw_check_result != 'pass_OK') {
- $error += 1;
- $tMessage = $pw_check_result;
- }
+ list ($lostpw_error, $lostpw_result) = check_setup_password(safepost('setup_password'), 1);
+ $tMessage = $lostpw_result;
+ $setuppw = "changed";
}
+ } elseif (safepost("form") == "createadmin") {
+ # "create admin" form submitted
+ list ($pw_check_error, $pw_check_result) = check_setup_password(safepost('setup_password'));
+ if ($pw_check_result != 'pass_OK') {
+ $error += 1;
+ $tMessage = $pw_check_result;
+ }
if($error == 0 && $pw_check_result == 'pass_OK') {
if (isset ($_POST['fUsername'])) $fUsername = escape_string ($_POST['fUsername']);
@@ -338,21 +342,52 @@
if (isset ($_POST['fUsername'])) $tUsername = escape_string ($_POST['fUsername']);
}
}
- }
+ }
- if ($_SERVER['REQUEST_METHOD'] == "GET" || $error != 0)
- {
-?>
+ if ( ($setuppw == "" || $setuppw == "changeme" || safeget("lostpw") == 1 || $lostpw_error != 0) /* && $_SERVER['REQUEST_METHOD'] != "POST" */ ) {
+# show "create setup password" form
+ ?>
+<div class="standout"><?php print $tMessage; ?></div>
<div id="edit_form">
+<form name="setuppw" method="post" action="setup.php">
+<input type="hidden" name="form" value="setuppw" />
+<table>
+ <td colspan="3"><h3>Change setup password</h3></td>
+ </tr>
+ <tr>
+ <td>Setup password</td>
+ <td><input class="flat" type="password" name="setup_password" value="" /></td>
+ <td></td>
+ </tr>
+ <tr>
+ <td>Setup password (again)</td>
+ <td><input class="flat" type="password" name="setup_password2" value="" /></td>
+ <td></td>
+ </tr>
+ <tr>
+ <td colspan="3" class="hlp_center"><input class="button" type="submit" name="submit" value="Generate password hash" /></td>
+ </tr>
+</table>
+</form>
+</div>
+
+<?php
+
+ } elseif ($_SERVER['REQUEST_METHOD'] == "GET" || $error != 0 || $lostpw_error == 0) {
+ ?>
+
+<div class="standout"><?php print $tMessage; ?></div>
+<div id="edit_form">
<form name="create_admin" method="post">
+<input type="hidden" name="form" value="createadmin" />
<table>
<td colspan="3"><h3>Create superadmin account</h3></td>
</tr>
<tr>
- <td>Setup password (see config.inc.php)</td>
+ <td>Setup password</td>
<td><input class="flat" type="password" name="setup_password" value="" /></td>
- <td></td>
+ <td><a href="setup.php?lostpw=1">Lost password?</a></td>
</tr>
<tr>
<td><?php print $PALANG['pAdminCreate_admin_username'] . ":"; ?></td>
@@ -372,9 +407,6 @@
<tr>
<td colspan="3" class="hlp_center"><input class="button" type="submit" name="submit" value="<?php print $PALANG['pAdminCreate_admin_button']; ?>" /></td>
</tr>
- <tr>
- <td colspan="3" class="standout"><?php print $tMessage; ?></td>
- </tr>
</table>
</form>
</div>
@@ -401,22 +433,42 @@
return $salt . ':' . sha1($salt . ':' . $password);
}
-function check_setup_password($password) {
+
+/*
+ returns: array(
+ 'error' => 0 (or 1),
+ 'message => text
+ )
+*/
+function check_setup_password($password, $lostpw_mode = 0) {
global $CONF;
+ $error = 1; # be pessimistic
+
$setuppw = "";
if (isset($CONF['setup_password'])) $setuppw = $CONF['setup_password'];
list($confsalt, $confpass, $trash) = explode(':', $setuppw . '::');
$pass = encrypt_setup_password($password, $confsalt);
- if ($pass == $setuppw) { # correct passsword
+
+ if ($password == "" ) { # no password specified?
+ $result = "Setup password must be specified<br />If you didn't set up a setup password yet, enter the password you want to use.";
+ } elseif (strlen($password) < $CONF['min_password_length']) { # password too short?
+ $result = "The setup password you entered is too short. Please choose a better one.";
+ } elseif ($pass == $setuppw && $lostpw_mode == 0) { # correct passsword (and not asking for a new password)
$result = "pass_OK";
+ $error = 0;
} else {
$pass = encrypt_setup_password($password, generate_setup_password_salt());
- $result = '<p><b>Setup password not specified correctly</b></p>';
+ $result = "";
+ if ($lostpw_mode == 1) {
+ $error = 0; # non-matching password is expected when the user asks for a new password
+ } else {
+ $result = '<p><b>Setup password not specified correctly</b></p>';
+ }
$result .= '<p>If you want to use the password you entered as setup password, edit config.inc.php and set</p>';
$result .= "<pre>\$CONF['setup_password'] = '$pass';</pre>";
}
- return $result;
+ return array ($error, $result);
}
/* vim: set expandtab softtabstop=4 tabstop=4 shiftwidth=4: */
Modified: trunk/upgrade.php
===================================================================
--- trunk/upgrade.php 2009-04-30 12:00:26 UTC (rev 647)
+++ trunk/upgrade.php 2009-05-02 20:24:58 UTC (rev 648)
@@ -109,8 +109,8 @@
$target_version = preg_replace('/[^0-9]/', '', '$Revision$');
if ($current_version >= $target_version) {
-# already up to date
- echo "Database is up to date";
+ # already up to date
+ echo "<p>Database is up to date</p>";
return true;
}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|