Thread: SF.net SVN: postfixadmin:[601] trunk/users/password.php
Brought to you by:
christian_boltz,
gingerdog
From: <Gin...@us...> - 2009-03-24 16:18:10
|
Revision: 601 http://postfixadmin.svn.sourceforge.net/postfixadmin/?rev=601&view=rev Author: GingerDog Date: 2009-03-24 16:18:03 +0000 (Tue, 24 Mar 2009) Log Message: ----------- password.php: fix use of UserHandler... - see http://pastebin.com/m159f0726 Modified Paths: -------------- trunk/users/password.php Modified: trunk/users/password.php =================================================================== --- trunk/users/password.php 2009-03-23 15:31:06 UTC (rev 600) +++ trunk/users/password.php 2009-03-24 16:18:03 UTC (rev 601) @@ -49,8 +49,7 @@ } $username = $USERID_USERNAME; - $uh = new UserHandler(); - if(!$uh->login($username, $fPassword_current)) { + if(UserHandler::login($username, $fPassword_current)) { $error += 1; $pPassword_password_current_text = $PALANG['pPassword_password_current_text_error']; } @@ -62,7 +61,8 @@ if ($error != 1) { - if($uh->change_pass($username, $fPassword_current, $fPassword)) { + $uh = new UserHandleR($username); + if($uh->change_pass($fPassword_current, $fPassword)) { flash_info($PALANG['pPassword_result_success']); header("Location: main.php"); exit(0); This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <Gin...@us...> - 2009-03-25 14:51:29
|
Revision: 602 http://postfixadmin.svn.sourceforge.net/postfixadmin/?rev=602&view=rev Author: GingerDog Date: 2009-03-25 14:51:12 +0000 (Wed, 25 Mar 2009) Log Message: ----------- users/password.php: no need to escape strings - should be in the model layer - fix broken auth check Modified Paths: -------------- trunk/users/password.php Modified: trunk/users/password.php =================================================================== --- trunk/users/password.php 2009-03-24 16:18:03 UTC (rev 601) +++ trunk/users/password.php 2009-03-25 14:51:12 UTC (rev 602) @@ -30,7 +30,7 @@ require_once('../common.php'); authentication_require_role('user'); -$USERID_USERNAME = authentication_get_username(); +$username = authentication_get_username(); if ($_SERVER['REQUEST_METHOD'] == "POST") { @@ -39,17 +39,15 @@ exit(0); } - $fPassword_current = escape_string ($_POST['fPassword_current']); - $fPassword = escape_string ($_POST['fPassword']); - $fPassword2 = escape_string ($_POST['fPassword2']); + $fPassword_current = $_POST['fPassword_current']; + $fPassword = $_POST['fPassword']; + $fPassword2 = $_POST['fPassword2']; if(strlen($fPassword) < $CONF['min_password_length']) { $error = 1; flash_error(sprintf($PALANG['pPasswordTooShort'], $CONF['min_password_length'])); } - $username = $USERID_USERNAME; - - if(UserHandler::login($username, $fPassword_current)) { + if(!UserHandler::login($username, $fPassword_current)) { $error += 1; $pPassword_password_current_text = $PALANG['pPassword_password_current_text_error']; } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <Gin...@us...> - 2009-06-30 13:29:12
|
Revision: 679 http://postfixadmin.svn.sourceforge.net/postfixadmin/?rev=679&view=rev Author: GingerDog Date: 2009-06-30 12:56:30 +0000 (Tue, 30 Jun 2009) Log Message: ----------- users/password.php: fix minor typo Modified Paths: -------------- trunk/users/password.php Modified: trunk/users/password.php =================================================================== --- trunk/users/password.php 2009-06-29 08:26:35 UTC (rev 678) +++ trunk/users/password.php 2009-06-30 12:56:30 UTC (rev 679) @@ -59,7 +59,7 @@ if ($error != 1) { - $uh = new UserHandleR($username); + $uh = new UserHandler($username); if($uh->change_pass($fPassword_current, $fPassword)) { flash_info($PALANG['pPassword_result_success']); header("Location: main.php"); This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <chr...@us...> - 2013-06-23 17:56:18
|
Revision: 1492 http://sourceforge.net/p/postfixadmin/code/1492 Author: christian_boltz Date: 2013-06-23 17:56:16 +0000 (Sun, 23 Jun 2013) Log Message: ----------- users/password.php: - update to use non-static MailboxHandler->login() Modified Paths: -------------- trunk/users/password.php Modified: trunk/users/password.php =================================================================== --- trunk/users/password.php 2013-06-23 17:49:54 UTC (rev 1491) +++ trunk/users/password.php 2013-06-23 17:56:16 UTC (rev 1492) @@ -54,8 +54,10 @@ flash_error($validpass[0]); # TODO: honor all error messages, not only the first one $error += 1; } - - if(!MailboxHandler::login($username, $fPassword_current)) { + + $mh = new MailboxHandler; + + if(!$mh->login($username, $fPassword_current)) { $error += 1; $pPassword_password_current_text = $PALANG['pPassword_password_current_text_error']; } @@ -67,7 +69,6 @@ if ($error == 0) { - $mh = new MailboxHandler(); $mh->init($username); # TODO: error handling if($mh->change_pw($fPassword, $fPassword_current) ) { flash_info($PALANG['pPassword_result_success']); This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <chr...@us...> - 2010-05-18 20:55:59
|
Revision: 829 http://postfixadmin.svn.sourceforge.net/postfixadmin/?rev=829&view=rev Author: christian_boltz Date: 2010-05-18 20:55:52 +0000 (Tue, 18 May 2010) Log Message: ----------- users/password.php: - users could bypass checking the old password when changing the password by entering a too short new password. Fortunately this only works for authentificated users, so the severity of this bug is low. Thanks to Jonathan Rogers (jonner) for discovering this bug. https://sourceforge.net/tracker/?func=detail&aid=2987852&group_id=191583&atid=937964 Modified Paths: -------------- trunk/users/password.php Modified: trunk/users/password.php =================================================================== --- trunk/users/password.php 2010-05-17 22:56:23 UTC (rev 828) +++ trunk/users/password.php 2010-05-18 20:55:52 UTC (rev 829) @@ -43,8 +43,9 @@ $fPassword = $_POST['fPassword']; $fPassword2 = $_POST['fPassword2']; + $error = 0; if(strlen($fPassword) < $CONF['min_password_length']) { - $error = 1; + $error += 1; flash_error(sprintf($PALANG['pPasswordTooShort'], $CONF['min_password_length'])); } if(!UserHandler::login($username, $fPassword_current)) { @@ -53,11 +54,11 @@ } if (empty ($fPassword) or ($fPassword != $fPassword2)) { - $error = 1; + $error += 1; $pPassword_password_text = $PALANG['pPassword_password_text_error']; } - if ($error != 1) + if ($error == 0) { $uh = new UserHandler($username); if($uh->change_pass($fPassword_current, $fPassword)) { This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <chr...@us...> - 2014-04-27 19:18:17
|
Revision: 1662 http://sourceforge.net/p/postfixadmin/code/1662 Author: christian_boltz Date: 2014-04-27 19:18:14 +0000 (Sun, 27 Apr 2014) Log Message: ----------- users/password.php: - include the username in messages containing %s Modified Paths: -------------- trunk/users/password.php Modified: trunk/users/password.php =================================================================== --- trunk/users/password.php 2014-04-27 13:41:41 UTC (rev 1661) +++ trunk/users/password.php 2014-04-27 19:18:14 UTC (rev 1662) @@ -70,13 +70,13 @@ { $mh->init($username); # TODO: error handling if($mh->change_pw($fPassword, $fPassword_current) ) { - flash_info($PALANG['pPassword_result_success']); + flash_info(Config::Lang_f('pPassword_result_success', $username)); header("Location: main.php"); exit(0); } else { - flash_error($PALANG['pPassword_result_error']); + flash_error(Config::Lang_f('pPassword_result_error', $username)); } } } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |