From: <ag...@us...> - 2008-09-04 10:57:10
|
Revision: 54 http://panda-admin.svn.sourceforge.net/panda-admin/?rev=54&view=rev Author: agrassi Date: 2008-09-04 10:57:21 +0000 (Thu, 04 Sep 2008) Log Message: ----------- Password handling improved HTTPS detection centralized and moved to $status Modified Paths: -------------- trunk/includes/functions.php trunk/index.php trunk/modules/email/modify/chpw.php trunk/modules/email/modifynwl/chpw.php trunk/tpl/header.php Added Paths: ----------- trunk/tpl/password.php Modified: trunk/includes/functions.php =================================================================== --- trunk/includes/functions.php 2008-07-03 11:23:18 UTC (rev 53) +++ trunk/includes/functions.php 2008-09-04 10:57:21 UTC (rev 54) @@ -36,7 +36,8 @@ 'data', 'scookie', 'page', - 'subuser' + 'subuser', + 'https' ); // Link creation function @@ -77,7 +78,7 @@ global $status; - $link = "http://" . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'] . "?"; + $link = "http" . $status->https . "://" . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'] . "?"; for ($i = 0; $i < sizeof($fields); $i++) { $field = $fields[$i]; Modified: trunk/index.php =================================================================== --- trunk/index.php 2008-07-03 11:23:18 UTC (rev 53) +++ trunk/index.php 2008-09-04 10:57:21 UTC (rev 54) @@ -32,6 +32,12 @@ // Fill $status with command line $status = decode_status(); +if($_SERVER['HTTPS'] == 'on') { + $status->https = 's'; +} else { + $status->https = ''; +} + if(!is_loggedin()){ if($_POST['username'] && $_POST['password']){ do_login($_POST['username'],$_POST['password']); Modified: trunk/modules/email/modify/chpw.php =================================================================== --- trunk/modules/email/modify/chpw.php 2008-07-03 11:23:18 UTC (rev 53) +++ trunk/modules/email/modify/chpw.php 2008-09-04 10:57:21 UTC (rev 54) @@ -24,18 +24,23 @@ $status->message = _("Insert the new password for the local mailbox "). $status->user."@".$status->domain; $status->ask = true; $status->cancel_to = make_link(array('mode','domain','user','op')); - $status->body = 'input'; + $status->body = 'password'; return; } // Password has been supplied, scookie is ok -if (changePassword("$status->user@$status->domain", $status->data)) { - $status->title = _("Operation successful."); - $status->message = _("The password for the address ") . $status->user."@".$status->domain ." has been updated."; +if($status->data[1] == $status->data[2]) { + if (changePassword("$status->user@$status->domain", $status->data[1])) { + $status->title = _("Operation successful."); + $status->message = _("The password for the address ") . $status->user."@".$status->domain ." has been updated."; + } else { + $status->title = _("Error"); + $status->message = _("Error while updating the password for the address ") . $status->user."@".$status->domain; + + } } else { - $status->title = _("Error"); - $status->message = _("Error while updating the password for the address ") . $status->user."@".$status->domain; - + $status->title = _("Error"); + $status->message = _("Supplied passwords don't match"); } $status->body = 'message'; Modified: trunk/modules/email/modifynwl/chpw.php =================================================================== --- trunk/modules/email/modifynwl/chpw.php 2008-07-03 11:23:18 UTC (rev 53) +++ trunk/modules/email/modifynwl/chpw.php 2008-09-04 10:57:21 UTC (rev 54) @@ -29,12 +29,17 @@ } // Password has been supplied, scookie is ok -if (changeNWLPassword("$status->user@$status->domain", $status->data)) { - $status->title = _("Operation successful."); - $status->message = _("The password for the newsletter "). "$status->user@$status->domain" . _(" has been updated."); +if($status->data[1] == $status->data[2]) { + if (changeNWLPassword("$status->user@$status->domain", $status->data)) { + $status->title = _("Operation successful."); + $status->message = _("The password for the newsletter "). "$status->user@$status->domain" . _(" has been updated."); + } else { + $status->title = _("Error"); + $status->message = _("Error while updating the password for the newsletter") . "$status->user@$status->domain"; + } } else { - $status->title = _("Error"); - $status->message = _("Error while updating the password for the newsletter") . "$status->user@$status->domain"; + $status->title = _("Error"); + $status->message = _("Supplied passwords don't match"); } $status->body = 'message'; Modified: trunk/tpl/header.php =================================================================== --- trunk/tpl/header.php 2008-07-03 11:23:18 UTC (rev 53) +++ trunk/tpl/header.php 2008-09-04 10:57:21 UTC (rev 54) @@ -19,7 +19,6 @@ */ ?> <?= '<?xml version="1.0"?>' ?> -<? if($_SERVER['HTTPS'] == 'on') { $is_https="s"; } else { $is_https=""; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" @@ -38,7 +37,7 @@ <a href='<?= make_link(array()).'?mode=email' ?>'>e-mail</a> <a href='<?= make_link(array()).'?mode=domain' ?>'><?= _("domains") ?></a> <a href='<?= make_link(array()).'?mode=domainalias' ?>'><?= _("alias domains") ?></a> - <a href='<?= "http" . $is_https . "://" . $_SERVER['SERVER_NAME'] . dirname($_SERVER['PHP_SELF']) . "/nwadmin" ?>' target="_blank">newsletter</a> + <a href='<?= "http" . $status->is_https . "://" . $_SERVER['SERVER_NAME'] . dirname($_SERVER['PHP_SELF']) . "/nwadmin" ?>' target="_blank">newsletter</a> <? if(is_administrator()) { ?> <br /> <a href='<?= make_link(array()).'?mode=users' ?>'><?= _("users") ?></a> Added: trunk/tpl/password.php =================================================================== --- trunk/tpl/password.php (rev 0) +++ trunk/tpl/password.php 2008-09-04 10:57:21 UTC (rev 54) @@ -0,0 +1,34 @@ +<? +/* + Copyright (C) 2007 - Marco Nenciarini <mn...@gr...> + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2, or (at your option) + any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software Foundation, + Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + +*/ +?> + <h4><?= $status->title ?></h4> + <p><?= $status->message ?></p> + <form name='input' method='get' action='#'> + <p> + <?= make_hidden_fields(array ('mode', 'op', 'domain', 'user', 'subop', 'scookie')) ?> + <input type='password' name='data[1].' value='<?= $status->data[1] ?>' /><br /> + <?= _("Repeat password: ") ?> <br /><input type='password' name='data[2].' value='<?= $status->data[1] ?>' /><br /> + + </p> + <p> + [<a href='#' onclick='input.submit()'>ok</a>] + [<a href='<?= $status->cancel_to ?>'><?= _("cancel") ?></a>] + </p> + </form> This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |