SF.net SVN: postfixadmin: [129] trunk/admin/edit-admin.php
Brought to you by:
christian_boltz,
gingerdog
Menu
▾
▴
SF.net SVN: postfixadmin: [129] trunk/admin/edit-admin.php
|
From: <Gin...@us...> - 2007-10-04 14:57:05
|
Revision: 129
http://postfixadmin.svn.sourceforge.net/postfixadmin/?rev=129&view=rev
Author: GingerDog
Date: 2007-10-04 07:57:04 -0700 (Thu, 04 Oct 2007)
Log Message:
-----------
edit-admin.php: i think this fixes the outstanding problems, but I get horrible problems if firefox is allowed to remember passwords etc - is there a good way of disabling this behaviour beyond autocomplete="off" ?
Modified Paths:
--------------
trunk/admin/edit-admin.php
Modified: trunk/admin/edit-admin.php
===================================================================
--- trunk/admin/edit-admin.php 2007-10-04 13:53:45 UTC (rev 128)
+++ trunk/admin/edit-admin.php 2007-10-04 14:57:04 UTC (rev 129)
@@ -37,103 +37,115 @@
authentication_require_role('global-admin');
+$error = 1;
+if(isset($_GET['username'])) {
+ $username = escape_string ($_GET['username']);
+ $result = db_query("SELECT * FROM $table_admin WHERE username = '$username'");
+ if($result['rows'] == 1) {
+ $admin_details = db_array($result['result']);
+ $error = 0;
+ }
+}
+if($error == 1){
+ flash_error($PALANG['pAdminEdit_admin_result_error']);
+ header("Location: list-admin.php");
+ exit(0);
+}
+// we aren't ensuring the password is longer than x characters, should we?
if ($_SERVER['REQUEST_METHOD'] == "POST")
{
- $fPassword = '';
- $fPassword2 = '';
- if(isset ($_GET['username'])) $username = escape_string ($_GET['username']);
+ $fPassword = '';
+ $fPassword2 = '';
+ if(isset ($_POST['fPassword'])) $fPassword = escape_string ($_POST['fPassword']);
+ if(isset ($_POST['fPassword2'])) $fPassword2 = escape_string ($_POST['fPassword2']);
- if(isset ($_POST['fPassword'])) $fPassword = escape_string ($_POST['fPassword']);
- if(isset ($_POST['fPassword2'])) $fPassword2 = escape_string ($_POST['fPassword2']);
- if ($fPassword != $fPassword2)
- {
- $error = 1;
- $pAdminEdit_admin_password_text = $PALANG['pAdminEdit_admin_password_text_error'];
- }
+ $fActive=(isset($_POST['fActive'])) ? escape_string ($_POST['fActive']) : FALSE;
+ $fSadmin=(isset($_POST['fSadmin'])) ? escape_string ($_POST['fSadmin']) : FALSE;
- $fActive=(isset($_POST['fActive'])) ? escape_string ($_POST['fActive']) : FALSE;
- $fSadmin=(isset($_POST['fSadmin'])) ? escape_string ($_POST['fSadmin']) : FALSE;
+ $fDomains = false;
+ if (isset ($_POST['fDomains'])) $fDomains = $_POST['fDomains'];
- $fDomains = false;
- if (isset ($_POST['fDomains'])) $fDomains = $_POST['fDomains'];
+ $tAllDomains = list_domains ();
- $tAllDomains = list_domains ();
+ // has the password changed?
+ $originalPassword = $admin_details['password'];
+ if($fPassword != $originalPassword) {
+ // if it has, ensure both fields are the same...
+ if ($fPassword == $fPassword2)
+ {
+ if(strlen($fPassword) >= $CONF['min_password_length']) {
+ $fPassword = pacrypt($fPassword);
+ }
+ else {
+ $error = 1;
+ flash_error(sprintf($PALANG['pPasswordTooShort'], $CONF['min_password_length']));
+ }
+ }
+ else {
+ $error = 1;
+ $pAdminEdit_admin_password_text = $PALANG['pAdminEdit_admin_password_text_error'];
+ }
+ }
- $result = db_query("SELECT * FROM $table_admin WHERE username = '$username'");
- if($result['rows'] != 1) {
- die("Invalid username for admin user");
- }
- $admin_details = db_array($result['result']);
- $originalPassword = $admin_details['password'];
- // has the password changed?
- if($fPassword != $originalPassword) {
- if(!empty($_POST['fPassword2'])) {
- $fPassword = pacrypt($fPassword);
- }
- }
+ $fDomains = array();
+ if (array_key_exists('fDomains', $_POST)) $fDomains = escape_string ($_POST['fDomains']);
+ if ($error != 1)
+ {
+ if ($fActive == "on") {
+ $sqlActive = db_get_boolean(True);
+ }
+ else {
+ $sqlActive = db_get_boolean(False);
+ }
- $tActive = $fActive;
- $fDomains = array();
- if (array_key_exists('fDomains', $_POST)) $tDomains = escape_string ($_POST['fDomains']);
- if ($error != 1)
- {
- if ($fActive == "on") {
- $sqlActive = db_get_boolean(True);
- }
- else {
- $sqlActive = db_get_boolean(False);
- }
+ $result = db_query ("UPDATE $table_admin SET modified=NOW(),active='$sqlActive',password='$fPassword' WHERE username='$username'");
- $password_query = '';
- if ($fPassword != '') { # do not change password to empty one
- $password_query = ", password='$fPassword'";
- }
- $result = db_query ("UPDATE $table_admin SET modified=NOW(),active='$sqlActive' $password_query WHERE username='$username'");
+ if ($fSadmin == "on") $fSadmin = 'ALL';
- if ($fSadmin == "on") $fSadmin = 'ALL';
+ // delete everything, and put it back later on..
+ db_query("DELETE FROM $table_domain_admins WHERE username = '$username'");
+ if($fSadmin == 'ALL') {
+ $fDomains = array('ALL');
+ }
- // delete everything, and put it back later on..
- db_query("DELETE FROM $table_domain_admins WHERE username = '$username'");
- if($fSadmin == 'ALL') {
- $fDomains = array('ALL');
- }
-
- foreach($fDomains as $domain)
- {
- $result = db_query ("INSERT INTO $table_domain_admins (username,domain,created) VALUES ('$username','$domain',NOW())");
- }
- flash_info($PALANG['pAdminEdit_admin_result_success']);
- }
- else {
- flash_error($PALANG['pAdminEdit_admin_result_error']);
- }
- header("Location: list-admin.php");
+ foreach($fDomains as $domain)
+ {
+ $result = db_query ("INSERT INTO $table_domain_admins (username,domain,created) VALUES ('$username','$domain',NOW())");
+ }
+ flash_info($PALANG['pAdminEdit_admin_result_success']);
+ header("Location: list-admin.php");
+ exit(0);
+ }
+ else {
+ flash_error($PALANG['pAdminEdit_admin_result_error']);
+ }
}
-else { // GET request.
- if (isset($_GET['username'])) $username = escape_string ($_GET['username']);
+if (isset($_GET['username'])) $username = escape_string ($_GET['username']);
- # TODO: read "active" state from database and tick on the checkbox for active admins
+$tAllDomains = list_domains();
+$tDomains = list_domains_for_admin ($username);
+$tActive = '';
+$tPassword = $admin_details['password'];
- $tAllDomains = list_domains();
- $tDomains = list_domains_for_admin ($username);
+if($admin_details['active'] == 't' || $admin_details['active'] == 1) {
+ $tActive = $admin_details['active'];
+}
+$tSadmin = '0';
+$result = db_query ("SELECT * FROM $table_domain_admins WHERE username='$username'");
+// could/should be multiple matches to query;
+if ($result['rows'] >= 1) {
+ $result = $result['result'];
+ while($row = db_array($result)) {
+ if ($row['domain'] == 'ALL') {
+ $tSadmin = '1';
+ $tDomains = array(); /* empty the list, they're an admin */
+ }
+ }
+}
- $tSadmin = '0';
- $result = db_query ("SELECT * FROM $table_domain_admins WHERE username='$username'");
- // could/should be multiple matches to query;
- if ($result['rows'] >= 1) {
- $result = $result['result'];
- while($row = db_array($result)) {
- if ($row['domain'] == 'ALL') {
- $tSadmin = '1';
- $tDomains = array(); /* empty the list, they're an admin */
- }
- }
- }
-
- include ("../templates/header.tpl");
- include ("../templates/admin_menu.tpl");
- include ("../templates/admin_edit-admin.tpl");
- include ("../templates/footer.tpl");
-}
+include ("../templates/header.tpl");
+include ("../templates/admin_menu.tpl");
+include ("../templates/admin_edit-admin.tpl");
+include ("../templates/footer.tpl");
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
