#65 allow disabling changing password / forwarding for users

open
nobody
Core (27)
5
2013-12-01
2009-03-13
No

Comment from libertytrek in https://sourceforge.net/tracker2/?func=detail&atid=937966&aid=2678293&group_id=191583

----------------------------------------------------------------------
I actually don't WANT the users to be able to change their passwords for
one server I manage... passwords are assigned and periodically changed... I
had to modify the users template to remove the code allowing them to change
their passwords AND the code allowing them to create forwarders (this was
being heavily abused)... but I did want them to still be able to manage
their vacation message...
----------------------------------------------------------------------

@libertytrek:

come on - it isn't that difficult ;-)

There are two methods to disable code sections based on a $CONF variable:

a) if you want to disable a small section (for example the menu entry), wrap it in an if block:
if (boolconf('users_password_control')) {
... code printing the menu item ...
}

b) to disable the whole file, add the following section at the beginning
if( !boolconf('users_password_control') ) {
header("Location: " . $CONF['postfix_admin_url'] . "/users/main.php");
exit(0);
}

And yes, I really want to see a patch from you. Even if it isn't perfect, it makes it easier for me than doing all the needed changes myself. At least I see which code sections need to be changed ;-)

Discussion

  • Charles

    Charles - 2011-01-03

    Ok... almost two years to complete my first two itty bitty patches... not too promising... ;)

     
  • Charles

    Charles - 2011-01-03

    Ummm... now what... i can't attach any files... what am i missing?

     
  • Christian Boltz

    Christian Boltz - 2011-01-05

    config.inc.php.patch (from libertytrek)

     
  • Christian Boltz

    Christian Boltz - 2011-01-05

    users_menu.php.patch (from libertytrek)

     
  • Christian Boltz

    Christian Boltz - 2011-01-05

    Looks like people not involved with a tracker item are not allowed to submit patches :-/ therefore libertytrek mailed them to me. Thanks!

    The patches (against 2.3.x) look good, however a user could still change his alias or password by just entering "edit-alias.php" or "password.php" in the browser. I'm quite sure that's not what you want *g*

    Solution: add a check as described in part b) of the summary.

    No need to submit a patch for this, I can do it myself ;-)

     
  • Christian Boltz

    Christian Boltz - 2011-01-05
    • labels: 961349 --> Core
    • milestone: 700210 --> SVN_(please_specify_revision!)
     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks