mirror of
https://github.com/postfixadmin/postfixadmin.git
synced 2024-09-19 19:22:14 +02:00
AdminpasswordHandler.php:
- new file, used for "change password" for admins configs/menu.conf: - switch from password.php to edit.php?table=adminpassword password.php: - deleted, replaced by AdminpasswordHandler git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1491 a1433add-5e2c-0410-b055-b7f2511e0802
This commit is contained in:
parent
ce233789b9
commit
00bc5c6553
@ -17,7 +17,7 @@ url_fetchmail_new_entry = fetchmail.php?new=1
|
||||
url_sendmail = sendmail.php
|
||||
url_broadcast_message = broadcast-message.php
|
||||
# password
|
||||
url_password = password.php
|
||||
url_password = edit.php?table=adminpassword
|
||||
# backup
|
||||
url_backup = backup.php
|
||||
# viewlog
|
||||
|
108
model/AdminpasswordHandler.php
Normal file
108
model/AdminpasswordHandler.php
Normal file
@ -0,0 +1,108 @@
|
||||
<?php
|
||||
# $Id$
|
||||
|
||||
class AdminpasswordHandler extends PFAHandler {
|
||||
|
||||
protected $db_table = 'admin';
|
||||
protected $id_field = 'username';
|
||||
|
||||
# do not skip empty password fields
|
||||
protected $skip_empty_pass = false;
|
||||
|
||||
protected function no_domain_field() {
|
||||
# PFAHandler die()s if domain field is not set. Disable this behaviour for AdminHandler.
|
||||
}
|
||||
|
||||
protected function validate_new_id() {
|
||||
# unused in AdminpasswordHandler, but must be defined
|
||||
}
|
||||
|
||||
# init $this->struct, $this->db_table and $this->id_field
|
||||
protected function initStruct() {
|
||||
# TODO: shorter PALANG labels ;-)
|
||||
|
||||
$this->struct=array(
|
||||
# field name allow display in... type $PALANG label $PALANG description default / options / ...
|
||||
# editing? form list
|
||||
'username' => pacol( 0, 1, 1, 'text', 'pAdminEdit_admin_username' , '' ),
|
||||
'oldpass' => pacol( 1, 1, 0, 'pass', 'pPassword_password_current' , 'pPassword_password_current_text', '', '',
|
||||
/*not_in_db*/ 1 ),
|
||||
'password' => pacol( 1, 1, 0, 'pass', 'pPassword_password' , '' ),
|
||||
'password2' => pacol( 1, 1, 0, 'pass', 'pPassword_password2' , '' , '', '',
|
||||
/*not_in_db*/ 0,
|
||||
/*dont_write_to_db*/ 1,
|
||||
/*select*/ 'password as password2'
|
||||
),
|
||||
);
|
||||
}
|
||||
|
||||
public function init($id) {
|
||||
# hardcode to logged in admin
|
||||
if ($this->admin_username == '') die("No admin logged in");
|
||||
$this->id = $this->admin_username;
|
||||
$this->values['username'] = $this->id;
|
||||
$this->struct['username']['default'] = $this->id;
|
||||
|
||||
# hardcode to edit mode
|
||||
$this->new = 0;
|
||||
|
||||
return parent::init($this->id);
|
||||
}
|
||||
|
||||
public function initMsg() {
|
||||
$this->msg['error_already_exists'] = 'pAdminCreate_admin_username_text_error2'; # probably unused
|
||||
$this->msg['error_does_not_exist'] = 'pAdminEdit_admin_result_error'; # probably unused
|
||||
|
||||
$this->msg['logname'] = 'edit_password';
|
||||
$this->msg['store_error'] = 'pPassword_result_error';
|
||||
$this->msg['successmessage'] = 'pPassword_result_success';
|
||||
}
|
||||
|
||||
public function webformConfig() {
|
||||
return array(
|
||||
# $PALANG labels
|
||||
'formtitle_create' => 'pPassword_welcome',
|
||||
'formtitle_edit' => 'pPassword_welcome',
|
||||
'create_button' => 'pPassword_button',
|
||||
|
||||
# various settings
|
||||
'required_role' => 'admin',
|
||||
'listview' => 'main.php',
|
||||
'early_init' => 1,
|
||||
|
||||
'hardcoded_edit' => true,
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* check if old password is correct
|
||||
*/
|
||||
protected function _field_oldpass($field, $val) {
|
||||
if ( $this->login($this->id, $val) ) {
|
||||
return true;
|
||||
}
|
||||
|
||||
$this->errormsg[$field] = Lang::read('pPassword_password_current_text_error');
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* skip default validation (check if password is good enough) for old password
|
||||
*/
|
||||
protected function _inp_pass($field, $val) {
|
||||
if ($field == 'oldpass') return true;
|
||||
|
||||
return parent::_inp_pass($field, $val);
|
||||
}
|
||||
|
||||
/**
|
||||
* compare password / password2 field
|
||||
* error message will be displayed at the password2 field
|
||||
*/
|
||||
protected function _field_password2($field, $val) {
|
||||
return $this->compare_password_fields('password', 'password2');
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/* vim: set expandtab softtabstop=4 tabstop=4 shiftwidth=4: */
|
100
password.php
100
password.php
@ -1,100 +0,0 @@
|
||||
<?php
|
||||
/**
|
||||
* Postfix Admin
|
||||
*
|
||||
* LICENSE
|
||||
* This source file is subject to the GPL license that is bundled with
|
||||
* this package in the file LICENSE.TXT.
|
||||
*
|
||||
* Further details on the project are available at :
|
||||
* http://www.postfixadmin.com or http://postfixadmin.sf.net
|
||||
*
|
||||
* @version $Id$
|
||||
* @license GNU GPL v2 or later.
|
||||
*
|
||||
* File: password.php
|
||||
* Allows admins to change their own password.
|
||||
* Template File: password.tpl
|
||||
*
|
||||
* Template Variables:
|
||||
*
|
||||
* none
|
||||
*
|
||||
* Form POST \ GET Variables:
|
||||
*
|
||||
* fPassword_current
|
||||
* fPassword
|
||||
* fPassword2
|
||||
*/
|
||||
|
||||
require_once('common.php');
|
||||
|
||||
authentication_require_role('admin');
|
||||
|
||||
$SESSID_USERNAME = authentication_get_username();
|
||||
|
||||
$smarty->assign ('SESSID_USERNAME', $SESSID_USERNAME);
|
||||
$smarty->assign ('smarty_template', 'password');
|
||||
|
||||
$pPassword_password_current_text = "";
|
||||
$pPassword_password_text = "";
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] == "GET")
|
||||
{
|
||||
$smarty->display ('index.tpl');
|
||||
}
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] == "POST")
|
||||
{
|
||||
if (isset ($_POST['fPassword_current'])) $fPassword_current = escape_string ($_POST['fPassword_current']);
|
||||
if (isset ($_POST['fPassword'])) $fPassword = escape_string ($_POST['fPassword']);
|
||||
if (isset ($_POST['fPassword2'])) $fPassword2 = escape_string ($_POST['fPassword2']);
|
||||
|
||||
$username = $SESSID_USERNAME;
|
||||
|
||||
$result = db_query ("SELECT * FROM $table_admin WHERE username='$username'");
|
||||
if ($result['rows'] == 1)
|
||||
{
|
||||
$row = db_array ($result['result']);
|
||||
$checked_password = escape_string(pacrypt ($fPassword_current, $row['password']));
|
||||
|
||||
$result = db_query ("SELECT * FROM $table_admin WHERE username='$username' AND password='$checked_password'");
|
||||
if ($result['rows'] != 1)
|
||||
{
|
||||
$error = 1;
|
||||
$pPassword_password_current_text = $PALANG['pPassword_password_current_text_error'];
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
$error = 1;
|
||||
$pPassword_email_text = $PALANG['pPassword_email_text_error'];
|
||||
}
|
||||
|
||||
if (empty ($fPassword) or ($fPassword != $fPassword2))
|
||||
{
|
||||
$error = 1;
|
||||
$pPassword_password_text = $PALANG['pPassword_password_text_error'];
|
||||
}
|
||||
|
||||
if ($error != 1)
|
||||
{
|
||||
$password = escape_string(pacrypt ($fPassword));
|
||||
$result = db_query ("UPDATE $table_admin SET password='$password',modified=NOW() WHERE username='$username'");
|
||||
if ($result['rows'] == 1)
|
||||
{
|
||||
flash_info($PALANG['pPassword_result_success']);
|
||||
}
|
||||
else
|
||||
{
|
||||
flash_error($PALANG['pPassword_result_error']);
|
||||
}
|
||||
}
|
||||
|
||||
$smarty->assign ('pPassword_password_current_text', $pPassword_password_current_text);
|
||||
$smarty->assign ('pPassword_password_text', $pPassword_password_text);
|
||||
$smarty->display ('index.tpl');
|
||||
}
|
||||
|
||||
/* vim: set expandtab softtabstop=4 tabstop=4 shiftwidth=4: */
|
||||
?>
|
Loading…
Reference in New Issue
Block a user