- added possibility to set a minimum password length for all passwords (does not count for old passwords already saved), fixes #59
- set version to 0.9.3-svn1
This commit is contained in:
Michael Kaufmann (d00p)
@@ -54,6 +54,14 @@ return array(
|
||||
'default' => 900,
|
||||
'save_method' => 'storeSettingField',
|
||||
),
|
||||
'panel_password_min_length' => array(
|
||||
'label' => $lng['serversettings']['panel_password_min_length'],
|
||||
'settinggroup' => 'panel',
|
||||
'varname' => 'password_min_length',
|
||||
'type' => 'int',
|
||||
'default' => 0,
|
||||
'save_method' => 'storeSettingField',
|
||||
),
|
||||
'customer_accountprefix' => array(
|
||||
'label' => $lng['serversettings']['accountprefix'],
|
||||
'settinggroup' => 'customer',
|
||||
|
||||
@@ -154,6 +154,7 @@ if($page == 'admins'
|
||||
|
||||
$loginname = validate($_POST['loginname'], 'loginname');
|
||||
$password = validate($_POST['admin_password'], 'password');
|
||||
$password = validatePassword($password);
|
||||
$def_language = validate($_POST['def_language'], 'default language');
|
||||
$customers = intval_ressource($_POST['customers']);
|
||||
|
||||
@@ -560,6 +561,7 @@ if($page == 'admins'
|
||||
{
|
||||
if($password != '')
|
||||
{
|
||||
$password = validatePassword($password);
|
||||
$password = md5($password);
|
||||
}
|
||||
else
|
||||
|
||||
@@ -379,6 +379,7 @@ if($page == 'customers'
|
||||
|
||||
$createstdsubdomain = intval($_POST['createstdsubdomain']);
|
||||
$password = validate($_POST['customer_password'], 'password');
|
||||
$password = validatePassword($password);
|
||||
$sendpassword = intval($_POST['sendpassword']);
|
||||
$phpenabled = intval($_POST['phpenabled']);
|
||||
$diskspace = $diskspace * 1024;
|
||||
@@ -849,6 +850,7 @@ if($page == 'customers'
|
||||
{
|
||||
if($password != '')
|
||||
{
|
||||
$password = validatePassword($password);
|
||||
$password = md5($password);
|
||||
}
|
||||
else
|
||||
|
||||
@@ -372,6 +372,7 @@ elseif($page == 'accounts')
|
||||
$email_full = $result['email_full'];
|
||||
$username = $idna_convert->decode($email_full);
|
||||
$password = validate($_POST['email_password'], 'password');
|
||||
$password = validatePassword($password);
|
||||
|
||||
if($settings['panel']['sendalternativemail'] == 1)
|
||||
{
|
||||
@@ -518,12 +519,12 @@ elseif($page == 'accounts')
|
||||
standard_error(array('stringisempty', 'mypassword'));
|
||||
exit;
|
||||
}
|
||||
else
|
||||
{
|
||||
$log->logAction(USR_ACTION, LOG_NOTICE, "changed email password for '" . $result['email_full'] . "'");
|
||||
$result = $db->query("UPDATE `" . TABLE_MAIL_USERS . "` SET " . ($settings['system']['mailpwcleartext'] == '1' ? "`password` = '" . $db->escape($password) . "', " : '') . " `password_enc`=ENCRYPT('" . $db->escape($password) . "') WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `id`='" . (int)$result['popaccountid'] . "'");
|
||||
redirectTo($filename, Array('page' => 'emails', 'action' => 'edit', 'id' => $id, 's' => $s));
|
||||
}
|
||||
|
||||
$password = validatePassword($password);
|
||||
|
||||
$log->logAction(USR_ACTION, LOG_NOTICE, "changed email password for '" . $result['email_full'] . "'");
|
||||
$result = $db->query("UPDATE `" . TABLE_MAIL_USERS . "` SET " . ($settings['system']['mailpwcleartext'] == '1' ? "`password` = '" . $db->escape($password) . "', " : '') . " `password_enc`=ENCRYPT('" . $db->escape($password) . "') WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `id`='" . (int)$result['popaccountid'] . "'");
|
||||
redirectTo($filename, Array('page' => 'emails', 'action' => 'edit', 'id' => $id, 's' => $s));
|
||||
}
|
||||
else
|
||||
{
|
||||
|
||||
@@ -135,6 +135,7 @@ elseif($page == 'accounts')
|
||||
{
|
||||
$path = validate($_POST['path'], 'path');
|
||||
$password = validate($_POST['ftp_password'], 'password');
|
||||
$password = validatePassword($password);
|
||||
|
||||
if($settings['customer']['ftpatdomain'] == '1')
|
||||
{
|
||||
|
||||
@@ -139,6 +139,7 @@ elseif($page == 'mysqls')
|
||||
&& $_POST['send'] == 'send')
|
||||
{
|
||||
$password = validate($_POST['mysql_password'], 'password');
|
||||
$password = validatePassword($password);
|
||||
|
||||
if($password == '')
|
||||
{
|
||||
@@ -219,6 +220,7 @@ elseif($page == 'mysqls')
|
||||
// Only change Password if it is set, do nothing if it is empty! -- PH 2004-11-29
|
||||
|
||||
$password = validate($_POST['mysql_password'], 'password');
|
||||
$password = validatePassword($password);
|
||||
|
||||
if($password != '')
|
||||
{
|
||||
|
||||
13
index.php
13
index.php
@@ -240,7 +240,18 @@ if($action == 'forgotpwd')
|
||||
{
|
||||
if($user !== false)
|
||||
{
|
||||
$password = substr(md5(uniqid(microtime(), 1)), 12, 6);
|
||||
if ($settings['panel']['password_min_length'] <= 6) {
|
||||
$password = substr(md5(uniqid(microtime(), 1)), 12, 6);
|
||||
} else {
|
||||
// make it two times larger than password_min_length
|
||||
$rnd = '';
|
||||
$minlength = $settings['panel']['password_min_length'];
|
||||
while (strlen($rnd) < ($minlength * 2))
|
||||
{
|
||||
$rnd .= md5(uniqid(microtime(), 1));
|
||||
}
|
||||
$password = substr($rnd, (int)($minlength / 2), $minlength);
|
||||
}
|
||||
|
||||
if($adminchecked)
|
||||
{
|
||||
|
||||
@@ -451,7 +451,7 @@ INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) V
|
||||
INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (18, 'system', 'vmail_homedir', '/var/customers/mail/');
|
||||
INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (19, 'system', 'bindconf_directory', '/etc/bind/');
|
||||
INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (20, 'system', 'bindreload_command', '/etc/init.d/bind9 reload');
|
||||
INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (22, 'panel', 'version', '0.9.3');
|
||||
INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (22, 'panel', 'version', '0.9.3-svn1');
|
||||
INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (23, 'system', 'hostname', 'SERVERNAME');
|
||||
INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (24, 'login', 'maxloginattempts', '3');
|
||||
INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (25, 'login', 'deactivatetime', '900');
|
||||
@@ -550,6 +550,7 @@ INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) V
|
||||
INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (119, 'spf', 'use_spf', '0');
|
||||
INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (120, 'spf', 'spf_entry', '@ IN TXT "v=spf1 a mx -all"');
|
||||
INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (121, 'system', 'debug_cron', '0');
|
||||
INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (122, 'panel', 'password_min_length', '0');
|
||||
|
||||
# --------------------------------------------------------
|
||||
|
||||
|
||||
@@ -314,4 +314,15 @@ if(isFroxlorVersion('0.9.2'))
|
||||
updateToVersion('0.9.3');
|
||||
}
|
||||
|
||||
if(isFroxlorVersion('0.9.3'))
|
||||
{
|
||||
showUpdateStep("Updating from 0.9.3 to 0.9.3-svn1", false);
|
||||
|
||||
showUpdateStep("Updating tables");
|
||||
$db->query("INSERT INTO `" . TABLE_PANEL_SETTINGS . "` (`settinggroup`, `varname`, `value`) VALUES ('panel', 'password_min_length', '0');");
|
||||
lastStepStatus(0);
|
||||
|
||||
updateToVersion('0.9.3-svn1');
|
||||
}
|
||||
|
||||
?>
|
||||
|
||||
43
lib/functions/validate/function.validatePassword.php
Normal file
43
lib/functions/validate/function.validatePassword.php
Normal file
@@ -0,0 +1,43 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* This file is part of the Froxlor project.
|
||||
* Copyright (c) 2010 the Froxlor Team (see authors).
|
||||
*
|
||||
* For the full copyright and license information, please view the COPYING
|
||||
* file that was distributed with this source code. You can also view the
|
||||
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
|
||||
*
|
||||
* @copyright (c) the authors
|
||||
* @author Froxlor team <team@froxlor.org> (2010-)
|
||||
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
|
||||
* @package Functions
|
||||
* @version $Id$
|
||||
*/
|
||||
|
||||
/**
|
||||
* Function validatePassword
|
||||
*
|
||||
* if password-min-length is set in settings
|
||||
* we check against the length, if not matched
|
||||
* an error message will be output and 'exit' is called
|
||||
*
|
||||
* @param string $password the password to validate
|
||||
*
|
||||
* @return string either the password or an errormessage+exit
|
||||
*/
|
||||
function validatePassword($password = null)
|
||||
{
|
||||
global $settings;
|
||||
|
||||
if ($settings['panel']['password_min_length'] > 0) {
|
||||
$password = validate(
|
||||
$password,
|
||||
$settings['panel']['password_min_length'], /* replacer needs to be password length, not the fieldname */
|
||||
'/^.{'.(int)$settings['panel']['password_min_length'].',}$/D',
|
||||
'notrequiredpasswordlength'
|
||||
);
|
||||
}
|
||||
|
||||
return $password;
|
||||
}
|
||||
@@ -68,7 +68,7 @@ define('PACKAGE_ENABLED', 2);
|
||||
|
||||
// VERSION INFO
|
||||
|
||||
$version = '0.9.3';
|
||||
$version = '0.9.3-svn1';
|
||||
$dbversion = '2';
|
||||
$branding = '';
|
||||
|
||||
|
||||
@@ -1305,4 +1305,10 @@ $lng['admin']['newerversionavailable'] = 'There is a newer version of Froxlor av
|
||||
$lng['emails']['noemaildomainaddedyet'] = 'You do not have a (email-)domain in your account yet.';
|
||||
$lng['error']['hiddenfieldvaluechanged'] = 'The value for the hidden field "%s" changed while editing the settings.<br /><br />This is usually not a big problem but the settings could not be saved because of this.';
|
||||
|
||||
// ADDED IN FROXLOR 0.9.3-svn1
|
||||
|
||||
$lng['serversettings']['panel_password_min_length']['title'] = 'Minimum password length';
|
||||
$lng['serversettings']['panel_password_min_length']['description'] = 'Here you can set a minimum length for passwords. \'0\' means: no minimum length required.';
|
||||
$lng['error']['notrequiredpasswordlength'] = 'The given password is too short. Please enter at least %s characters.';
|
||||
|
||||
?>
|
||||
|
||||
@@ -1285,4 +1285,10 @@ $lng['admin']['newerversionavailable'] = 'Eine neuere Version von Froxlor wurde
|
||||
$lng['emails']['noemaildomainaddedyet'] = 'Sie haben bisher noch keine (E-Mail-)Domain in Ihrem Konto.';
|
||||
$lng['error']['hiddenfieldvaluechanged'] = 'Der Wert des verborgenen Feldes "%s" hat sich während dem Ändern der Einstellungen geändert.<br /><br />Dies ist im Grunde kein schwerwiegendes Problem, allerdings konnten so die Einstellungen nicht gespeichert werden.';
|
||||
|
||||
// ADDED IN FROXLOR 0.9.3-svn1
|
||||
|
||||
$lng['serversettings']['panel_password_min_length']['title'] = 'Mindestlänge von Passwörtern';
|
||||
$lng['serversettings']['panel_password_min_length']['description'] = 'Hier können Sie die Mindestlänge für Passwörter festlegen. \'0\' bedeutet: Keine Mindestlänge';
|
||||
$lng['error']['notrequiredpasswordlength'] = 'Das Passwort ist zu kurz. Bitte geben Sie mindestens %s Zeichen an.';
|
||||
|
||||
?>
|
||||
|
||||
Reference in New Issue
Block a user