maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

- added possibility to set a minimum password length for all passwords (does not count for old passwords already saved), fixes #59

Browse Source 
- set version to 0.9.3-svn1
This commit is contained in:
Michael Kaufmann (d00p)
2010-03-17 07:51:16 +00:00
parent f9d84a09f1
commit c1de55f3d5
13 changed files with 103 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
actions/admin/settings/110.accounts.php
View File

@@ -54,6 +54,14 @@ return array(
'default' => 900, 'default' => 900,
'save_method' => 'storeSettingField', 'save_method' => 'storeSettingField',
), ),
'panel_password_min_length' => array(
'label' => $lng['serversettings']['panel_password_min_length'],
'settinggroup' => 'panel',
'varname' => 'password_min_length',
'type' => 'int',
'default' => 0,
'save_method' => 'storeSettingField',
),
'customer_accountprefix' => array( 'customer_accountprefix' => array(
'label' => $lng['serversettings']['accountprefix'], 'label' => $lng['serversettings']['accountprefix'],
'settinggroup' => 'customer', 'settinggroup' => 'customer',

2
admin_admins.php
View File

@@ -154,6 +154,7 @@ if($page == 'admins'
$loginname = validate($_POST['loginname'], 'loginname'); $loginname = validate($_POST['loginname'], 'loginname');
$password = validate($_POST['admin_password'], 'password'); $password = validate($_POST['admin_password'], 'password');
$password = validatePassword($password);
$def_language = validate($_POST['def_language'], 'default language'); $def_language = validate($_POST['def_language'], 'default language');
$customers = intval_ressource($_POST['customers']); $customers = intval_ressource($_POST['customers']);
@@ -560,6 +561,7 @@ if($page == 'admins'
{ {
if($password != '') if($password != '')
{ {
$password = validatePassword($password);
$password = md5($password); $password = md5($password);
} }
else else

2
admin_customers.php
View File

@@ -379,6 +379,7 @@ if($page == 'customers'
$createstdsubdomain = intval($_POST['createstdsubdomain']); $createstdsubdomain = intval($_POST['createstdsubdomain']);
$password = validate($_POST['customer_password'], 'password'); $password = validate($_POST['customer_password'], 'password');
$password = validatePassword($password);
$sendpassword = intval($_POST['sendpassword']); $sendpassword = intval($_POST['sendpassword']);
$phpenabled = intval($_POST['phpenabled']); $phpenabled = intval($_POST['phpenabled']);
$diskspace = $diskspace * 1024; $diskspace = $diskspace * 1024;
@@ -849,6 +850,7 @@ if($page == 'customers'
{ {
if($password != '') if($password != '')
{ {
$password = validatePassword($password);
$password = md5($password); $password = md5($password);
} }
else else

13
customer_email.php
View File

@@ -372,6 +372,7 @@ elseif($page == 'accounts')
$email_full = $result['email_full']; $email_full = $result['email_full'];
$username = $idna_convert->decode($email_full); $username = $idna_convert->decode($email_full);
$password = validate($_POST['email_password'], 'password'); $password = validate($_POST['email_password'], 'password');
$password = validatePassword($password);
if($settings['panel']['sendalternativemail'] == 1) if($settings['panel']['sendalternativemail'] == 1)
{ {
@@ -518,12 +519,12 @@ elseif($page == 'accounts')
standard_error(array('stringisempty', 'mypassword')); standard_error(array('stringisempty', 'mypassword'));
exit; exit;
} }
else
{ $password = validatePassword($password);
$log->logAction(USR_ACTION, LOG_NOTICE, "changed email password for '" . $result['email_full'] . "'");
$result = $db->query("UPDATE `" . TABLE_MAIL_USERS . "` SET " . ($settings['system']['mailpwcleartext'] == '1' ? "`password` = '" . $db->escape($password) . "', " : '') . " `password_enc`=ENCRYPT('" . $db->escape($password) . "') WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `id`='" . (int)$result['popaccountid'] . "'"); $log->logAction(USR_ACTION, LOG_NOTICE, "changed email password for '" . $result['email_full'] . "'");
redirectTo($filename, Array('page' => 'emails', 'action' => 'edit', 'id' => $id, 's' => $s)); $result = $db->query("UPDATE `" . TABLE_MAIL_USERS . "` SET " . ($settings['system']['mailpwcleartext'] == '1' ? "`password` = '" . $db->escape($password) . "', " : '') . " `password_enc`=ENCRYPT('" . $db->escape($password) . "') WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `id`='" . (int)$result['popaccountid'] . "'");
} redirectTo($filename, Array('page' => 'emails', 'action' => 'edit', 'id' => $id, 's' => $s));
} }
else else
{ {

1
customer_ftp.php
View File

@@ -135,6 +135,7 @@ elseif($page == 'accounts')
{ {
$path = validate($_POST['path'], 'path'); $path = validate($_POST['path'], 'path');
$password = validate($_POST['ftp_password'], 'password'); $password = validate($_POST['ftp_password'], 'password');
$password = validatePassword($password);
if($settings['customer']['ftpatdomain'] == '1') if($settings['customer']['ftpatdomain'] == '1')
{ {

2
customer_mysql.php
View File

@@ -139,6 +139,7 @@ elseif($page == 'mysqls')
&& $_POST['send'] == 'send') && $_POST['send'] == 'send')
{ {
$password = validate($_POST['mysql_password'], 'password'); $password = validate($_POST['mysql_password'], 'password');
$password = validatePassword($password);
if($password == '') if($password == '')
{ {
@@ -219,6 +220,7 @@ elseif($page == 'mysqls')
// Only change Password if it is set, do nothing if it is empty! -- PH 2004-11-29 // Only change Password if it is set, do nothing if it is empty! -- PH 2004-11-29
$password = validate($_POST['mysql_password'], 'password'); $password = validate($_POST['mysql_password'], 'password');
$password = validatePassword($password);
if($password != '') if($password != '')
{ {

13
index.php
View File

@@ -240,7 +240,18 @@ if($action == 'forgotpwd')
{ {
if($user !== false) if($user !== false)
{ {
$password = substr(md5(uniqid(microtime(), 1)), 12, 6); if ($settings['panel']['password_min_length'] <= 6) {
$password = substr(md5(uniqid(microtime(), 1)), 12, 6);
} else {
// make it two times larger than password_min_length
$rnd = '';
$minlength = $settings['panel']['password_min_length'];
while (strlen($rnd) < ($minlength * 2))
{
$rnd .= md5(uniqid(microtime(), 1));
}
$password = substr($rnd, (int)($minlength / 2), $minlength);
}
if($adminchecked) if($adminchecked)
{ {

3
install/froxlor.sql
View File

@@ -451,7 +451,7 @@ INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) V
INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (18, 'system', 'vmail_homedir', '/var/customers/mail/'); INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (18, 'system', 'vmail_homedir', '/var/customers/mail/');
INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (19, 'system', 'bindconf_directory', '/etc/bind/'); INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (19, 'system', 'bindconf_directory', '/etc/bind/');
INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (20, 'system', 'bindreload_command', '/etc/init.d/bind9 reload'); INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (20, 'system', 'bindreload_command', '/etc/init.d/bind9 reload');
INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (22, 'panel', 'version', '0.9.3'); INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (22, 'panel', 'version', '0.9.3-svn1');
INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (23, 'system', 'hostname', 'SERVERNAME'); INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (23, 'system', 'hostname', 'SERVERNAME');
INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (24, 'login', 'maxloginattempts', '3'); INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (24, 'login', 'maxloginattempts', '3');
INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (25, 'login', 'deactivatetime', '900'); INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (25, 'login', 'deactivatetime', '900');
@@ -550,6 +550,7 @@ INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) V
INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (119, 'spf', 'use_spf', '0'); INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (119, 'spf', 'use_spf', '0');
INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (120, 'spf', 'spf_entry', '@ IN TXT "v=spf1 a mx -all"'); INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (120, 'spf', 'spf_entry', '@ IN TXT "v=spf1 a mx -all"');
INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (121, 'system', 'debug_cron', '0'); INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (121, 'system', 'debug_cron', '0');
INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (122, 'panel', 'password_min_length', '0');
# -------------------------------------------------------- # --------------------------------------------------------

11
install/updates/froxlor/0.9/update_0.9.inc.php
View File

@@ -314,4 +314,15 @@ if(isFroxlorVersion('0.9.2'))
updateToVersion('0.9.3'); updateToVersion('0.9.3');
} }
if(isFroxlorVersion('0.9.3'))
{
showUpdateStep("Updating from 0.9.3 to 0.9.3-svn1", false);
showUpdateStep("Updating tables");
$db->query("INSERT INTO `" . TABLE_PANEL_SETTINGS . "` (`settinggroup`, `varname`, `value`) VALUES ('panel', 'password_min_length', '0');");
lastStepStatus(0);
updateToVersion('0.9.3-svn1');
}
?> ?>

43
lib/functions/validate/function.validatePassword.php Normal file
View File

@@ -0,0 +1,43 @@
<?php
/**
* This file is part of the Froxlor project.
* Copyright (c) 2010 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Functions
* @version $Id$
*/
/**
* Function validatePassword
*
* if password-min-length is set in settings
* we check against the length, if not matched
* an error message will be output and 'exit' is called
*
* @param string $password the password to validate
*
* @return string either the password or an errormessage+exit
*/
function validatePassword($password = null)
{
global $settings;
if ($settings['panel']['password_min_length'] > 0) {
$password = validate(
$password,
$settings['panel']['password_min_length'], /* replacer needs to be password length, not the fieldname */
'/^.{'.(int)$settings['panel']['password_min_length'].',}$/D',
'notrequiredpasswordlength'
);
}
return $password;
}

2
lib/tables.inc.php
View File

@@ -68,7 +68,7 @@ define('PACKAGE_ENABLED', 2);
// VERSION INFO // VERSION INFO
$version = '0.9.3'; $version = '0.9.3-svn1';
$dbversion = '2'; $dbversion = '2';
$branding = ''; $branding = '';

6
lng/english.lng.php
View File

@@ -1305,4 +1305,10 @@ $lng['admin']['newerversionavailable'] = 'There is a newer version of Froxlor av
$lng['emails']['noemaildomainaddedyet'] = 'You do not have a (email-)domain in your account yet.'; $lng['emails']['noemaildomainaddedyet'] = 'You do not have a (email-)domain in your account yet.';
$lng['error']['hiddenfieldvaluechanged'] = 'The value for the hidden field &quot;%s&quot; changed while editing the settings.<br /><br />This is usually not a big problem but the settings could not be saved because of this.'; $lng['error']['hiddenfieldvaluechanged'] = 'The value for the hidden field &quot;%s&quot; changed while editing the settings.<br /><br />This is usually not a big problem but the settings could not be saved because of this.';
// ADDED IN FROXLOR 0.9.3-svn1
$lng['serversettings']['panel_password_min_length']['title'] = 'Minimum password length';
$lng['serversettings']['panel_password_min_length']['description'] = 'Here you can set a minimum length for passwords. \'0\' means: no minimum length required.';
$lng['error']['notrequiredpasswordlength'] = 'The given password is too short. Please enter at least %s characters.';
?> ?>

6
lng/german.lng.php
View File

@@ -1285,4 +1285,10 @@ $lng['admin']['newerversionavailable'] = 'Eine neuere Version von Froxlor wurde
$lng['emails']['noemaildomainaddedyet'] = 'Sie haben bisher noch keine (E-Mail-)Domain in Ihrem Konto.'; $lng['emails']['noemaildomainaddedyet'] = 'Sie haben bisher noch keine (E-Mail-)Domain in Ihrem Konto.';
$lng['error']['hiddenfieldvaluechanged'] = 'Der Wert des verborgenen Feldes &quot;%s&quot; hat sich w&auml;hrend dem &Auml;ndern der Einstellungen ge&auml;ndert.<br /><br />Dies ist im Grunde kein schwerwiegendes Problem, allerdings konnten so die Einstellungen nicht gespeichert werden.'; $lng['error']['hiddenfieldvaluechanged'] = 'Der Wert des verborgenen Feldes &quot;%s&quot; hat sich w&auml;hrend dem &Auml;ndern der Einstellungen ge&auml;ndert.<br /><br />Dies ist im Grunde kein schwerwiegendes Problem, allerdings konnten so die Einstellungen nicht gespeichert werden.';
// ADDED IN FROXLOR 0.9.3-svn1
$lng['serversettings']['panel_password_min_length']['title'] = 'Mindestl&auml;nge von Passw&ouml;rtern';
$lng['serversettings']['panel_password_min_length']['description'] = 'Hier k&ouml;nnen Sie die Mindestl&auml;nge f&uuml;r Passw&ouml;rter festlegen. \'0\' bedeutet: Keine Mindestl&auml;nge';
$lng['error']['notrequiredpasswordlength'] = 'Das Passwort ist zu kurz. Bitte geben Sie mindestens %s Zeichen an.';
?> ?>