Fixed some bugs, made activationcode more secure, added update script, merged missing commit
This commit is contained in:
BNoiZe
10
index.php
10
index.php
@@ -297,8 +297,8 @@ if ($action == 'forgotpwd') {
|
|||||||
if ($user !== false) {
|
if ($user !== false) {
|
||||||
// build a activation code
|
// build a activation code
|
||||||
$timestamp = time();
|
$timestamp = time();
|
||||||
$first = substr(md5($user['loginname'] . $timestamp), 0, 15);
|
$first = substr(md5($user['loginname'] . $timestamp . rand(0, $timestamp)), 0, 15);
|
||||||
$third = substr(md5($user['email'] . $timestamp), -15);
|
$third = substr(md5($user['email'] . $timestamp . rand(0, $timestamp)), -15);
|
||||||
$activationcode = $first . $timestamp . $third . substr(md5($third . $timestamp), 0, 10);
|
$activationcode = $first . $timestamp . $third . substr(md5($third . $timestamp), 0, 10);
|
||||||
|
|
||||||
// Drop all existing activation codes for this user
|
// Drop all existing activation codes for this user
|
||||||
@@ -419,6 +419,12 @@ if ($action == 'forgotpwd') {
|
|||||||
if ($action == 'resetpwd') {
|
if ($action == 'resetpwd') {
|
||||||
$message = '';
|
$message = '';
|
||||||
|
|
||||||
|
// Remove old activation codes
|
||||||
|
$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_ACTIVATION . "`
|
||||||
|
WHERE creation < :oldest"
|
||||||
|
);
|
||||||
|
Database::pexecute($stmt, array("oldest" => time() - 86400));
|
||||||
|
|
||||||
if (isset($_GET['resetcode']) && strlen($_GET['resetcode']) == 50) {
|
if (isset($_GET['resetcode']) && strlen($_GET['resetcode']) == 50) {
|
||||||
// Check if activation code is valid
|
// Check if activation code is valid
|
||||||
$activationcode = $_GET['resetcode'];
|
$activationcode = $_GET['resetcode'];
|
||||||
|
|||||||
@@ -74,6 +74,16 @@ CREATE TABLE `mail_virtual` (
|
|||||||
) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;
|
) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;
|
||||||
|
|
||||||
|
|
||||||
|
DROP TABLE IF EXISTS `panel_activation`;
|
||||||
|
CREATE TABLE `panel_activation` (
|
||||||
|
`id` int(11) unsigned NOT NULL auto_increment,
|
||||||
|
`userid` int(11) unsigned NOT NULL default '0',
|
||||||
|
`admin` tinyint(1) unsigned NOT NULL default '0',
|
||||||
|
`creation` int(11) unsigned NOT NULL default '0',
|
||||||
|
`activationcode` varchar(50) default NULL,
|
||||||
|
PRIMARY KEY (id)
|
||||||
|
) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;
|
||||||
|
|
||||||
|
|
||||||
DROP TABLE IF EXISTS `panel_admins`;
|
DROP TABLE IF EXISTS `panel_admins`;
|
||||||
CREATE TABLE `panel_admins` (
|
CREATE TABLE `panel_admins` (
|
||||||
@@ -540,7 +550,7 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
|
|||||||
('panel', 'phpconfigs_hidestdsubdomain', '0'),
|
('panel', 'phpconfigs_hidestdsubdomain', '0'),
|
||||||
('panel', 'allow_theme_change_admin', '1'),
|
('panel', 'allow_theme_change_admin', '1'),
|
||||||
('panel', 'allow_theme_change_customer', '1'),
|
('panel', 'allow_theme_change_customer', '1'),
|
||||||
('panel', 'version', '0.9.31-dev3');
|
('panel', 'version', '0.9.31-dev4');
|
||||||
|
|
||||||
|
|
||||||
DROP TABLE IF EXISTS `panel_tasks`;
|
DROP TABLE IF EXISTS `panel_tasks`;
|
||||||
|
|||||||
@@ -2452,3 +2452,22 @@ if (isFroxlorVersion('0.9.31-dev2')) {
|
|||||||
lastStepStatus(0);
|
lastStepStatus(0);
|
||||||
updateToVersion('0.9.31-dev3');
|
updateToVersion('0.9.31-dev3');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (isFroxlorVersion('0.9.31-dev3')) {
|
||||||
|
showUpdateStep("Updating from 0.9.31-dev3 to 0.9.31-dev4", true);
|
||||||
|
|
||||||
|
showUpdateStep("Adding new panel_activation table");
|
||||||
|
Database::query("DROP TABLE IF EXISTS `panel_activation`;");
|
||||||
|
$sql = "CREATE TABLE `" . TABLE_PANEL_ACTIVATION . "` (
|
||||||
|
id int(11) unsigned NOT NULL AUTO_INCREMENT,
|
||||||
|
userid int(11) unsigned NOT NULL DEFAULT '0',
|
||||||
|
admin tinyint(1) unsigned NOT NULL DEFAULT '0',
|
||||||
|
creation int(11) unsigned NOT NULL DEFAULT '0',
|
||||||
|
activationcode varchar(50) DEFAULT NULL,
|
||||||
|
PRIMARY KEY (id)
|
||||||
|
) ENGINE=MyISAM;";
|
||||||
|
Database::query($sql);
|
||||||
|
|
||||||
|
lastStepStatus(0);
|
||||||
|
updateToVersion('0.9.31-dev4');
|
||||||
|
}
|
||||||
|
|||||||
@@ -72,6 +72,6 @@ define('PACKAGE_LOCKED', 1);
|
|||||||
define('PACKAGE_ENABLED', 2);
|
define('PACKAGE_ENABLED', 2);
|
||||||
|
|
||||||
// VERSION INFO
|
// VERSION INFO
|
||||||
$version = '0.9.31-dev3';
|
$version = '0.9.31-dev4';
|
||||||
$dbversion = '2';
|
$dbversion = '2';
|
||||||
$branding = '';
|
$branding = '';
|
||||||
|
|||||||
@@ -1986,4 +1986,4 @@ $lng['error']['notallowedtouseaccounts'] = 'Your account does not allow using IM
|
|||||||
$lng['pwdreminder']['changed'] = 'Your password has been successfully changed. You can now login using this password.';
|
$lng['pwdreminder']['changed'] = 'Your password has been successfully changed. You can now login using this password.';
|
||||||
$lng['pwdreminder']['wrongcode'] = 'Sorry, the used activationcode does not exist or is already expired.';
|
$lng['pwdreminder']['wrongcode'] = 'Sorry, the used activationcode does not exist or is already expired.';
|
||||||
$lng['admin']['templates']['LINK'] = 'Replaced with the customers password reset link.';
|
$lng['admin']['templates']['LINK'] = 'Replaced with the customers password reset link.';
|
||||||
$lng['pwdreminder']['choosenew'] = 'Choose new password';
|
$lng['pwdreminder']['choosenew'] = 'Choose new password';
|
||||||
|
|||||||
@@ -1713,4 +1713,3 @@ $lng['pwdreminder']['changed'] = 'Ihr Passwort wurde erfolgreich geändert. Sie
|
|||||||
$lng['pwdreminder']['wrongcode'] = 'Der verwendete Aktivierungscode ist entweder nicht gültig oder bereits abgelaufen.';
|
$lng['pwdreminder']['wrongcode'] = 'Der verwendete Aktivierungscode ist entweder nicht gültig oder bereits abgelaufen.';
|
||||||
$lng['admin']['templates']['LINK'] = 'Wird mit dem Link zum Zurücksetzen des Passworts ersetzt.';
|
$lng['admin']['templates']['LINK'] = 'Wird mit dem Link zum Zurücksetzen des Passworts ersetzt.';
|
||||||
$lng['pwdreminder']['choosenew'] = 'Neues Passwort auswählen';
|
$lng['pwdreminder']['choosenew'] = 'Neues Passwort auswählen';
|
||||||
$lng['error']['notallowedtouseaccounts'] = 'Ihrem Konto ist die Nutzung von IMAP/POP3 nicht erlaubt, daher können keine E-Mail Konten angelegt werden';
|
|
||||||
|
|||||||
@@ -34,4 +34,4 @@ $header
|
|||||||
</aside>
|
</aside>
|
||||||
</section>
|
</section>
|
||||||
</article>
|
</article>
|
||||||
$footer
|
$footer
|
||||||
|
|||||||
2
templates/Sparkle/login/rpwd.tpl
vendored
2
templates/Sparkle/login/rpwd.tpl
vendored
@@ -34,4 +34,4 @@ $header
|
|||||||
</aside>
|
</aside>
|
||||||
</section>
|
</section>
|
||||||
</article>
|
</article>
|
||||||
$footer
|
$footer
|
||||||
|
|||||||
Reference in New Issue
Block a user