Passwort-Ändern geht jetzt auch für Subuser
bernd

bernd commited on 2010-10-01 10:45:36
Zeige 4 geänderte Dateien mit 21 Einfügungen und 4 Löschungen.


git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1824 87cf0b9e-d624-0410-a070-f6ee81989793
... ...
@@ -27,7 +27,10 @@ function config($key)
27 27
   while( $object = mysql_fetch_assoc( $options ) ) {
28 28
 	  $config[$object['key']]=$object['value'];
29 29
   }
30
-  DEBUG($config);
30
+  // Sonst wird das Passwort des webadmin-Users mit ausgegeben
31
+  $debug_config = $config;
32
+  unset($debug_config['db_pass']);
33
+  DEBUG($debug_config);
31 34
   if (array_key_exists($key, $config))
32 35
     return $config[$key];
33 36
   else
... ...
@@ -1,7 +1,7 @@
1 1
 <?php
2 2
 require_once('inc/debug.php');
3 3
 require_once('inc/security.php');
4
-require_role(array(ROLE_SYSTEMUSER, ROLE_CUSTOMER));
4
+require_role(array(ROLE_SYSTEMUSER, ROLE_CUSTOMER, ROLE_SUBUSER));
5 5
 
6 6
 title("Passwort ändern");
7 7
 $error = '';
... ...
@@ -13,6 +13,9 @@ if (isset($_POST['password1']))
13 13
   check_form_token('index_chpass');
14 14
   $result = NULL;
15 15
   if ($_SESSION['role'] & ROLE_SYSTEMUSER)
16
+    if ($_SESSION['role'] & ROLE_SUBUSER)
17
+      $result = find_role($_SESSION['subuser'], $_POST['old_password']);
18
+    else
16 19
       $result = find_role($_SESSION['userinfo']['uid'], $_POST['old_password']);
17 20
   else
18 21
     $result = find_role($_SESSION['customerinfo']['customerno'], $_POST['old_password']);
... ...
@@ -31,6 +34,8 @@ if (isset($_POST['password1']))
31 34
   {
32 35
     if ($result & ROLE_SYSTEMUSER)
33 36
       set_systemuser_password($_SESSION['userinfo']['uid'], $_POST['password1']);
37
+    elseif ($result & ROLE_SUBUSER)
38
+      set_subuser_password($_SESSION['subuser'], $_POST['password1']);
34 39
     elseif ($result & ROLE_CUSTOMER)
35 40
       set_customer_password($_SESSION['customerinfo']['customerno'], $_POST['password1']);
36 41
     else
... ...
@@ -45,7 +50,7 @@ if (isset($_POST['password1']))
45 50
 
46 51
 
47 52
 
48
-if ($_SESSION['role'] & ROLE_SYSTEMUSER)
53
+if ($_SESSION['role'] & ROLE_SYSTEMUSER && ! ($_SESSION['role'] & ROLE_SUBUSER))
49 54
   warning('Beachten Sie: Wenn Sie hier Ihr Passwort ändern, betrifft dies auch Ihr Anmelde-Passwort am Server (SSH).');
50 55
 
51 56
 output('<p>Hier können Sie Ihr Passwort ändern.</p>
... ...
@@ -8,7 +8,7 @@ if ($role == ROLE_ANONYMOUS) {
8 8
 } else {
9 9
   if ($role & (ROLE_SYSTEMUSER | ROLE_SUBUSER))
10 10
     $menu["index_cert"] = array("label" => "Client-Zertifikat", "file" => "cert", "weight" => 10, "submenu" => "index_index");
11
-  if ($role & (ROLE_SYSTEMUSER | ROLE_CUSTOMER) && ! $role & ROLE_SUBUSER) {
11
+  if ($role & (ROLE_SYSTEMUSER | ROLE_CUSTOMER)) {
12 12
     $menu["index_chpass"] = array("label" => "Passwort ändern", "file" => "chpass", "weight" => 98);
13 13
   }
14 14
 
... ...
@@ -202,6 +202,15 @@ function set_customer_password($customerno, $newpass)
202 202
   logger(LOG_INFO, "session/checkuser", "pwchange", "changed customer's password.");
203 203
 }
204 204
 
205
+function set_subuser_password($subuser, $newpass)
206
+{
207
+  $subuser = mysql_real_escape_string($subuser);
208
+  $uid = (int) $_SESSION['userinfo']['uid'];
209
+  $newpass = sha1($newpass);
210
+  db_query("UPDATE system.subusers SET password='$newpass' WHERE username='{$subuser}' AND uid={$uid}");
211
+  logger(LOG_INFO, "session/checkuser", "pwchange", "changed subuser's password.");
212
+}
213
+
205 214
 function set_systemuser_password($uid, $newpass)
206 215
 {
207 216
   $uid = (int) $uid;
208 217