webinterface.git

Passwort-Ändern geht jetzt auch für Subuser
Parent f89f9ca
bernd

bernd commited on 2010-10-01 10:45:36
Zeige 4 geänderte Dateien mit 21 Einfügungen und 4 Löschungen. 

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1824 87cf0b9e-d624-0410-a070-f6ee81989793
inc/base.php
Zeige Datei @ 3d226df
... ... 
@@ -27,7 +27,10 @@ function config($key)
27 27 
   while( $object = mysql_fetch_assoc( $options ) ) {
28 28 
 	  $config[$object['key']]=$object['value'];
29 29 
   }
30 
-  DEBUG($config);
30 
+  // Sonst wird das Passwort des webadmin-Users mit ausgegeben
31 
+  $debug_config = $config;
32 
+  unset($debug_config['db_pass']);
33 
+  DEBUG($debug_config);
31 34 
   if (array_key_exists($key, $config))
32 35 
     return $config[$key];
33 36 
   else
modules/index/chpass.php
Zeige Datei @ 3d226df
... ... 
@@ -1,7 +1,7 @@
1 1 
 <?php
2 2 
 require_once('inc/debug.php');
3 3 
 require_once('inc/security.php');
4 
-require_role(array(ROLE_SYSTEMUSER, ROLE_CUSTOMER));
4 
+require_role(array(ROLE_SYSTEMUSER, ROLE_CUSTOMER, ROLE_SUBUSER));
5 5
6 6 
 title("Passwort ändern");
7 7 
 $error = '';
... ... 
@@ -13,6 +13,9 @@ if (isset($_POST['password1']))
13 13 
   check_form_token('index_chpass');
14 14 
   $result = NULL;
15 15 
   if ($_SESSION['role'] & ROLE_SYSTEMUSER)
16 
+    if ($_SESSION['role'] & ROLE_SUBUSER)
17 
+      $result = find_role($_SESSION['subuser'], $_POST['old_password']);
18 
+    else
16 19 
       $result = find_role($_SESSION['userinfo']['uid'], $_POST['old_password']);
17 20 
   else
18 21 
     $result = find_role($_SESSION['customerinfo']['customerno'], $_POST['old_password']);
... ... 
@@ -31,6 +34,8 @@ if (isset($_POST['password1']))
31 34 
   {
32 35 
     if ($result & ROLE_SYSTEMUSER)
33 36 
       set_systemuser_password($_SESSION['userinfo']['uid'], $_POST['password1']);
37 
+    elseif ($result & ROLE_SUBUSER)
38 
+      set_subuser_password($_SESSION['subuser'], $_POST['password1']);
34 39 
     elseif ($result & ROLE_CUSTOMER)
35 40 
       set_customer_password($_SESSION['customerinfo']['customerno'], $_POST['password1']);
36 41 
     else
... ... 
@@ -45,7 +50,7 @@ if (isset($_POST['password1']))
45 50
46 51
47 52
48 
-if ($_SESSION['role'] & ROLE_SYSTEMUSER)
53 
+if ($_SESSION['role'] & ROLE_SYSTEMUSER && ! ($_SESSION['role'] & ROLE_SUBUSER))
49 54 
   warning('Beachten Sie: Wenn Sie hier Ihr Passwort ändern, betrifft dies auch Ihr Anmelde-Passwort am Server (SSH).');
50 55
51 56 
 output('<p>Hier können Sie Ihr Passwort ändern.</p>
modules/index/menu.php
Zeige Datei @ 3d226df
... ... 
@@ -8,7 +8,7 @@ if ($role == ROLE_ANONYMOUS) {
8 8 
 } else {
9 9 
   if ($role & (ROLE_SYSTEMUSER | ROLE_SUBUSER))
10 10 
     $menu["index_cert"] = array("label" => "Client-Zertifikat", "file" => "cert", "weight" => 10, "submenu" => "index_index");
11 
-  if ($role & (ROLE_SYSTEMUSER | ROLE_CUSTOMER) && ! $role & ROLE_SUBUSER) {
11 
+  if ($role & (ROLE_SYSTEMUSER | ROLE_CUSTOMER)) {
12 12 
     $menu["index_chpass"] = array("label" => "Passwort ändern", "file" => "chpass", "weight" => 98);
13 13 
   }
14 14
session/checkuser.php
Zeige Datei @ 3d226df
... ... 
@@ -202,6 +202,15 @@ function set_customer_password($customerno, $newpass)
202 202 
   logger(LOG_INFO, "session/checkuser", "pwchange", "changed customer's password.");
203 203 
 }
204 204
205 
+function set_subuser_password($subuser, $newpass)
206 
+{
207 
+  $subuser = mysql_real_escape_string($subuser);
208 
+  $uid = (int) $_SESSION['userinfo']['uid'];
209 
+  $newpass = sha1($newpass);
210 
+  db_query("UPDATE system.subusers SET password='$newpass' WHERE username='{$subuser}' AND uid={$uid}");
211 
+  logger(LOG_INFO, "session/checkuser", "pwchange", "changed subuser's password.");
212 
+}
213 
+
205 214 
 function set_systemuser_password($uid, $newpass)
206 215 
 {
207 216 
   $uid = (int) $uid;
208 217