Browse code

Auch mailaccounts können sich einloggen

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@625 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on13/08/2007 13:15:55
Showing7 changed files
1 1
new file mode 100644
... ...
@@ -0,0 +1,59 @@
1
+<?php
2
+
3
+require_once('session/start.php');
4
+
5
+require_once('mailaccounts.php');
6
+
7
+require_role(ROLE_MAILACCOUNT);
8
+
9
+$account = $_SESSION['accountname'];
10
+
11
+$title = "Passwort ändern";
12
+
13
+if ($_POST['password1'] != '')
14
+{
15
+  check_form_token('imap_chpass');
16
+  $result = find_role($_SESSION['mailaccount'], $_POST['old_password']);
17
+
18
+  if ($_POST['old_password'] == '')
19
+    input_error('Altes Passwort nicht angegeben!');
20
+  elseif (! $result & ROLE_MAILACCOUNT)
21
+    input_error('Das bisherige Passwort ist nicht korrekt!');
22
+  elseif ($_POST['password2'] != $_POST['password1'])
23
+    input_error('Die Bestätigung ist nicht identisch mit dem neuen Passwort!');
24
+  elseif ($_POST['password2'] == '')
25
+    input_error('Sie müssen das neue Passwort zweimal eingeben!');
26
+  elseif (($check = strong_password($_POST['password1'])) !== true)
27
+    input_error("Das Passwort ist zu einfach (cracklib sagt: {$check})!");
28
+  else {
29
+    change_mailaccount(get_mailaccount_id($_SESSION['mailaccount']), array('password' => $_POST['password1']));
30
+    if (! $debugmode)
31
+      header('Location: chpass.php');
32
+    else
33
+      output('');
34
+  }
35
+}
36
+
37
+
38
+
39
+output('<h3>Passwort &auml;ndern</h3>
40
+<p>Hier k&ouml;nnen Sie Ihr Passwort &auml;ndern.</p>
41
+'.html_form('imap_chpass', 'chpass.php', '', '<table>
42
+  <tr>
43
+    <td>bisheriges Passwort:</td>  <td><input type="password" name="old_password" value="" /></td>
44
+  </tr>
45
+  <tr>
46
+    <td>neues Passwort:</td>       <td><input type="password" name="password1" value="" /></td>
47
+  </tr>
48
+  <tr>
49
+    <td>Best&auml;tigung:<br /><span style="font-size: 80%;">(nochmal neues Passwort)</span></td>
50
+                                   <td><input type="password" name="password2" value="" /></td>
51
+  </tr>
52
+</table>
53
+<p><input type="submit" value="Speichern" /></p>
54
+'));
55
+
56
+
57
+
58
+
59
+?>
... ...
@@ -117,6 +117,23 @@ function create_mailaccount($arr)
117 117
 
118 118
 }
119 119
 
120
+    
121
+function get_mailaccount_id($accountname)
122
+{
123
+  list($local, $domain) = explode('@', $accountname, 2);
124
+  if ($domain == 'schokokeks.org')
125
+    $domain = '';
126
+
127
+  $local = mysql_real_escape_string($local);
128
+  $domain = maybe_null($domain);
129
+
130
+  $result = db_query("SELECT acc.id FROM mail.mailaccounts AS acc LEFT JOIN mail.v_domains AS dom ON (dom.id=acc.domain) WHERE local='{$local}' AND dom.domainname={$domain}");
131
+  if (mysql_num_rows($result) != 1)
132
+    system_failure('account nicht eindeutig');
133
+  $acc = mysql_fetch_assoc($result);
134
+  return $acc['id'];
135
+}
136
+    
120 137
 
121 138
 function delete_mailaccount($id)
122 139
 {
... ...
@@ -8,6 +8,10 @@ if ($role & ROLE_SYSTEMUSER)
8 8
 {
9 9
   $menu["imap_accounts"] = array("label" => "IMAP/POP3", "file" => "accounts.php", "weight" => 10);
10 10
 }
11
+elseif ($role & ROLE_MAILACCOUNT)
12
+{
13
+  $menu["imap_chpass"] = array("label" => "Passwort ändern", "file" => "chpass.php", "weight" => 10);
14
+}
11 15
 
12 16
 if (empty($menu))
13 17
   $menu = false;
... ...
@@ -61,10 +61,9 @@ output('<h3>Passwort &auml;ndern</h3>
61 61
     <td>Best&auml;tigung:<br /><span style="font-size: 80%;">(nochmal neues Passwort)</span></td>
62 62
                                    <td><input type="password" name="password2" value="" /></td>
63 63
   </tr>
64
-  <tr>
65
-    <td>&nbsp;</td><td><input type="submit" value="Speichern" /></td>
66
-  </tr>
67
-</table>'));
64
+</table>
65
+<p><input type="submit" value="Speichern" /></p>
66
+'));
68 67
 
69 68
 
70 69
 
... ...
@@ -18,6 +18,9 @@ switch ($_SESSION['role'])
18 18
 case ROLE_ANONYMOUS:
19 19
   login_screen('');
20 20
   break;
21
+case ROLE_MAILACCOUNT:
22
+  $role = "{$_SESSION['mailaccount']}, angemeldet als IMAP/POP3-Account";
23
+  break;
21 24
 case ROLE_SYSTEMUSER:
22 25
   $role = "{$_SESSION['userinfo']['name']}, angemeldet als Benutzer";
23 26
   break;
... ...
@@ -4,16 +4,15 @@ $menu = array();
4 4
 
5 5
 $role = $_SESSION['role'];
6 6
 
7
-switch ($role)
8
-{
9
-  case ROLE_ANONYMOUS:
10
-    $menu["index_login"] = array("label" => "Login", "file" => "index.php", "weight" => 0);
11
-    break;
12
-  default:
13
-    $menu["index_logout"] = array("label" => "Logout", "file" => "logout.php", "weight" => 99);
7
+if ($role == ROLE_ANONYMOUS) {
8
+  $menu["index_login"] = array("label" => "Login", "file" => "index.php", "weight" => 0);
9
+} else {
10
+  if ($role & (ROLE_SYSTEMUSER | ROLE_CUSTOMER)) {
14 11
     $menu["index_chpass"] = array("label" => "Passwort ändern", "file" => "chpass.php", "weight" => 98);
15
-    $menu["index_index"] = array("label" => "Übersicht", "file" => "index.php", "weight" => 0);
16
-    
12
+  }
13
+
14
+  $menu["index_logout"] = array("label" => "Logout", "file" => "logout.php", "weight" => 99);
15
+  $menu["index_index"] = array("label" => "Übersicht", "file" => "index.php", "weight" => 0);
17 16
 }
18 17
 
19 18
 if (empty($menu))
... ...
@@ -7,7 +7,7 @@ require_once('inc/error.php');
7 7
 require_once('inc/db_connect.php');
8 8
 
9 9
 define('ROLE_ANONYMOUS', 0);
10
-define('ROLE_DOMAINADMIN', 1);
10
+define('ROLE_MAILACCOUNT', 1);
11 11
 define('ROLE_SYSTEMUSER', 2);
12 12
 define('ROLE_CUSTOMER', 4);
13 13
 define('ROLE_SYSADMIN', 8);
... ...
@@ -51,6 +51,25 @@ function find_role($login, $password, $i_am_admin = False)
51 51
     return ROLE_CUSTOMER;
52 52
   }
53 53
 
54
+  // Mail-Account
55
+  $account = $login;
56
+  if (! strstr($account, '@')) {
57
+    $account .= '@schokokeks.org';
58
+  }
59
+  $result = db_query("SELECT cryptpass FROM mail.courier_mailaccounts WHERE account='{$account}' LIMIT 1;");
60
+  if (@mysql_num_rows($result) > 0)
61
+  {
62
+    $entry = mysql_fetch_object($result);
63
+    $db_password = $entry->cryptpass;
64
+    $hash = crypt($password, $db_password);
65
+    if ($hash == $db_password || $i_am_admin)
66
+    {
67
+      return ROLE_MAILACCOUNT;
68
+    }
69
+  }
70
+  
71
+
72
+
54 73
   // Nothing?
55 74
   return NULL;
56 75
 }
... ...
@@ -169,6 +188,15 @@ function setup_session($role, $useridentity)
169 188
     set_customer_lastlogin($info['customerno']);
170 189
     logger("session/start.php", "login", "logged in customer no »{$info['customerno']}«");
171 190
   }
191
+  if ($role & ROLE_MAILACCOUNT)
192
+  {
193
+    $id = $useridentity;
194
+    if (! strstr($id, '@'))
195
+      $id .= '@schokokeks.org';
196
+    $_SESSION['mailaccount'] = $id;
197
+    DEBUG("We are mailaccount: {$_SESSION['mailaccount']}");
198
+  }
199
+
172 200
 }
173 201
 
174 202
 ?>