... | ... |
@@ -95,7 +95,7 @@ if ($_GET['action'] == 'new') { |
95 | 95 |
if ($_SESSION['role'] & ROLE_CUSTOMER) { |
96 | 96 |
$location = 'account'; |
97 | 97 |
} |
98 |
- header('Location: '.$location); |
|
98 |
+ header('Location: ' . $location); |
|
99 | 99 |
} |
100 | 100 |
} elseif ($_GET['action'] == 'delete') { |
101 | 101 |
system_failure("Benutzeraccounts zu löschen ist momentan nicht über diese Oberfläche möglich. Bitte wenden Sie sich an einen Administrator."); |
... | ... |
@@ -27,20 +27,6 @@ global $debugmode; |
27 | 27 |
|
28 | 28 |
if ($_GET['action'] == 'new') { |
29 | 29 |
system_failure('not implemented'); |
30 |
- /* |
|
31 |
- check_form_token('systemuser_new'); |
|
32 |
- if (filter_input_username($_POST['username']) == '' || |
|
33 |
- filter_shell($_POST['password']) == '') |
|
34 |
- { |
|
35 |
- input_error('Sie müssen alle Felder ausfüllen!'); |
|
36 |
- } |
|
37 |
- else |
|
38 |
- { |
|
39 |
- create_jabber_account($_POST['local'], $_POST['domain'], $_POST['password']); |
|
40 |
- if (! $debugmode) |
|
41 |
- header('Location: account'); |
|
42 |
- } |
|
43 |
- */ |
|
44 | 30 |
} elseif ($_GET['action'] == 'pwchange') { |
45 | 31 |
if (!$role & ROLE_CUSTOMER) { |
46 | 32 |
system_failure("Zum Ändern Ihres Passworts verwenden Sie bitte die Funktion im Hauptmenü!"); |
... | ... |
@@ -113,25 +99,6 @@ if ($_GET['action'] == 'new') { |
113 | 99 |
} |
114 | 100 |
} elseif ($_GET['action'] == 'delete') { |
115 | 101 |
system_failure("Benutzeraccounts zu löschen ist momentan nicht über diese Oberfläche möglich. Bitte wenden Sie sich an einen Administrator."); |
116 |
- /* |
|
117 |
- $account_string = filter_output_html($account['local'].'@'.$account['domain']); |
|
118 |
- $sure = user_is_sure(); |
|
119 |
- if ($sure === NULL) |
|
120 |
- { |
|
121 |
- are_you_sure("action=delete&account={$_GET['account']}", "Möchten Sie den Account »{$account_string}« wirklich löschen?"); |
|
122 |
- } |
|
123 |
- elseif ($sure === true) |
|
124 |
- { |
|
125 |
- delete_jabber_account($account['id']); |
|
126 |
- if (! $debugmode) |
|
127 |
- header("Location: account"); |
|
128 |
- } |
|
129 |
- elseif ($sure === false) |
|
130 |
- { |
|
131 |
- if (! $debugmode) |
|
132 |
- header("Location: account"); |
|
133 |
- } |
|
134 |
- */ |
|
135 | 102 |
} else { |
136 | 103 |
system_failure("Unimplemented action"); |
137 | 104 |
} |
... | ... |
@@ -42,7 +42,7 @@ if ($_GET['action'] == 'new') { |
42 | 42 |
} |
43 | 43 |
*/ |
44 | 44 |
} elseif ($_GET['action'] == 'pwchange') { |
45 |
- if (! $role & ROLE_CUSTOMER) { |
|
45 |
+ if (!$role & ROLE_CUSTOMER) { |
|
46 | 46 |
system_failure("Zum Ändern Ihres Passworts verwenden Sie bitte die Funktion im Hauptmenü!"); |
47 | 47 |
} |
48 | 48 |
$error = false; |
... | ... |
@@ -63,7 +63,7 @@ if ($_GET['action'] == 'new') { |
63 | 63 |
# set_systemuser_password kommt aus den Session-Funktionen! |
64 | 64 |
set_systemuser_password($user['uid'], $_POST['newpass1']); |
65 | 65 |
} |
66 |
- if (! ($debugmode || $error)) { |
|
66 |
+ if (!($debugmode || $error)) { |
|
67 | 67 |
header('Location: account'); |
68 | 68 |
} |
69 | 69 |
} elseif ($_GET['action'] == 'edit') { |
... | ... |
@@ -104,7 +104,7 @@ if ($_GET['action'] == 'new') { |
104 | 104 |
} |
105 | 105 |
|
106 | 106 |
set_account_details($account); |
107 |
- if (! ($debugmode)) { |
|
107 |
+ if (!($debugmode)) { |
|
108 | 108 |
$location = 'myaccount'; |
109 | 109 |
if ($_SESSION['role'] & ROLE_CUSTOMER) { |
110 | 110 |
$location = 'account'; |
... | ... |
@@ -27,20 +27,20 @@ global $debugmode; |
27 | 27 |
|
28 | 28 |
if ($_GET['action'] == 'new') { |
29 | 29 |
system_failure('not implemented'); |
30 |
-/* |
|
31 |
-check_form_token('systemuser_new'); |
|
32 |
-if (filter_input_username($_POST['username']) == '' || |
|
33 |
- filter_shell($_POST['password']) == '') |
|
34 |
-{ |
|
35 |
- input_error('Sie müssen alle Felder ausfüllen!'); |
|
36 |
-} |
|
37 |
-else |
|
38 |
-{ |
|
39 |
- create_jabber_account($_POST['local'], $_POST['domain'], $_POST['password']); |
|
40 |
- if (! $debugmode) |
|
41 |
- header('Location: account'); |
|
42 |
-} |
|
43 |
-*/ |
|
30 |
+ /* |
|
31 |
+ check_form_token('systemuser_new'); |
|
32 |
+ if (filter_input_username($_POST['username']) == '' || |
|
33 |
+ filter_shell($_POST['password']) == '') |
|
34 |
+ { |
|
35 |
+ input_error('Sie müssen alle Felder ausfüllen!'); |
|
36 |
+ } |
|
37 |
+ else |
|
38 |
+ { |
|
39 |
+ create_jabber_account($_POST['local'], $_POST['domain'], $_POST['password']); |
|
40 |
+ if (! $debugmode) |
|
41 |
+ header('Location: account'); |
|
42 |
+ } |
|
43 |
+ */ |
|
44 | 44 |
} elseif ($_GET['action'] == 'pwchange') { |
45 | 45 |
if (! $role & ROLE_CUSTOMER) { |
46 | 46 |
system_failure("Zum Ändern Ihres Passworts verwenden Sie bitte die Funktion im Hauptmenü!"); |
... | ... |
@@ -113,25 +113,25 @@ else |
113 | 113 |
} |
114 | 114 |
} elseif ($_GET['action'] == 'delete') { |
115 | 115 |
system_failure("Benutzeraccounts zu löschen ist momentan nicht über diese Oberfläche möglich. Bitte wenden Sie sich an einen Administrator."); |
116 |
-/* |
|
117 |
-$account_string = filter_output_html($account['local'].'@'.$account['domain']); |
|
118 |
-$sure = user_is_sure(); |
|
119 |
-if ($sure === NULL) |
|
120 |
-{ |
|
121 |
- are_you_sure("action=delete&account={$_GET['account']}", "Möchten Sie den Account »{$account_string}« wirklich löschen?"); |
|
122 |
-} |
|
123 |
-elseif ($sure === true) |
|
124 |
-{ |
|
125 |
- delete_jabber_account($account['id']); |
|
126 |
- if (! $debugmode) |
|
127 |
- header("Location: account"); |
|
128 |
-} |
|
129 |
-elseif ($sure === false) |
|
130 |
-{ |
|
131 |
- if (! $debugmode) |
|
132 |
- header("Location: account"); |
|
133 |
-} |
|
134 |
-*/ |
|
116 |
+ /* |
|
117 |
+ $account_string = filter_output_html($account['local'].'@'.$account['domain']); |
|
118 |
+ $sure = user_is_sure(); |
|
119 |
+ if ($sure === NULL) |
|
120 |
+ { |
|
121 |
+ are_you_sure("action=delete&account={$_GET['account']}", "Möchten Sie den Account »{$account_string}« wirklich löschen?"); |
|
122 |
+ } |
|
123 |
+ elseif ($sure === true) |
|
124 |
+ { |
|
125 |
+ delete_jabber_account($account['id']); |
|
126 |
+ if (! $debugmode) |
|
127 |
+ header("Location: account"); |
|
128 |
+ } |
|
129 |
+ elseif ($sure === false) |
|
130 |
+ { |
|
131 |
+ if (! $debugmode) |
|
132 |
+ header("Location: account"); |
|
133 |
+ } |
|
134 |
+ */ |
|
135 | 135 |
} else { |
136 | 136 |
system_failure("Unimplemented action"); |
137 | 137 |
} |
... | ... |
@@ -2,14 +2,11 @@ |
2 | 2 |
/* |
3 | 3 |
This file belongs to the Webinterface of schokokeks.org Hosting |
4 | 4 |
|
5 |
-Written 2008-2018 by schokokeks.org Hosting, namely |
|
5 |
+Written by schokokeks.org Hosting, namely |
|
6 | 6 |
Bernd Wurst <bernd@schokokeks.org> |
7 | 7 |
Hanno Böck <hanno@schokokeks.org> |
8 | 8 |
|
9 |
-To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty. |
|
10 |
- |
|
11 |
-You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see |
|
12 |
-http://creativecommons.org/publicdomain/zero/1.0/ |
|
9 |
+This code is published under a 0BSD license. |
|
13 | 10 |
|
14 | 11 |
Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code. |
15 | 12 |
*/ |
... | ... |
@@ -95,6 +95,10 @@ else |
95 | 95 |
$account['name'] = filter_input_oneline($_POST['fullname']); |
96 | 96 |
} |
97 | 97 |
|
98 |
+ if (isset($_POST['passwordlogin'])) { |
|
99 |
+ $account['passwordlogin'] = (int) $_POST['passwordlogin']; |
|
100 |
+ } |
|
101 |
+ |
|
98 | 102 |
$shells = available_shells(); |
99 | 103 |
if (isset($shells[$_POST['shell']])) { |
100 | 104 |
$account['shell'] = $_POST['shell']; |
... | ... |
@@ -92,7 +92,7 @@ else |
92 | 92 |
if ($_POST['defaultname'] == 1) { |
93 | 93 |
$account['name'] = null; |
94 | 94 |
} else { |
95 |
- $account['name'] = filter_input_general($_POST['fullname']); |
|
95 |
+ $account['name'] = filter_input_oneline($_POST['fullname']); |
|
96 | 96 |
} |
97 | 97 |
|
98 | 98 |
$shells = available_shells(); |
... | ... |
@@ -113,7 +113,7 @@ else |
113 | 113 |
} elseif ($_GET['action'] == 'delete') { |
114 | 114 |
system_failure("Benutzeraccounts zu löschen ist momentan nicht über diese Oberfläche möglich. Bitte wenden Sie sich an einen Administrator."); |
115 | 115 |
/* |
116 |
-$account_string = filter_input_general( $account['local'].'@'.$account['domain'] ); |
|
116 |
+$account_string = filter_output_html($account['local'].'@'.$account['domain']); |
|
117 | 117 |
$sure = user_is_sure(); |
118 | 118 |
if ($sure === NULL) |
119 | 119 |
{ |
... | ... |
@@ -70,7 +70,6 @@ else |
70 | 70 |
header('Location: account'); |
71 | 71 |
} |
72 | 72 |
} elseif ($_GET['action'] == 'edit') { |
73 |
- $error = false; |
|
74 | 73 |
check_form_token('systemuser_edit'); |
75 | 74 |
$account = null; |
76 | 75 |
if ($role & ROLE_CUSTOMER) { |
... | ... |
@@ -104,7 +103,7 @@ else |
104 | 103 |
} |
105 | 104 |
|
106 | 105 |
set_account_details($account); |
107 |
- if (! ($debugmode || $error)) { |
|
106 |
+ if (! ($debugmode)) { |
|
108 | 107 |
$location = 'myaccount'; |
109 | 108 |
if ($_SESSION['role'] & ROLE_CUSTOMER) { |
110 | 109 |
$location = 'account'; |
... | ... |
@@ -81,7 +81,7 @@ else |
81 | 81 |
if ($role & ROLE_CUSTOMER) { |
82 | 82 |
$customerquota = get_customer_quota(); |
83 | 83 |
$maxquota = $customerquota['max'] - $customerquota['assigned'] + $account['quota']; |
84 |
- |
|
84 |
+ |
|
85 | 85 |
$quota = (int) $_POST['quota']; |
86 | 86 |
if ($quota > $maxquota) { |
87 | 87 |
system_failure("Sie können diesem Account maximal {$maxquota} MB Speicherplatz zuweisen."); |
... | ... |
@@ -94,7 +94,7 @@ else |
94 | 94 |
} else { |
95 | 95 |
$account['name'] = filter_input_general($_POST['fullname']); |
96 | 96 |
} |
97 |
- |
|
97 |
+ |
|
98 | 98 |
$shells = available_shells(); |
99 | 99 |
if (isset($shells[$_POST['shell']])) { |
100 | 100 |
$account['shell'] = $_POST['shell']; |
... | ... |
@@ -8,7 +8,7 @@ Written 2008-2018 by schokokeks.org Hosting, namely |
8 | 8 |
|
9 | 9 |
To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty. |
10 | 10 |
|
11 |
-You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see |
|
11 |
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see |
|
12 | 12 |
http://creativecommons.org/publicdomain/zero/1.0/ |
13 | 13 |
|
14 | 14 |
Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code. |
... | ... |
@@ -28,120 +28,111 @@ $role = $_SESSION['role']; |
28 | 28 |
require_once("inc/debug.php"); |
29 | 29 |
global $debugmode; |
30 | 30 |
|
31 |
-if ($_GET['action'] == 'new') |
|
31 |
+if ($_GET['action'] == 'new') { |
|
32 |
+ system_failure('not implemented'); |
|
33 |
+/* |
|
34 |
+check_form_token('systemuser_new'); |
|
35 |
+if (filter_input_username($_POST['username']) == '' || |
|
36 |
+ filter_shell($_POST['password']) == '') |
|
32 | 37 |
{ |
33 |
- system_failure('not implemented'); |
|
34 |
- /* |
|
35 |
- check_form_token('systemuser_new'); |
|
36 |
- if (filter_input_username($_POST['username']) == '' || |
|
37 |
- filter_shell($_POST['password']) == '') |
|
38 |
- { |
|
39 |
- input_error('Sie müssen alle Felder ausfüllen!'); |
|
40 |
- } |
|
41 |
- else |
|
42 |
- { |
|
43 |
- create_jabber_account($_POST['local'], $_POST['domain'], $_POST['password']); |
|
44 |
- if (! $debugmode) |
|
45 |
- header('Location: account'); |
|
46 |
- } |
|
47 |
- */ |
|
38 |
+ input_error('Sie müssen alle Felder ausfüllen!'); |
|
48 | 39 |
} |
49 |
-elseif ($_GET['action'] == 'pwchange') |
|
40 |
+else |
|
50 | 41 |
{ |
51 |
- if (! $role & ROLE_CUSTOMER) |
|
52 |
- system_failure("Zum Ändern Ihres Passworts verwenden Sie bitte die Funktion im Hauptmenü!"); |
|
53 |
- $error = false; |
|
54 |
- check_form_token('systemuser_pwchange'); |
|
55 |
- if (customer_useraccount($_REQUEST['uid'])) |
|
56 |
- system_failure('Zum Ändern dieses Passworts verwenden Sie bitte die Funktion im Hauptmenü!'); |
|
57 |
- |
|
58 |
- //if (! strong_password($_POST['newpass'])) |
|
59 |
- // input_error('Das Passwort ist zu einfach'); |
|
60 |
- //else |
|
61 |
- if ($_POST['newpass1'] == '' || |
|
62 |
- $_POST['newpass1'] != $_POST['newpass2']) |
|
63 |
- { |
|
64 |
- input_error('Bitte zweimal ein neues Passwort eingeben!'); |
|
65 |
- $error = true; |
|
66 |
- } |
|
67 |
- else |
|
68 |
- { |
|
69 |
- $user = get_account_details($_REQUEST['uid']); |
|
70 |
- # set_systemuser_password kommt aus den Session-Funktionen! |
|
71 |
- set_systemuser_password($user['uid'], $_POST['newpass1']); |
|
72 |
- } |
|
73 |
- if (! ($debugmode || $error)) |
|
42 |
+ create_jabber_account($_POST['local'], $_POST['domain'], $_POST['password']); |
|
43 |
+ if (! $debugmode) |
|
74 | 44 |
header('Location: account'); |
75 | 45 |
} |
76 |
-elseif ($_GET['action'] == 'edit') |
|
77 |
-{ |
|
78 |
- check_form_token('systemuser_edit'); |
|
79 |
- $account = NULL; |
|
80 |
- if ($role & ROLE_CUSTOMER) |
|
81 |
- $account = get_account_details($_REQUEST['uid']); |
|
82 |
- else |
|
83 |
- $account = get_account_details($_SESSION['userinfo']['uid'], $_SESSION['userinfo']['customerno']); |
|
84 |
- |
|
85 |
- if ($role & ROLE_CUSTOMER) |
|
86 |
- { |
|
87 |
- $customerquota = get_customer_quota(); |
|
88 |
- $maxquota = $customerquota['max'] - $customerquota['assigned'] + $account['quota']; |
|
46 |
+*/ |
|
47 |
+} elseif ($_GET['action'] == 'pwchange') { |
|
48 |
+ if (! $role & ROLE_CUSTOMER) { |
|
49 |
+ system_failure("Zum Ändern Ihres Passworts verwenden Sie bitte die Funktion im Hauptmenü!"); |
|
50 |
+ } |
|
51 |
+ $error = false; |
|
52 |
+ check_form_token('systemuser_pwchange'); |
|
53 |
+ if (customer_useraccount($_REQUEST['uid'])) { |
|
54 |
+ system_failure('Zum Ändern dieses Passworts verwenden Sie bitte die Funktion im Hauptmenü!'); |
|
55 |
+ } |
|
56 |
+ |
|
57 |
+ //if (! strong_password($_POST['newpass'])) |
|
58 |
+ // input_error('Das Passwort ist zu einfach'); |
|
59 |
+ //else |
|
60 |
+ if ($_POST['newpass1'] == '' || |
|
61 |
+ $_POST['newpass1'] != $_POST['newpass2']) { |
|
62 |
+ input_error('Bitte zweimal ein neues Passwort eingeben!'); |
|
63 |
+ $error = true; |
|
64 |
+ } else { |
|
65 |
+ $user = get_account_details($_REQUEST['uid']); |
|
66 |
+ # set_systemuser_password kommt aus den Session-Funktionen! |
|
67 |
+ set_systemuser_password($user['uid'], $_POST['newpass1']); |
|
68 |
+ } |
|
69 |
+ if (! ($debugmode || $error)) { |
|
70 |
+ header('Location: account'); |
|
71 |
+ } |
|
72 |
+} elseif ($_GET['action'] == 'edit') { |
|
73 |
+ check_form_token('systemuser_edit'); |
|
74 |
+ $account = null; |
|
75 |
+ if ($role & ROLE_CUSTOMER) { |
|
76 |
+ $account = get_account_details($_REQUEST['uid']); |
|
77 |
+ } else { |
|
78 |
+ $account = get_account_details($_SESSION['userinfo']['uid'], $_SESSION['userinfo']['customerno']); |
|
79 |
+ } |
|
80 |
+ |
|
81 |
+ if ($role & ROLE_CUSTOMER) { |
|
82 |
+ $customerquota = get_customer_quota(); |
|
83 |
+ $maxquota = $customerquota['max'] - $customerquota['assigned'] + $account['quota']; |
|
89 | 84 |
|
90 |
- $quota = (int) $_POST['quota']; |
|
91 |
- if ($quota > $maxquota) |
|
92 |
- system_failure("Sie können diesem Account maximal {$maxquota} MB Speicherplatz zuweisen."); |
|
93 |
- $account['quota'] = $quota; |
|
94 |
- } |
|
95 |
- |
|
96 |
- if ($_POST['defaultname'] == 1) |
|
97 |
- $account['name'] = NULL; |
|
98 |
- else |
|
99 |
- $account['name'] = filter_input_general($_POST['fullname']); |
|
100 |
- |
|
101 |
- $shells = available_shells(); |
|
102 |
- if (isset($shells[$_POST['shell']])) |
|
103 |
- $account['shell'] = $_POST['shell']; |
|
104 |
- else |
|
105 |
- if (isset($_POST['shell']) && $_POST['shell'] != '') |
|
106 |
- system_failure('Ungültige Shell'); |
|
107 |
- |
|
108 |
- set_account_details($account); |
|
109 |
- if (! ($debugmode || $error)) { |
|
110 |
- $location = 'myaccount'; |
|
111 |
- if ($_SESSION['role'] & ROLE_CUSTOMER) { |
|
112 |
- $location = 'account'; |
|
85 |
+ $quota = (int) $_POST['quota']; |
|
86 |
+ if ($quota > $maxquota) { |
|
87 |
+ system_failure("Sie können diesem Account maximal {$maxquota} MB Speicherplatz zuweisen."); |
|
88 |
+ } |
|
89 |
+ $account['quota'] = $quota; |
|
90 |
+ } |
|
91 |
+ |
|
92 |
+ if ($_POST['defaultname'] == 1) { |
|
93 |
+ $account['name'] = null; |
|
94 |
+ } else { |
|
95 |
+ $account['name'] = filter_input_general($_POST['fullname']); |
|
113 | 96 |
} |
114 |
- header('Location: '.$location); |
|
115 |
- } |
|
116 | 97 |
|
98 |
+ $shells = available_shells(); |
|
99 |
+ if (isset($shells[$_POST['shell']])) { |
|
100 |
+ $account['shell'] = $_POST['shell']; |
|
101 |
+ } elseif (isset($_POST['shell']) && $_POST['shell'] != '') { |
|
102 |
+ system_failure('Ungültige Shell'); |
|
103 |
+ } |
|
104 |
+ |
|
105 |
+ set_account_details($account); |
|
106 |
+ if (! ($debugmode || $error)) { |
|
107 |
+ $location = 'myaccount'; |
|
108 |
+ if ($_SESSION['role'] & ROLE_CUSTOMER) { |
|
109 |
+ $location = 'account'; |
|
110 |
+ } |
|
111 |
+ header('Location: '.$location); |
|
112 |
+ } |
|
113 |
+} elseif ($_GET['action'] == 'delete') { |
|
114 |
+ system_failure("Benutzeraccounts zu löschen ist momentan nicht über diese Oberfläche möglich. Bitte wenden Sie sich an einen Administrator."); |
|
115 |
+/* |
|
116 |
+$account_string = filter_input_general( $account['local'].'@'.$account['domain'] ); |
|
117 |
+$sure = user_is_sure(); |
|
118 |
+if ($sure === NULL) |
|
119 |
+{ |
|
120 |
+ are_you_sure("action=delete&account={$_GET['account']}", "Möchten Sie den Account »{$account_string}« wirklich löschen?"); |
|
117 | 121 |
} |
118 |
-elseif ($_GET['action'] == 'delete') |
|
122 |
+elseif ($sure === true) |
|
119 | 123 |
{ |
120 |
- system_failure("Benutzeraccounts zu löschen ist momentan nicht über diese Oberfläche möglich. Bitte wenden Sie sich an einen Administrator."); |
|
121 |
- /* |
|
122 |
- $account_string = filter_input_general( $account['local'].'@'.$account['domain'] ); |
|
123 |
- $sure = user_is_sure(); |
|
124 |
- if ($sure === NULL) |
|
125 |
- { |
|
126 |
- are_you_sure("action=delete&account={$_GET['account']}", "Möchten Sie den Account »{$account_string}« wirklich löschen?"); |
|
127 |
- } |
|
128 |
- elseif ($sure === true) |
|
129 |
- { |
|
130 |
- delete_jabber_account($account['id']); |
|
131 |
- if (! $debugmode) |
|
132 |
- header("Location: account"); |
|
133 |
- } |
|
134 |
- elseif ($sure === false) |
|
135 |
- { |
|
136 |
- if (! $debugmode) |
|
137 |
- header("Location: account"); |
|
138 |
- } |
|
139 |
- */ |
|
124 |
+ delete_jabber_account($account['id']); |
|
125 |
+ if (! $debugmode) |
|
126 |
+ header("Location: account"); |
|
127 |
+} |
|
128 |
+elseif ($sure === false) |
|
129 |
+{ |
|
130 |
+ if (! $debugmode) |
|
131 |
+ header("Location: account"); |
|
132 |
+} |
|
133 |
+*/ |
|
134 |
+} else { |
|
135 |
+ system_failure("Unimplemented action"); |
|
140 | 136 |
} |
141 |
-else |
|
142 |
- system_failure("Unimplemented action"); |
|
143 | 137 |
|
144 | 138 |
output(''); |
145 |
- |
|
146 |
- |
|
147 |
-?> |
... | ... |
@@ -106,8 +106,13 @@ elseif ($_GET['action'] == 'edit') |
106 | 106 |
system_failure('Ungültige Shell'); |
107 | 107 |
|
108 | 108 |
set_account_details($account); |
109 |
- if (! ($debugmode || $error)) |
|
110 |
- header('Location: account'); |
|
109 |
+ if (! ($debugmode || $error)) { |
|
110 |
+ $location = 'myaccount'; |
|
111 |
+ if ($_SESSION['role'] & ROLE_CUSTOMER) { |
|
112 |
+ $location = 'account'; |
|
113 |
+ } |
|
114 |
+ header('Location: '.$location); |
|
115 |
+ } |
|
111 | 116 |
|
112 | 117 |
} |
113 | 118 |
elseif ($_GET['action'] == 'delete') |
... | ... |
@@ -1,4 +1,18 @@ |
1 | 1 |
<?php |
2 |
+/* |
|
3 |
+This file belongs to the Webinterface of schokokeks.org Hosting |
|
4 |
+ |
|
5 |
+Written 2008-2012 by schokokeks.org Hosting, namely |
|
6 |
+ Bernd Wurst <bernd@schokokeks.org> |
|
7 |
+ Hanno Böck <hanno@schokokeks.org> |
|
8 |
+ |
|
9 |
+To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty. |
|
10 |
+ |
|
11 |
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see |
|
12 |
+http://creativecommons.org/publicdomain/zero/1.0/ |
|
13 |
+ |
|
14 |
+Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code. |
|
15 |
+*/ |
|
2 | 16 |
|
3 | 17 |
require_once('session/start.php'); |
4 | 18 |
|
git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1846 87cf0b9e-d624-0410-a070-f6ee81989793
... | ... |
@@ -28,7 +28,7 @@ if ($_GET['action'] == 'new') |
28 | 28 |
{ |
29 | 29 |
create_jabber_account($_POST['local'], $_POST['domain'], $_POST['password']); |
30 | 30 |
if (! $debugmode) |
31 |
- header('Location: accounts'); |
|
31 |
+ header('Location: account'); |
|
32 | 32 |
} |
33 | 33 |
*/ |
34 | 34 |
} |
... | ... |
@@ -57,7 +57,7 @@ elseif ($_GET['action'] == 'pwchange') |
57 | 57 |
set_systemuser_password($user['uid'], $_POST['newpass1']); |
58 | 58 |
} |
59 | 59 |
if (! ($debugmode || $error)) |
60 |
- header('Location: accounts'); |
|
60 |
+ header('Location: account'); |
|
61 | 61 |
} |
62 | 62 |
elseif ($_GET['action'] == 'edit') |
63 | 63 |
{ |
... | ... |
@@ -92,11 +92,8 @@ elseif ($_GET['action'] == 'edit') |
92 | 92 |
system_failure('Ungültige Shell'); |
93 | 93 |
|
94 | 94 |
set_account_details($account); |
95 |
- $target = 'accounts'; |
|
96 |
- if (! ($role & ROLE_CUSTOMER)) |
|
97 |
- $target = 'myaccount'; |
|
98 | 95 |
if (! ($debugmode || $error)) |
99 |
- header('Location: '.$target); |
|
96 |
+ header('Location: account'); |
|
100 | 97 |
|
101 | 98 |
} |
102 | 99 |
elseif ($_GET['action'] == 'delete') |
... | ... |
@@ -113,12 +110,12 @@ elseif ($_GET['action'] == 'delete') |
113 | 110 |
{ |
114 | 111 |
delete_jabber_account($account['id']); |
115 | 112 |
if (! $debugmode) |
116 |
- header("Location: accounts"); |
|
113 |
+ header("Location: account"); |
|
117 | 114 |
} |
118 | 115 |
elseif ($sure === false) |
119 | 116 |
{ |
120 | 117 |
if (! $debugmode) |
121 |
- header("Location: accounts"); |
|
118 |
+ header("Location: account"); |
|
122 | 119 |
} |
123 | 120 |
*/ |
124 | 121 |
} |
git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1726 87cf0b9e-d624-0410-a070-f6ee81989793
... | ... |
@@ -87,6 +87,9 @@ elseif ($_GET['action'] == 'edit') |
87 | 87 |
$shells = available_shells(); |
88 | 88 |
if (isset($shells[$_POST['shell']])) |
89 | 89 |
$account['shell'] = $_POST['shell']; |
90 |
+ else |
|
91 |
+ if (isset($_POST['shell']) && $_POST['shell'] != '') |
|
92 |
+ system_failure('Ungültige Shell'); |
|
90 | 93 |
|
91 | 94 |
set_account_details($account); |
92 | 95 |
$target = 'accounts'; |
git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1722 87cf0b9e-d624-0410-a070-f6ee81989793
... | ... |
@@ -7,7 +7,9 @@ require_once('useraccounts.php'); |
7 | 7 |
require_once('inc/security.php'); |
8 | 8 |
|
9 | 9 |
|
10 |
-require_role(ROLE_CUSTOMER); |
|
10 |
+require_role(array(ROLE_CUSTOMER, ROLE_SYSTEMUSER)); |
|
11 |
+ |
|
12 |
+$role = $_SESSION['role']; |
|
11 | 13 |
|
12 | 14 |
require_once("inc/debug.php"); |
13 | 15 |
global $debugmode; |
... | ... |
@@ -32,6 +34,8 @@ if ($_GET['action'] == 'new') |
32 | 34 |
} |
33 | 35 |
elseif ($_GET['action'] == 'pwchange') |
34 | 36 |
{ |
37 |
+ if (! $role & ROLE_CUSTOMER) |
|
38 |
+ system_failure("Zum Ändern Ihres Passworts verwenden Sie bitte die Funktion im Hauptmenü!"); |
|
35 | 39 |
$error = false; |
36 | 40 |
check_form_token('systemuser_pwchange'); |
37 | 41 |
if (customer_useraccount($_REQUEST['uid'])) |
... | ... |
@@ -58,15 +62,22 @@ elseif ($_GET['action'] == 'pwchange') |
58 | 62 |
elseif ($_GET['action'] == 'edit') |
59 | 63 |
{ |
60 | 64 |
check_form_token('systemuser_edit'); |
61 |
- $account = get_account_details($_REQUEST['uid']); |
|
65 |
+ $account = NULL; |
|
66 |
+ if ($role & ROLE_CUSTOMER) |
|
67 |
+ $account = get_account_details($_REQUEST['uid']); |
|
68 |
+ else |
|
69 |
+ $account = get_account_details($_SESSION['userinfo']['uid'], $_SESSION['userinfo']['customerno']); |
|
62 | 70 |
|
63 |
- $customerquota = get_customer_quota(); |
|
64 |
- $maxquota = $customerquota['max'] - $customerquota['assigned'] + $account['quota']; |
|
65 |
- |
|
66 |
- $quota = (int) $_POST['quota']; |
|
67 |
- if ($quota > $maxquota) |
|
68 |
- system_failure("Sie können diesem Account maximal {$maxquota} MB Speicherplatz zuweisen."); |
|
69 |
- $account['quota'] = $quota; |
|
71 |
+ if ($role & ROLE_CUSTOMER) |
|
72 |
+ { |
|
73 |
+ $customerquota = get_customer_quota(); |
|
74 |
+ $maxquota = $customerquota['max'] - $customerquota['assigned'] + $account['quota']; |
|
75 |
+ |
|
76 |
+ $quota = (int) $_POST['quota']; |
|
77 |
+ if ($quota > $maxquota) |
|
78 |
+ system_failure("Sie können diesem Account maximal {$maxquota} MB Speicherplatz zuweisen."); |
|
79 |
+ $account['quota'] = $quota; |
|
80 |
+ } |
|
70 | 81 |
|
71 | 82 |
if ($_POST['defaultname'] == 1) |
72 | 83 |
$account['name'] = NULL; |
... | ... |
@@ -78,8 +89,11 @@ elseif ($_GET['action'] == 'edit') |
78 | 89 |
$account['shell'] = $_POST['shell']; |
79 | 90 |
|
80 | 91 |
set_account_details($account); |
92 |
+ $target = 'accounts'; |
|
93 |
+ if (! ($role & ROLE_CUSTOMER)) |
|
94 |
+ $target = 'myaccount'; |
|
81 | 95 |
if (! ($debugmode || $error)) |
82 |
- header('Location: accounts'); |
|
96 |
+ header('Location: '.$target); |
|
83 | 97 |
|
84 | 98 |
} |
85 | 99 |
elseif ($_GET['action'] == 'delete') |
git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1718 87cf0b9e-d624-0410-a070-f6ee81989793
... | ... |
@@ -30,33 +30,54 @@ if ($_GET['action'] == 'new') |
30 | 30 |
} |
31 | 31 |
*/ |
32 | 32 |
} |
33 |
-elseif ($_GET['action'] == 'edit') |
|
33 |
+elseif ($_GET['action'] == 'pwchange') |
|
34 | 34 |
{ |
35 | 35 |
$error = false; |
36 |
- check_form_token('systemuser_edit'); |
|
37 |
- if (customer_useraccount($_POST['uid'])) |
|
38 |
- system_failure('Aus Sicherheitsgründen können Sie diesen Account nicht ändern!'); |
|
36 |
+ check_form_token('systemuser_pwchange'); |
|
37 |
+ if (customer_useraccount($_REQUEST['uid'])) |
|
38 |
+ system_failure('Zum Ändern dieses Passworts verwenden Sie bitte die Funktion im Hauptmenü!'); |
|
39 | 39 |
|
40 |
- if ($_POST['newpass'] != '') |
|
40 |
+ //if (! strong_password($_POST['newpass'])) |
|
41 |
+ // input_error('Das Passwort ist zu einfach'); |
|
42 |
+ //else |
|
43 |
+ if ($_POST['newpass1'] == '' || |
|
44 |
+ $_POST['newpass1'] != $_POST['newpass2']) |
|
45 |
+ { |
|
46 |
+ input_error('Bitte zweimal ein neues Passwort eingeben!'); |
|
47 |
+ $error = true; |
|
48 |
+ } |
|
49 |
+ else |
|
41 | 50 |
{ |
42 |
- //if (! strong_password($_POST['newpass'])) |
|
43 |
- // input_error('Das Passwort ist zu einfach'); |
|
44 |
- //else |
|
45 |
- if ($_POST['newpass2'] == '' || |
|
46 |
- $_POST['newpass'] != $_POST['newpass2']) |
|
47 |
- { |
|
48 |
- input_error('Bitte zweimal ein neues Passwort eingeben!'); |
|
49 |
- $error = true; |
|
50 |
- } |
|
51 |
- else |
|
52 |
- { |
|
53 |
- $user = get_account_details($_POST['uid']); |
|
54 |
- # set_systemuser_password kommt aus den Session-Funktionen! |
|
55 |
- set_systemuser_password($user['uid'], $_POST['newpass']); |
|
56 |
- } |
|
51 |
+ $user = get_account_details($_REQUEST['uid']); |
|
52 |
+ # set_systemuser_password kommt aus den Session-Funktionen! |
|
53 |
+ set_systemuser_password($user['uid'], $_POST['newpass1']); |
|
57 | 54 |
} |
55 |
+ if (! ($debugmode || $error)) |
|
56 |
+ header('Location: accounts'); |
|
57 |
+} |
|
58 |
+elseif ($_GET['action'] == 'edit') |
|
59 |
+{ |
|
60 |
+ check_form_token('systemuser_edit'); |
|
61 |
+ $account = get_account_details($_REQUEST['uid']); |
|
62 |
+ |
|
63 |
+ $customerquota = get_customer_quota(); |
|
64 |
+ $maxquota = $customerquota['max'] - $customerquota['assigned'] + $account['quota']; |
|
65 |
+ |
|
66 |
+ $quota = (int) $_POST['quota']; |
|
67 |
+ if ($quota > $maxquota) |
|
68 |
+ system_failure("Sie können diesem Account maximal {$maxquota} MB Speicherplatz zuweisen."); |
|
69 |
+ $account['quota'] = $quota; |
|
70 |
+ |
|
71 |
+ if ($_POST['defaultname'] == 1) |
|
72 |
+ $account['name'] = NULL; |
|
73 |
+ else |
|
74 |
+ $account['name'] = filter_input_general($_POST['fullname']); |
|
75 |
+ |
|
76 |
+ $shells = available_shells(); |
|
77 |
+ if (isset($shells[$_POST['shell']])) |
|
78 |
+ $account['shell'] = $_POST['shell']; |
|
58 | 79 |
|
59 |
- set_systemuser_details($_POST['uid'], $_POST['fullname'], $_POST['quota']); |
|
80 |
+ set_account_details($account); |
|
60 | 81 |
if (! ($debugmode || $error)) |
61 | 82 |
header('Location: accounts'); |
62 | 83 |
|
git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1301 87cf0b9e-d624-0410-a070-f6ee81989793
... | ... |
@@ -69,7 +69,7 @@ elseif ($_GET['action'] == 'delete') |
69 | 69 |
$sure = user_is_sure(); |
70 | 70 |
if ($sure === NULL) |
71 | 71 |
{ |
72 |
- are_you_sure("action=delete&account={$_GET['account']}", "Möchten Sie den Account »{$account_string}« wirklich löschen?"); |
|
72 |
+ are_you_sure("action=delete&account={$_GET['account']}", "Möchten Sie den Account »{$account_string}« wirklich löschen?"); |
|
73 | 73 |
} |
74 | 74 |
elseif ($sure === true) |
75 | 75 |
{ |
git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1128 87cf0b9e-d624-0410-a070-f6ee81989793
... | ... |
@@ -26,7 +26,7 @@ if ($_GET['action'] == 'new') |
26 | 26 |
{ |
27 | 27 |
create_jabber_account($_POST['local'], $_POST['domain'], $_POST['password']); |
28 | 28 |
if (! $debugmode) |
29 |
- header('Location: accounts.php'); |
|
29 |
+ header('Location: accounts'); |
|
30 | 30 |
} |
31 | 31 |
*/ |
32 | 32 |
} |
... | ... |
@@ -58,7 +58,7 @@ elseif ($_GET['action'] == 'edit') |
58 | 58 |
|
59 | 59 |
set_systemuser_details($_POST['uid'], $_POST['fullname'], $_POST['quota']); |
60 | 60 |
if (! ($debugmode || $error)) |
61 |
- header('Location: accounts.php'); |
|
61 |
+ header('Location: accounts'); |
|
62 | 62 |
|
63 | 63 |
} |
64 | 64 |
elseif ($_GET['action'] == 'delete') |
... | ... |
@@ -75,12 +75,12 @@ elseif ($_GET['action'] == 'delete') |
75 | 75 |
{ |
76 | 76 |
delete_jabber_account($account['id']); |
77 | 77 |
if (! $debugmode) |
78 |
- header("Location: accounts.php"); |
|
78 |
+ header("Location: accounts"); |
|
79 | 79 |
} |
80 | 80 |
elseif ($sure === false) |
81 | 81 |
{ |
82 | 82 |
if (! $debugmode) |
83 |
- header("Location: accounts.php"); |
|
83 |
+ header("Location: accounts"); |
|
84 | 84 |
} |
85 | 85 |
*/ |
86 | 86 |
} |
git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@618 87cf0b9e-d624-0410-a070-f6ee81989793
... | ... |
@@ -34,7 +34,7 @@ elseif ($_GET['action'] == 'edit') |
34 | 34 |
{ |
35 | 35 |
$error = false; |
36 | 36 |
check_form_token('systemuser_edit'); |
37 |
- if ($_POST['uid'] == primary_useraccount()) |
|
37 |
+ if (customer_useraccount($_POST['uid'])) |
|
38 | 38 |
system_failure('Aus Sicherheitsgründen können Sie diesen Account nicht ändern!'); |
39 | 39 |
|
40 | 40 |
if ($_POST['newpass'] != '') |
git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@566 87cf0b9e-d624-0410-a070-f6ee81989793
... | ... |
@@ -16,9 +16,8 @@ if ($_GET['action'] == 'new') |
16 | 16 |
{ |
17 | 17 |
system_failure('not implemented'); |
18 | 18 |
/* |
19 |
- check_form_token('jabber_new_account'); |
|
20 |
- if (filter_input_username($_POST['local']) == '' || |
|
21 |
- $_POST['domain'] == '' || |
|
19 |
+ check_form_token('systemuser_new'); |
|
20 |
+ if (filter_input_username($_POST['username']) == '' || |
|
22 | 21 |
filter_shell($_POST['password']) == '') |
23 | 22 |
{ |
24 | 23 |
input_error('Sie müssen alle Felder ausfüllen!'); |
... | ... |
@@ -35,8 +34,14 @@ elseif ($_GET['action'] == 'edit') |
35 | 34 |
{ |
36 | 35 |
$error = false; |
37 | 36 |
check_form_token('systemuser_edit'); |
37 |
+ if ($_POST['uid'] == primary_useraccount()) |
|
38 |
+ system_failure('Aus Sicherheitsgründen können Sie diesen Account nicht ändern!'); |
|
39 |
+ |
|
38 | 40 |
if ($_POST['newpass'] != '') |
39 | 41 |
{ |
42 |
+ //if (! strong_password($_POST['newpass'])) |
|
43 |
+ // input_error('Das Passwort ist zu einfach'); |
|
44 |
+ //else |
|
40 | 45 |
if ($_POST['newpass2'] == '' || |
41 | 46 |
$_POST['newpass'] != $_POST['newpass2']) |
42 | 47 |
{ |
git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@563 87cf0b9e-d624-0410-a070-f6ee81989793
1 | 1 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,88 @@ |
1 |
+<?php |
|
2 |
+ |
|
3 |
+require_once('session/start.php'); |
|
4 |
+ |
|
5 |
+require_once('useraccounts.php'); |
|
6 |
+ |
|
7 |
+require_once('inc/security.php'); |
|
8 |
+ |
|
9 |
+ |
|
10 |
+require_role(ROLE_CUSTOMER); |
|
11 |
+ |
|
12 |
+require_once("inc/debug.php"); |
|
13 |
+global $debugmode; |
|
14 |
+ |
|
15 |
+if ($_GET['action'] == 'new') |
|
16 |
+{ |
|
17 |
+ system_failure('not implemented'); |
|
18 |
+ /* |
|
19 |
+ check_form_token('jabber_new_account'); |
|
20 |
+ if (filter_input_username($_POST['local']) == '' || |
|
21 |
+ $_POST['domain'] == '' || |
|
22 |
+ filter_shell($_POST['password']) == '') |
|
23 |
+ { |
|
24 |
+ input_error('Sie müssen alle Felder ausfüllen!'); |
|
25 |
+ } |
|
26 |
+ else |
|
27 |
+ { |
|
28 |
+ create_jabber_account($_POST['local'], $_POST['domain'], $_POST['password']); |
|
29 |
+ if (! $debugmode) |
|
30 |
+ header('Location: accounts.php'); |
|
31 |
+ } |
|
32 |
+ */ |
|
33 |
+} |
|
34 |
+elseif ($_GET['action'] == 'edit') |
|
35 |
+{ |
|
36 |
+ $error = false; |
|
37 |
+ check_form_token('systemuser_edit'); |
|
38 |
+ if ($_POST['newpass'] != '') |
|
39 |
+ { |
|
40 |
+ if ($_POST['newpass2'] == '' || |
|
41 |
+ $_POST['newpass'] != $_POST['newpass2']) |
|
42 |
+ { |
|
43 |
+ input_error('Bitte zweimal ein neues Passwort eingeben!'); |
|
44 |
+ $error = true; |
|
45 |
+ } |
|
46 |
+ else |
|
47 |
+ { |
|
48 |
+ $user = get_account_details($_POST['uid']); |
|
49 |
+ # set_systemuser_password kommt aus den Session-Funktionen! |
|
50 |
+ set_systemuser_password($user['uid'], $_POST['newpass']); |
|
51 |
+ } |
|
52 |
+ } |
|
53 |
+ |
|
54 |
+ set_systemuser_details($_POST['uid'], $_POST['fullname'], $_POST['quota']); |
|
55 |
+ if (! ($debugmode || $error)) |
|
56 |
+ header('Location: accounts.php'); |
|
57 |
+ |
|
58 |
+} |
|