Browse code

Simplify crypt() calls, always assume SHA512 is available, use default value for rounds

Hanno Böck authored on13/01/2021 10:32:52
Showing1 changed files
... ...
@@ -79,14 +79,7 @@ function save_ftpuser($data)
79 79
         if ($result !== true) {
80 80
             system_failure("Unsicheres Passwort: ".$result);
81 81
         }
82
-        if (defined("CRYPT_SHA512") && CRYPT_SHA512 == 1) {
83
-            $rounds = rand(1000, 5000);
84
-            $salt = "rounds=".$rounds."$".random_string(8);
85
-            $password_hash = crypt($data['password'], "\$6\${$salt}\$");
86
-        } else {
87
-            $salt = random_string(8);
88
-            $password_hash = crypt($data['password'], "\$1\${$salt}\$");
89
-        }
82
+        $password_hash = crypt($data['password'], '$6$'.random_string(8).'$');
90 83
         $set_password = true;
91 84
     } elseif (! $data['id']) {
92 85
         system_failure('Wenn Sie einen neuen Zugang anlegen, müssen Sie ein Passwort setzen');
Browse code

Umstellung von filter_input_general() auf filter_output_html()

Bernd Wurst authored on21/09/2019 17:07:48
Showing1 changed files
... ...
@@ -56,7 +56,7 @@ function save_ftpuser($data)
56 56
     if ($data['username'] == '') {
57 57
         system_failure('Bitte geben Sie eine Erweiterung für den Benutzernamen an!');
58 58
     }
59
-    $homedir = filter_input_general($data['homedir']);
59
+    $homedir = $data['homedir'];
60 60
     if (substr($homedir, 0, 1) == '/') {
61 61
         $homedir = substr($homedir, 1);
62 62
     }
Browse code

add password strength check for ftp users

Bernd Wurst authored on10/04/2019 09:20:21
Showing1 changed files
... ...
@@ -15,6 +15,7 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r
15 15
 */
16 16
 
17 17
 require_once('inc/base.php');
18
+require_once('inc/security.php');
18 19
 
19 20
 function list_ftpusers()
20 21
 {
... ...
@@ -74,6 +75,10 @@ function save_ftpuser($data)
74 75
     $set_password = false;
75 76
     $password_hash = '';
76 77
     if ($data['password'] != '') {
78
+        $result = strong_password($data['password']);
79
+        if ($result !== true) {
80
+            system_failure("Unsicheres Passwort: ".$result);
81
+        }
77 82
         if (defined("CRYPT_SHA512") && CRYPT_SHA512 == 1) {
78 83
             $rounds = rand(1000, 5000);
79 84
             $salt = "rounds=".$rounds."$".random_string(8);
... ...
@@ -83,7 +88,6 @@ function save_ftpuser($data)
83 88
             $password_hash = crypt($data['password'], "\$1\${$salt}\$");
84 89
         }
85 90
         $set_password = true;
86
-        $password_query = "password='{$password_hash}', ";
87 91
     } elseif (! $data['id']) {
88 92
         system_failure('Wenn Sie einen neuen Zugang anlegen, müssen Sie ein Passwort setzen');
89 93
     }
Browse code

remove whitespace in empty lines

Hanno authored on26/06/2018 23:36:40
Showing1 changed files
... ...
@@ -87,14 +87,14 @@ function save_ftpuser($data)
87 87
     } elseif (! $data['id']) {
88 88
         system_failure('Wenn Sie einen neuen Zugang anlegen, müssen Sie ein Passwort setzen');
89 89
     }
90
-    
90
+
91 91
     $args = array(":username" => $_SESSION['userinfo']['username'].'-'.$data['username'],
92 92
                 ":homedir" => $homedir,
93 93
                 ":active" => ($data['active'] == 1 ? 1 : 0),
94 94
                 ":forcessl" => ($data['forcessl'] == 0 ? 0 : 1),
95 95
                 ":server" => $server,
96 96
                 ":uid" => $_SESSION['userinfo']['uid']);
97
-  
97
+
98 98
     if ($data['id']) {
99 99
         $args[":id"] = $data['id'];
100 100
         if ($set_password) {
Browse code

Fix coding style with php-cs-checker, see https://cs.sensiolabs.org/

Hanno authored on26/06/2018 13:58:19
Showing1 changed files
... ...
@@ -8,7 +8,7 @@ Written 2008-2018 by schokokeks.org Hosting, namely
8 8
 
9 9
 To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.
10 10
 
11
-You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see 
11
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see
12 12
 http://creativecommons.org/publicdomain/zero/1.0/
13 13
 
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
... ...
@@ -18,142 +18,137 @@ require_once('inc/base.php');
18 18
 
19 19
 function list_ftpusers()
20 20
 {
21
-  $uid = (int) $_SESSION['userinfo']['uid'];
22
-  $result = db_query("SELECT id, username, homedir, active, forcessl FROM system.ftpusers WHERE uid=?", array($uid));
23
-  $ftpusers = array();
24
-  while ($u = $result->fetch()) {
25
-    $ftpusers[] = $u;
26
-  }
27
-  return $ftpusers;
21
+    $uid = (int) $_SESSION['userinfo']['uid'];
22
+    $result = db_query("SELECT id, username, homedir, active, forcessl FROM system.ftpusers WHERE uid=?", array($uid));
23
+    $ftpusers = array();
24
+    while ($u = $result->fetch()) {
25
+        $ftpusers[] = $u;
26
+    }
27
+    return $ftpusers;
28 28
 }
29 29
 
30 30
 function empty_ftpuser()
31 31
 {
32
-  $myserver = my_server_id();
33
-  return array("id" => "0", "username" => "", "password" => "", "homedir" => "", "active" => "1", "forcessl" => "1", "server" => $myserver);
32
+    $myserver = my_server_id();
33
+    return array("id" => "0", "username" => "", "password" => "", "homedir" => "", "active" => "1", "forcessl" => "1", "server" => $myserver);
34 34
 }
35 35
 
36 36
 function load_ftpuser($id)
37 37
 {
38
-  if ($id == 0)
39
-    return empty_ftpuser();
40
-  $args = array(":id" => $id, ":uid" => $_SESSION['userinfo']['uid']);
41
-  $result = db_query("SELECT id, username, password, homedir, active, forcessl, server FROM system.ftpusers WHERE uid=:uid AND id=:id", $args);
42
-  if ($result->rowCount() != 1)
43
-    system_failure("Fehler beim auslesen des Accounts");
44
-  $account = $result->fetch();
45
-  DEBUG($account);
46
-  return $account;
38
+    if ($id == 0) {
39
+        return empty_ftpuser();
40
+    }
41
+    $args = array(":id" => $id, ":uid" => $_SESSION['userinfo']['uid']);
42
+    $result = db_query("SELECT id, username, password, homedir, active, forcessl, server FROM system.ftpusers WHERE uid=:uid AND id=:id", $args);
43
+    if ($result->rowCount() != 1) {
44
+        system_failure("Fehler beim auslesen des Accounts");
45
+    }
46
+    $account = $result->fetch();
47
+    DEBUG($account);
48
+    return $account;
47 49
 }
48 50
 
49 51
 
50 52
 function save_ftpuser($data)
51 53
 {
52
-  verify_input_username($data['username']);
53
-  if ($data['username'] == '')
54
-    system_failure('Bitte geben Sie eine Erweiterung für den Benutzernamen an!');
55
-  $homedir = filter_input_general($data['homedir']);
56
-  if (substr($homedir, 0, 1) == '/')
57
-    $homedir = substr($homedir, 1);
58
-  $homedir = $_SESSION['userinfo']['homedir'].'/'.$homedir;
59
-  if (! in_homedir($homedir))
60
-    system_failure('Pfad scheint nicht in Ihrem Home zu sein oder enthielt ungültige Zeichen.');
61
-
62
-  $server = NULL;
63
-  if ($data['server'] == my_server_id())
64
-  {
65
-    $server = NULL;
66
-  }
67
-  elseif (in_array($data['server'], additional_servers()))
68
-  {
69
-    $server = (int) $data['server'];
70
-  }
71
-
72
-  $set_password = false;
73
-  $password_hash = '';
74
-  if ($data['password'] != '')
75
-  {
76
-    if (defined("CRYPT_SHA512") && CRYPT_SHA512 == 1)
77
-    {
78
-      $rounds = rand(1000, 5000);
79
-      $salt = "rounds=".$rounds."$".random_string(8);
80
-      $password_hash = crypt($data['password'], "\$6\${$salt}\$");
54
+    verify_input_username($data['username']);
55
+    if ($data['username'] == '') {
56
+        system_failure('Bitte geben Sie eine Erweiterung für den Benutzernamen an!');
57
+    }
58
+    $homedir = filter_input_general($data['homedir']);
59
+    if (substr($homedir, 0, 1) == '/') {
60
+        $homedir = substr($homedir, 1);
81 61
     }
82
-    else
83
-    {
84
-      $salt = random_string(8);
85
-      $password_hash = crypt($data['password'], "\$1\${$salt}\$");
62
+    $homedir = $_SESSION['userinfo']['homedir'].'/'.$homedir;
63
+    if (! in_homedir($homedir)) {
64
+        system_failure('Pfad scheint nicht in Ihrem Home zu sein oder enthielt ungültige Zeichen.');
65
+    }
66
+
67
+    $server = null;
68
+    if ($data['server'] == my_server_id()) {
69
+        $server = null;
70
+    } elseif (in_array($data['server'], additional_servers())) {
71
+        $server = (int) $data['server'];
72
+    }
73
+
74
+    $set_password = false;
75
+    $password_hash = '';
76
+    if ($data['password'] != '') {
77
+        if (defined("CRYPT_SHA512") && CRYPT_SHA512 == 1) {
78
+            $rounds = rand(1000, 5000);
79
+            $salt = "rounds=".$rounds."$".random_string(8);
80
+            $password_hash = crypt($data['password'], "\$6\${$salt}\$");
81
+        } else {
82
+            $salt = random_string(8);
83
+            $password_hash = crypt($data['password'], "\$1\${$salt}\$");
84
+        }
85
+        $set_password = true;
86
+        $password_query = "password='{$password_hash}', ";
87
+    } elseif (! $data['id']) {
88
+        system_failure('Wenn Sie einen neuen Zugang anlegen, müssen Sie ein Passwort setzen');
86 89
     }
87
-    $set_password = true;
88
-    $password_query = "password='{$password_hash}', ";
89
-  }
90
-  elseif (! $data['id'])
91
-  {
92
-    system_failure('Wenn Sie einen neuen Zugang anlegen, müssen Sie ein Passwort setzen');
93
-  }
94 90
     
95
-  $args = array(":username" => $_SESSION['userinfo']['username'].'-'.$data['username'],
91
+    $args = array(":username" => $_SESSION['userinfo']['username'].'-'.$data['username'],
96 92
                 ":homedir" => $homedir,
97 93
                 ":active" => ($data['active'] == 1 ? 1 : 0),
98 94
                 ":forcessl" => ($data['forcessl'] == 0 ? 0 : 1),
99 95
                 ":server" => $server,
100 96
                 ":uid" => $_SESSION['userinfo']['uid']);
101 97
   
102
-  if ($data['id']) {
103
-    $args[":id"] = $data['id'];
104
-    if ($set_password) {
105
-      $args[':password'] = $password_hash;
106
-      db_query("UPDATE system.ftpusers SET username=:username, password=:password, homedir=:homedir, active=:active, forcessl=:forcessl, server=:server WHERE id=:id AND uid=:uid", $args);
98
+    if ($data['id']) {
99
+        $args[":id"] = $data['id'];
100
+        if ($set_password) {
101
+            $args[':password'] = $password_hash;
102
+            db_query("UPDATE system.ftpusers SET username=:username, password=:password, homedir=:homedir, active=:active, forcessl=:forcessl, server=:server WHERE id=:id AND uid=:uid", $args);
103
+        } else {
104
+            db_query("UPDATE system.ftpusers SET username=:username, homedir=:homedir, active=:active, forcessl=:forcessl, server=:server WHERE id=:id AND uid=:uid", $args);
105
+        }
107 106
     } else {
108
-      db_query("UPDATE system.ftpusers SET username=:username, homedir=:homedir, active=:active, forcessl=:forcessl, server=:server WHERE id=:id AND uid=:uid", $args);
107
+        $args[':password'] = $password_hash;
108
+        db_query("INSERT INTO system.ftpusers (username, password, homedir, uid, active, forcessl, server) VALUES (:username, :password, :homedir, :uid, :active, :forcessl, :server)", $args);
109 109
     }
110
-  }  else {
111
-    $args[':password'] = $password_hash;
112
-    db_query("INSERT INTO system.ftpusers (username, password, homedir, uid, active, forcessl, server) VALUES (:username, :password, :homedir, :uid, :active, :forcessl, :server)", $args);
113
-  }
114 110
 }
115 111
 
116 112
 
117 113
 function delete_ftpuser($id)
118 114
 {
119
-  $args = array(":id" => $id, ":uid" => $_SESSION['userinfo']['uid']);
120
-  db_query("DELETE FROM system.ftpusers WHERE id=:id AND uid=:uid", $args);
115
+    $args = array(":id" => $id, ":uid" => $_SESSION['userinfo']['uid']);
116
+    db_query("DELETE FROM system.ftpusers WHERE id=:id AND uid=:uid", $args);
121 117
 }
122 118
 
123 119
 
124 120
 function get_gid($groupname)
125 121
 {
126
-  $result = db_query("SELECT gid FROM system.gruppen WHERE name=?", array($groupname));
127
-  if ($result->rowCount() != 1)
128
-    system_failure('cannot determine gid of ftpusers group');
129
-  $a = $result->fetch();
130
-  $gid = (int) $a['gid'];
131
-  if ($gid == 0)
132
-    system_failure('error on determining gid of ftpusers group');
133
-  return $gid;
122
+    $result = db_query("SELECT gid FROM system.gruppen WHERE name=?", array($groupname));
123
+    if ($result->rowCount() != 1) {
124
+        system_failure('cannot determine gid of ftpusers group');
125
+    }
126
+    $a = $result->fetch();
127
+    $gid = (int) $a['gid'];
128
+    if ($gid == 0) {
129
+        system_failure('error on determining gid of ftpusers group');
130
+    }
131
+    return $gid;
134 132
 }
135 133
 
136 134
 
137 135
 function have_regular_ftp()
138 136
 {
139
-  $args = array(":gid" => get_gid('ftpusers'), ":uid" => $_SESSION['userinfo']['uid']);
140
-  $result = db_query("SELECT * FROM system.gruppenzugehoerigkeit WHERE gid=:gid AND uid=:uid", $args);
141
-  return ($result->rowCount() > 0);
137
+    $args = array(":gid" => get_gid('ftpusers'), ":uid" => $_SESSION['userinfo']['uid']);
138
+    $result = db_query("SELECT * FROM system.gruppenzugehoerigkeit WHERE gid=:gid AND uid=:uid", $args);
139
+    return ($result->rowCount() > 0);
142 140
 }
143 141
 
144 142
 
145 143
 function enable_regular_ftp()
146 144
 {
147
-  require_role(ROLE_SYSTEMUSER);
148
-  $args = array(":gid" => get_gid('ftpusers'), ":uid" => $_SESSION['userinfo']['uid']);
149
-  db_query("REPLACE INTO system.gruppenzugehoerigkeit (gid, uid) VALUES (:gid, :uid)", $args);
145
+    require_role(ROLE_SYSTEMUSER);
146
+    $args = array(":gid" => get_gid('ftpusers'), ":uid" => $_SESSION['userinfo']['uid']);
147
+    db_query("REPLACE INTO system.gruppenzugehoerigkeit (gid, uid) VALUES (:gid, :uid)", $args);
150 148
 }
151 149
 
152 150
 function disable_regular_ftp()
153 151
 {
154
-  $args = array(":gid" => get_gid('ftpusers'), ":uid" => $_SESSION['userinfo']['uid']);
155
-  db_query("DELETE FROM system.gruppenzugehoerigkeit WHERE gid=:gid AND uid=:uid", $args);
152
+    $args = array(":gid" => get_gid('ftpusers'), ":uid" => $_SESSION['userinfo']['uid']);
153
+    db_query("DELETE FROM system.gruppenzugehoerigkeit WHERE gid=:gid AND uid=:uid", $args);
156 154
 }
157
-
158
-
159
-
Browse code

Copyright year update

Bernd Wurst authored on13/01/2018 06:07:05
Showing1 changed files
... ...
@@ -2,7 +2,7 @@
2 2
 /*
3 3
 This file belongs to the Webinterface of schokokeks.org Hosting
4 4
 
5
-Written 2008-2014 by schokokeks.org Hosting, namely
5
+Written 2008-2018 by schokokeks.org Hosting, namely
6 6
   Bernd Wurst <bernd@schokokeks.org>
7 7
   Hanno Böck <hanno@schokokeks.org>
8 8
 
Browse code

Typo / Speichere PAsswortänderung bei FTP-User

Bernd Wurst authored on15/02/2014 01:49:27
Showing1 changed files
... ...
@@ -84,7 +84,7 @@ function save_ftpuser($data)
84 84
       $salt = random_string(8);
85 85
       $password_hash = crypt($data['password'], "\$1\${$salt}\$");
86 86
     }
87
-    $set_pasword = true;
87
+    $set_password = true;
88 88
     $password_query = "password='{$password_hash}', ";
89 89
   }
90 90
   elseif (! $data['id'])
Browse code

Lizenzinfos in eigenes Modul ausgelagert und Copyright auf 2014 angepasst

Bernd Wurst authored on08/02/2014 05:45:07
Showing1 changed files
... ...
@@ -2,7 +2,7 @@
2 2
 /*
3 3
 This file belongs to the Webinterface of schokokeks.org Hosting
4 4
 
5
-Written 2008-2013 by schokokeks.org Hosting, namely
5
+Written 2008-2014 by schokokeks.org Hosting, namely
6 6
   Bernd Wurst <bernd@schokokeks.org>
7 7
   Hanno Böck <hanno@schokokeks.org>
8 8
 
Browse code

Modul ftpusers auf prepared statements umgestellt

Bernd Wurst authored on06/02/2014 09:18:29
Showing1 changed files
... ...
@@ -19,7 +19,7 @@ require_once('inc/base.php');
19 19
 function list_ftpusers()
20 20
 {
21 21
   $uid = (int) $_SESSION['userinfo']['uid'];
22
-  $result = db_query("SELECT id, username, homedir, active, forcessl FROM system.ftpusers WHERE uid=$uid");
22
+  $result = db_query("SELECT id, username, homedir, active, forcessl FROM system.ftpusers WHERE uid=?", array($uid));
23 23
   $ftpusers = array();
24 24
   while ($u = $result->fetch()) {
25 25
     $ftpusers[] = $u;
... ...
@@ -37,9 +37,8 @@ function load_ftpuser($id)
37 37
 {
38 38
   if ($id == 0)
39 39
     return empty_ftpuser();
40
-  $uid = (int) $_SESSION['userinfo']['uid'];
41
-  $id = (int) $id;
42
-  $result = db_query("SELECT id, username, password, homedir, active, forcessl, server FROM system.ftpusers WHERE uid={$uid} AND id='{$id}' LIMIT 1");
40
+  $args = array(":id" => $id, ":uid" => $_SESSION['userinfo']['uid']);
41
+  $result = db_query("SELECT id, username, password, homedir, active, forcessl, server FROM system.ftpusers WHERE uid=:uid AND id=:id", $args);
43 42
   if ($result->rowCount() != 1)
44 43
     system_failure("Fehler beim auslesen des Accounts");
45 44
   $account = $result->fetch();
... ...
@@ -50,21 +49,15 @@ function load_ftpuser($id)
50 49
 
51 50
 function save_ftpuser($data)
52 51
 {
53
-  $uid = (int) $_SESSION['userinfo']['uid'];
54
-  $id = (int) $data['id'];
55 52
   verify_input_username($data['username']);
56 53
   if ($data['username'] == '')
57 54
     system_failure('Bitte geben Sie eine Erweiterung für den Benutzernamen an!');
58
-  $username = $_SESSION['userinfo']['username'].'-'.$data['username'];
59 55
   $homedir = filter_input_general($data['homedir']);
60 56
   if (substr($homedir, 0, 1) == '/')
61 57
     $homedir = substr($homedir, 1);
62 58
   $homedir = $_SESSION['userinfo']['homedir'].'/'.$homedir;
63 59
   if (! in_homedir($homedir))
64 60
     system_failure('Pfad scheint nicht in Ihrem Home zu sein oder enthielt ungültige Zeichen.');
65
-  $active = ($data['active'] == 1 ? '1' : '0');
66
-
67
-  $forcessl = ($data['forcessl'] == 0 ? '0' : '1');
68 61
 
69 62
   $server = NULL;
70 63
   if ($data['server'] == my_server_id())
... ...
@@ -75,9 +68,8 @@ function save_ftpuser($data)
75 68
   {
76 69
     $server = (int) $data['server'];
77 70
   }
78
-  $server = maybe_null($server);
79 71
 
80
-  $password_query = '';
72
+  $set_password = false;
81 73
   $password_hash = '';
82 74
   if ($data['password'] != '')
83 75
   {
... ...
@@ -92,33 +84,46 @@ function save_ftpuser($data)
92 84
       $salt = random_string(8);
93 85
       $password_hash = crypt($data['password'], "\$1\${$salt}\$");
94 86
     }
87
+    $set_pasword = true;
95 88
     $password_query = "password='{$password_hash}', ";
96 89
   }
97
-  elseif (! $id)
90
+  elseif (! $data['id'])
98 91
   {
99 92
     system_failure('Wenn Sie einen neuen Zugang anlegen, müssen Sie ein Passwort setzen');
100 93
   }
101 94
     
95
+  $args = array(":username" => $_SESSION['userinfo']['username'].'-'.$data['username'],
96
+                ":homedir" => $homedir,
97
+                ":active" => ($data['active'] == 1 ? 1 : 0),
98
+                ":forcessl" => ($data['forcessl'] == 0 ? 0 : 1),
99
+                ":server" => $server,
100
+                ":uid" => $_SESSION['userinfo']['uid']);
102 101
   
103
-  if ($id)
104
-    db_query("UPDATE system.ftpusers SET username='{$username}', {$password_query} homedir='{$homedir}', active='{$active}', forcessl='{$forcessl}', server={$server} WHERE id={$id} AND uid={$uid} LIMIT 1");
105
-  else
106
-    db_query("INSERT INTO system.ftpusers (username, password, homedir, uid, active, forcessl, server) VALUES ('{$username}', '{$password_hash}', '{$homedir}', '{$uid}', '{$active}', '{$forcessl}', {$server})");
102
+  if ($data['id']) {
103
+    $args[":id"] = $data['id'];
104
+    if ($set_password) {
105
+      $args[':password'] = $password_hash;
106
+      db_query("UPDATE system.ftpusers SET username=:username, password=:password, homedir=:homedir, active=:active, forcessl=:forcessl, server=:server WHERE id=:id AND uid=:uid", $args);
107
+    } else {
108
+      db_query("UPDATE system.ftpusers SET username=:username, homedir=:homedir, active=:active, forcessl=:forcessl, server=:server WHERE id=:id AND uid=:uid", $args);
109
+    }
110
+  }  else {
111
+    $args[':password'] = $password_hash;
112
+    db_query("INSERT INTO system.ftpusers (username, password, homedir, uid, active, forcessl, server) VALUES (:username, :password, :homedir, :uid, :active, :forcessl, :server)", $args);
113
+  }
107 114
 }
108 115
 
109 116
 
110 117
 function delete_ftpuser($id)
111 118
 {
112
-  $uid = (int) $_SESSION['userinfo']['uid'];
113
-  $id = (int) $id;
114
-  db_query("DELETE FROM system.ftpusers WHERE id='{$id}' AND uid={$uid} LIMIT 1");
119
+  $args = array(":id" => $id, ":uid" => $_SESSION['userinfo']['uid']);
120
+  db_query("DELETE FROM system.ftpusers WHERE id=:id AND uid=:uid", $args);
115 121
 }
116 122
 
117 123
 
118 124
 function get_gid($groupname)
119 125
 {
120
-  $groupname = db_escape_string($groupname);
121
-  $result = db_query("SELECT gid FROM system.gruppen WHERE name='{$groupname}' LIMIT 1");
126
+  $result = db_query("SELECT gid FROM system.gruppen WHERE name=?", array($groupname));
122 127
   if ($result->rowCount() != 1)
123 128
     system_failure('cannot determine gid of ftpusers group');
124 129
   $a = $result->fetch();
... ...
@@ -131,9 +136,8 @@ function get_gid($groupname)
131 136
 
132 137
 function have_regular_ftp()
133 138
 {
134
-  $gid = get_gid('ftpusers');
135
-  $uid = (int) $_SESSION['userinfo']['uid'];
136
-  $result = db_query("SELECT * FROM system.gruppenzugehoerigkeit WHERE gid='$gid' AND uid='$uid'");
139
+  $args = array(":gid" => get_gid('ftpusers'), ":uid" => $_SESSION['userinfo']['uid']);
140
+  $result = db_query("SELECT * FROM system.gruppenzugehoerigkeit WHERE gid=:gid AND uid=:uid", $args);
137 141
   return ($result->rowCount() > 0);
138 142
 }
139 143
 
... ...
@@ -141,16 +145,14 @@ function have_regular_ftp()
141 145
 function enable_regular_ftp()
142 146
 {
143 147
   require_role(ROLE_SYSTEMUSER);
144
-  $gid = get_gid('ftpusers');
145
-  $uid = (int) $_SESSION['userinfo']['uid'];
146
-  db_query("REPLACE INTO system.gruppenzugehoerigkeit (gid, uid) VALUES ('$gid', '$uid')");
148
+  $args = array(":gid" => get_gid('ftpusers'), ":uid" => $_SESSION['userinfo']['uid']);
149
+  db_query("REPLACE INTO system.gruppenzugehoerigkeit (gid, uid) VALUES (:gid, :uid)", $args);
147 150
 }
148 151
 
149 152
 function disable_regular_ftp()
150 153
 {
151
-  $gid = get_gid('ftpusers');
152
-  $uid = (int) $_SESSION['userinfo']['uid'];
153
-  db_query("DELETE FROM system.gruppenzugehoerigkeit WHERE gid='$gid' AND uid='$uid'");
154
+  $args = array(":gid" => get_gid('ftpusers'), ":uid" => $_SESSION['userinfo']['uid']);
155
+  db_query("DELETE FROM system.gruppenzugehoerigkeit WHERE gid=:gid AND uid=:uid", $args);
154 156
 }
155 157
 
156 158
 
Browse code

Umstellung auf PDO-Datenbankverbindung

Bernd Wurst authored on01/02/2014 18:38:23
Showing1 changed files
... ...
@@ -21,7 +21,7 @@ function list_ftpusers()
21 21
   $uid = (int) $_SESSION['userinfo']['uid'];
22 22
   $result = db_query("SELECT id, username, homedir, active, forcessl FROM system.ftpusers WHERE uid=$uid");
23 23
   $ftpusers = array();
24
-  while ($u = mysql_fetch_assoc($result)) {
24
+  while ($u = $result->fetch()) {
25 25
     $ftpusers[] = $u;
26 26
   }
27 27
   return $ftpusers;
... ...
@@ -40,9 +40,9 @@ function load_ftpuser($id)
40 40
   $uid = (int) $_SESSION['userinfo']['uid'];
41 41
   $id = (int) $id;
42 42
   $result = db_query("SELECT id, username, password, homedir, active, forcessl, server FROM system.ftpusers WHERE uid={$uid} AND id='{$id}' LIMIT 1");
43
-  if (mysql_num_rows($result) != 1)
43
+  if ($result->rowCount() != 1)
44 44
     system_failure("Fehler beim auslesen des Accounts");
45
-  $account = mysql_fetch_assoc($result);
45
+  $account = $result->fetch();
46 46
   DEBUG($account);
47 47
   return $account;
48 48
 }
... ...
@@ -117,11 +117,11 @@ function delete_ftpuser($id)
117 117
 
118 118
 function get_gid($groupname)
119 119
 {
120
-  $groupname = mysql_real_escape_string($groupname);
120
+  $groupname = db_escape_string($groupname);
121 121
   $result = db_query("SELECT gid FROM system.gruppen WHERE name='{$groupname}' LIMIT 1");
122
-  if (mysql_num_rows($result) != 1)
122
+  if ($result->rowCount() != 1)
123 123
     system_failure('cannot determine gid of ftpusers group');
124
-  $a = mysql_fetch_assoc($result);
124
+  $a = $result->fetch();
125 125
   $gid = (int) $a['gid'];
126 126
   if ($gid == 0)
127 127
     system_failure('error on determining gid of ftpusers group');
... ...
@@ -134,7 +134,7 @@ function have_regular_ftp()
134 134
   $gid = get_gid('ftpusers');
135 135
   $uid = (int) $_SESSION['userinfo']['uid'];
136 136
   $result = db_query("SELECT * FROM system.gruppenzugehoerigkeit WHERE gid='$gid' AND uid='$uid'");
137
-  return (mysql_num_rows($result) > 0);
137
+  return ($result->rowCount() > 0);
138 138
 }
139 139
 
140 140
 
Browse code

Updated copyright notice (2012 => 2013)

Bernd Wurst authored on19/01/2013 10:49:50
Showing1 changed files
... ...
@@ -2,7 +2,7 @@
2 2
 /*
3 3
 This file belongs to the Webinterface of schokokeks.org Hosting
4 4
 
5
-Written 2008-2012 by schokokeks.org Hosting, namely
5
+Written 2008-2013 by schokokeks.org Hosting, namely
6 6
   Bernd Wurst <bernd@schokokeks.org>
7 7
   Hanno Böck <hanno@schokokeks.org>
8 8
 
Browse code

Added license tags for CC0, README and COPYING

Bernd Wurst authored on11/03/2012 15:40:04
Showing1 changed files
... ...
@@ -1,4 +1,18 @@
1 1
 <?php
2
+/*
3
+This file belongs to the Webinterface of schokokeks.org Hosting
4
+
5
+Written 2008-2012 by schokokeks.org Hosting, namely
6
+  Bernd Wurst <bernd@schokokeks.org>
7
+  Hanno Böck <hanno@schokokeks.org>
8
+
9
+To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.
10
+
11
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see 
12
+http://creativecommons.org/publicdomain/zero/1.0/
13
+
14
+Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15
+*/
2 16
 
3 17
 require_once('inc/base.php');
4 18
 
Browse code

Erlaube unverschlüsselte FTP-Zugänge

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@2059 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on30/09/2011 18:56:41
Showing1 changed files
... ...
@@ -5,7 +5,7 @@ require_once('inc/base.php');
5 5
 function list_ftpusers()
6 6
 {
7 7
   $uid = (int) $_SESSION['userinfo']['uid'];
8
-  $result = db_query("SELECT id, username, homedir, active FROM system.ftpusers WHERE uid=$uid");
8
+  $result = db_query("SELECT id, username, homedir, active, forcessl FROM system.ftpusers WHERE uid=$uid");
9 9
   $ftpusers = array();
10 10
   while ($u = mysql_fetch_assoc($result)) {
11 11
     $ftpusers[] = $u;
... ...
@@ -16,7 +16,7 @@ function list_ftpusers()
16 16
 function empty_ftpuser()
17 17
 {
18 18
   $myserver = my_server_id();
19
-  return array("id" => "0", "username" => "", "password" => "", "homedir" => "", "active" => "1", "server" => $myserver);
19
+  return array("id" => "0", "username" => "", "password" => "", "homedir" => "", "active" => "1", "forcessl" => "1", "server" => $myserver);
20 20
 }
21 21
 
22 22
 function load_ftpuser($id)
... ...
@@ -25,7 +25,7 @@ function load_ftpuser($id)
25 25
     return empty_ftpuser();
26 26
   $uid = (int) $_SESSION['userinfo']['uid'];
27 27
   $id = (int) $id;
28
-  $result = db_query("SELECT id, username, password, homedir, active, server FROM system.ftpusers WHERE uid={$uid} AND id='{$id}' LIMIT 1");
28
+  $result = db_query("SELECT id, username, password, homedir, active, forcessl, server FROM system.ftpusers WHERE uid={$uid} AND id='{$id}' LIMIT 1");
29 29
   if (mysql_num_rows($result) != 1)
30 30
     system_failure("Fehler beim auslesen des Accounts");
31 31
   $account = mysql_fetch_assoc($result);
... ...
@@ -50,6 +50,8 @@ function save_ftpuser($data)
50 50
     system_failure('Pfad scheint nicht in Ihrem Home zu sein oder enthielt ungültige Zeichen.');
51 51
   $active = ($data['active'] == 1 ? '1' : '0');
52 52
 
53
+  $forcessl = ($data['forcessl'] == 0 ? '0' : '1');
54
+
53 55
   $server = NULL;
54 56
   if ($data['server'] == my_server_id())
55 57
   {
... ...
@@ -85,9 +87,9 @@ function save_ftpuser($data)
85 87
     
86 88
   
87 89
   if ($id)
88
-    db_query("UPDATE system.ftpusers SET username='{$username}', {$password_query} homedir='{$homedir}', active='{$active}', server={$server} WHERE id={$id} AND uid={$uid} LIMIT 1");
90
+    db_query("UPDATE system.ftpusers SET username='{$username}', {$password_query} homedir='{$homedir}', active='{$active}', forcessl='{$forcessl}', server={$server} WHERE id={$id} AND uid={$uid} LIMIT 1");
89 91
   else
90
-    db_query("INSERT INTO system.ftpusers (username, password, homedir, uid, active, server) VALUES ('{$username}', '{$password_hash}', '{$homedir}', '{$uid}', '{$active}', {$server})");
92
+    db_query("INSERT INTO system.ftpusers (username, password, homedir, uid, active, forcessl, server) VALUES ('{$username}', '{$password_hash}', '{$homedir}', '{$uid}', '{$active}', '{$forcessl}', {$server})");
91 93
 }
92 94
 
93 95
 
Browse code

Auch FTP-User-Passwörter mit SHA-512

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1730 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on06/05/2010 08:13:00
Showing1 changed files
... ...
@@ -65,8 +65,17 @@ function save_ftpuser($data)
65 65
   $password_hash = '';
66 66
   if ($data['password'] != '')
67 67
   {
68
-    $salt = random_string(8);
69
-    $password_hash = crypt($data['password'], "\$1\${$salt}\$");
68
+    if (defined("CRYPT_SHA512") && CRYPT_SHA512 == 1)
69
+    {
70
+      $rounds = rand(1000, 5000);
71
+      $salt = "rounds=".$rounds."$".random_string(8);
72
+      $password_hash = crypt($data['password'], "\$6\${$salt}\$");
73
+    }
74
+    else
75
+    {
76
+      $salt = random_string(8);
77
+      $password_hash = crypt($data['password'], "\$1\${$salt}\$");
78
+    }
70 79
     $password_query = "password='{$password_hash}', ";
71 80
   }
72 81
   elseif (! $id)
Browse code

Security-enhancements und andere REihenfolge

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1540 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on10/12/2009 13:55:31
Showing1 changed files
... ...
@@ -115,6 +115,7 @@ function have_regular_ftp()
115 115
 
116 116
 function enable_regular_ftp()
117 117
 {
118
+  require_role(ROLE_SYSTEMUSER);
118 119
   $gid = get_gid('ftpusers');
119 120
   $uid = (int) $_SESSION['userinfo']['uid'];
120 121
   db_query("REPLACE INTO system.gruppenzugehoerigkeit (gid, uid) VALUES ('$gid', '$uid')");
Browse code

Verwaltung von FTP-Accounts. Grafisch fragwürdig, funktional sollte es passen.

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1533 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on08/12/2009 16:22:42
Showing1 changed files
1 1
new file mode 100644
... ...
@@ -0,0 +1,131 @@
1
+<?php
2
+
3
+require_once('inc/base.php');
4
+
5
+function list_ftpusers()
6
+{
7
+  $uid = (int) $_SESSION['userinfo']['uid'];
8
+  $result = db_query("SELECT id, username, homedir, active FROM system.ftpusers WHERE uid=$uid");
9
+  $ftpusers = array();
10
+  while ($u = mysql_fetch_assoc($result)) {
11
+    $ftpusers[] = $u;
12
+  }
13
+  return $ftpusers;
14
+}
15
+
16
+function empty_ftpuser()
17
+{
18
+  $myserver = my_server_id();
19
+  return array("id" => "0", "username" => "", "password" => "", "homedir" => "", "active" => "1", "server" => $myserver);
20
+}
21
+
22
+function load_ftpuser($id)
23
+{
24
+  if ($id == 0)
25
+    return empty_ftpuser();
26
+  $uid = (int) $_SESSION['userinfo']['uid'];
27
+  $id = (int) $id;
28
+  $result = db_query("SELECT id, username, password, homedir, active, server FROM system.ftpusers WHERE uid={$uid} AND id='{$id}' LIMIT 1");
29
+  if (mysql_num_rows($result) != 1)
30
+    system_failure("Fehler beim auslesen des Accounts");
31
+  $account = mysql_fetch_assoc($result);
32
+  DEBUG($account);
33
+  return $account;
34
+}
35
+
36
+
37
+function save_ftpuser($data)
38
+{
39
+  $uid = (int) $_SESSION['userinfo']['uid'];
40
+  $id = (int) $data['id'];
41
+  verify_input_username($data['username']);
42
+  if ($data['username'] == '')
43
+    system_failure('Bitte geben Sie eine Erweiterung für den Benutzernamen an!');
44
+  $username = $_SESSION['userinfo']['username'].'-'.$data['username'];
45
+  $homedir = filter_input_general($data['homedir']);
46
+  if (substr($homedir, 0, 1) == '/')
47
+    $homedir = substr($homedir, 1);
48
+  $homedir = $_SESSION['userinfo']['homedir'].'/'.$homedir;
49
+  if (! in_homedir($homedir))
50
+    system_failure('Pfad scheint nicht in Ihrem Home zu sein oder enthielt ungültige Zeichen.');
51
+  $active = ($data['active'] == 1 ? '1' : '0');
52
+
53
+  $server = NULL;
54
+  if ($data['server'] == my_server_id())
55
+  {
56
+    $server = NULL;
57
+  }
58
+  elseif (in_array($data['server'], additional_servers()))
59
+  {
60
+    $server = (int) $data['server'];
61
+  }
62
+  $server = maybe_null($server);
63
+
64
+  $password_query = '';
65
+  $password_hash = '';
66
+  if ($data['password'] != '')
67
+  {
68
+    $salt = random_string(8);
69
+    $password_hash = crypt($data['password'], "\$1\${$salt}\$");
70
+    $password_query = "password='{$password_hash}', ";
71
+  }
72
+  elseif (! $id)
73
+  {
74
+    system_failure('Wenn Sie einen neuen Zugang anlegen, müssen Sie ein Passwort setzen');
75
+  }
76
+    
77
+  
78
+  if ($id)
79
+    db_query("UPDATE system.ftpusers SET username='{$username}', {$password_query} homedir='{$homedir}', active='{$active}', server={$server} WHERE id={$id} AND uid={$uid} LIMIT 1");
80
+  else
81
+    db_query("INSERT INTO system.ftpusers (username, password, homedir, uid, active, server) VALUES ('{$username}', '{$password_hash}', '{$homedir}', '{$uid}', '{$active}', {$server})");
82
+}
83
+
84
+
85
+function delete_ftpuser($id)
86
+{
87
+  $uid = (int) $_SESSION['userinfo']['uid'];
88
+  $id = (int) $id;
89
+  db_query("DELETE FROM system.ftpusers WHERE id='{$id}' AND uid={$uid} LIMIT 1");
90
+}
91
+
92
+
93
+function get_gid($groupname)
94
+{
95
+  $groupname = mysql_real_escape_string($groupname);
96
+  $result = db_query("SELECT gid FROM system.gruppen WHERE name='{$groupname}' LIMIT 1");
97
+  if (mysql_num_rows($result) != 1)
98
+    system_failure('cannot determine gid of ftpusers group');
99
+  $a = mysql_fetch_assoc($result);
100
+  $gid = (int) $a['gid'];
101
+  if ($gid == 0)
102
+    system_failure('error on determining gid of ftpusers group');
103
+  return $gid;
104
+}
105
+
106
+
107
+function have_regular_ftp()
108
+{
109
+  $gid = get_gid('ftpusers');
110
+  $uid = (int) $_SESSION['userinfo']['uid'];
111
+  $result = db_query("SELECT * FROM system.gruppenzugehoerigkeit WHERE gid='$gid' AND uid='$uid'");
112
+  return (mysql_num_rows($result) > 0);
113
+}
114
+
115
+
116
+function enable_regular_ftp()
117
+{
118
+  $gid = get_gid('ftpusers');
119
+  $uid = (int) $_SESSION['userinfo']['uid'];
120
+  db_query("REPLACE INTO system.gruppenzugehoerigkeit (gid, uid) VALUES ('$gid', '$uid')");
121
+}
122
+
123
+function disable_regular_ftp()
124
+{
125
+  $gid = get_gid('ftpusers');
126
+  $uid = (int) $_SESSION['userinfo']['uid'];
127
+  db_query("DELETE FROM system.gruppenzugehoerigkeit WHERE gid='$gid' AND uid='$uid'");
128
+}
129
+
130
+
131
+