Browse code

remove whitespace in empty lines

Hanno authored on26/06/2018 23:36:40
Showing1 changed files
... ...
@@ -37,7 +37,7 @@ function list_subusers()
37 37
 function load_subuser($id)
38 38
 {
39 39
     $args = array(":id" => $id, ":uid" => $_SESSION['userinfo']['uid']);
40
-  
40
+
41 41
     $result = db_query("SELECT id, username, modules FROM system.subusers WHERE uid=:uid AND id=:id", $args);
42 42
     $item = $result->fetch();
43 43
     $item['modules'] = explode(',', $item['modules']);
... ...
@@ -64,7 +64,7 @@ function available_modules()
64 64
 function delete_subuser($id)
65 65
 {
66 66
     $args = array(":id" => $id, ":uid" => $_SESSION['userinfo']['uid']);
67
-  
67
+
68 68
     db_query("DELETE FROM system.subusers WHERE id=:id AND uid=:uid", $args);
69 69
 }
70 70
 
... ...
@@ -99,7 +99,7 @@ function new_subuser($username, $requested_modules, $password)
99 99
     if (count($modules) == 0) {
100 100
         system_failure("Es sind (nach der Filterung) keine Module mehr übrig!");
101 101
     }
102
-  
102
+
103 103
     $result = strong_password($password);
104 104
     if ($result !== true) {
105 105
         system_failure("Unsicheres Passwort: ".$result);
... ...
@@ -150,7 +150,7 @@ function edit_subuser($id, $username, $requested_modules, $password)
150 150
     if (count($modules) == 0) {
151 151
         system_failure("Es sind (nach der Filterung) keine Module mehr übrig!");
152 152
     }
153
-  
153
+
154 154
     $args = array(":uid" => $_SESSION['userinfo']['uid'],
155 155
                 ":id" => $id,
156 156
                 ":username" => $username,
Browse code

Fix coding style with php-cs-checker, see https://cs.sensiolabs.org/

Hanno authored on26/06/2018 13:58:19
Showing1 changed files
... ...
@@ -8,7 +8,7 @@ Written 2008-2018 by schokokeks.org Hosting, namely
8 8
 
9 9
 To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.
10 10
 
11
-You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see 
11
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see
12 12
 http://creativecommons.org/publicdomain/zero/1.0/
13 13
 
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
... ...
@@ -22,155 +22,150 @@ require_once("inc/debug.php");
22 22
 
23 23
 function list_subusers()
24 24
 {
25
-  $uid = (int) $_SESSION['userinfo']['uid'];
26
-  $result = db_query("SELECT id, username, modules FROM system.subusers WHERE uid=?", array($uid));
27
-  $subusers = array();
28
-  while ($item = $result->fetch())
29
-  {
30
-    $item['modules'] = explode(',', $item['modules']);
31
-    $subusers[] = $item;
32
-  }
33
-  DEBUG($subusers);
34
-  return $subusers;
25
+    $uid = (int) $_SESSION['userinfo']['uid'];
26
+    $result = db_query("SELECT id, username, modules FROM system.subusers WHERE uid=?", array($uid));
27
+    $subusers = array();
28
+    while ($item = $result->fetch()) {
29
+        $item['modules'] = explode(',', $item['modules']);
30
+        $subusers[] = $item;
31
+    }
32
+    DEBUG($subusers);
33
+    return $subusers;
35 34
 }
36 35
 
37 36
 
38
-function load_subuser($id) {
39
-  $args = array(":id" => $id, ":uid" => $_SESSION['userinfo']['uid']);
37
+function load_subuser($id)
38
+{
39
+    $args = array(":id" => $id, ":uid" => $_SESSION['userinfo']['uid']);
40 40
   
41
-  $result = db_query("SELECT id, username, modules FROM system.subusers WHERE uid=:uid AND id=:id", $args);
42
-  $item = $result->fetch();
43
-  $item['modules'] = explode(',', $item['modules']);
44
-  return $item;
41
+    $result = db_query("SELECT id, username, modules FROM system.subusers WHERE uid=:uid AND id=:id", $args);
42
+    $item = $result->fetch();
43
+    $item['modules'] = explode(',', $item['modules']);
44
+    return $item;
45 45
 }
46 46
 
47 47
 
48 48
 function available_modules()
49 49
 {
50
-  $modules = array();
51
-  $allmodules = get_modules_info();
52
-
53
-  // Das su-Modul ist hierfuer unwichtig
54
-  unset($allmodules['su']);
55
-
56
-  foreach ($allmodules as $modname => $modinfo)
57
-  {
58
-    if (isset($modinfo['permission']))
59
-      $modules[$modname] = $modinfo['permission'];
60
-  }
61
-  return $modules;
50
+    $modules = array();
51
+    $allmodules = get_modules_info();
52
+
53
+    // Das su-Modul ist hierfuer unwichtig
54
+    unset($allmodules['su']);
55
+
56
+    foreach ($allmodules as $modname => $modinfo) {
57
+        if (isset($modinfo['permission'])) {
58
+            $modules[$modname] = $modinfo['permission'];
59
+        }
60
+    }
61
+    return $modules;
62 62
 }
63 63
 
64
-function delete_subuser($id) {
65
-  $args = array(":id" => $id, ":uid" => $_SESSION['userinfo']['uid']);
64
+function delete_subuser($id)
65
+{
66
+    $args = array(":id" => $id, ":uid" => $_SESSION['userinfo']['uid']);
66 67
   
67
-  db_query("DELETE FROM system.subusers WHERE id=:id AND uid=:uid", $args);
68
+    db_query("DELETE FROM system.subusers WHERE id=:id AND uid=:uid", $args);
68 69
 }
69 70
 
70 71
 function empty_subuser()
71 72
 {
72
-  $subuser = array("id" => NULL, 
73
-                   "username" => $_SESSION['userinfo']['username'].'_', 
73
+    $subuser = array("id" => null,
74
+                   "username" => $_SESSION['userinfo']['username'].'_',
74 75
                    "modules" => array('index'));
75
-  return $subuser;
76
+    return $subuser;
76 77
 }
77 78
 
78
-function new_subuser($username, $requested_modules, $password) 
79
+function new_subuser($username, $requested_modules, $password)
79 80
 {
80
-  $username = filter_input_username($username);
81
-  if (strpos($username, $_SESSION['userinfo']['username']) !== 0) {
82
-    // Username nicht enthalten (FALSE) oder nicht am Anfang (>0)
83
-    system_failure("Ungültiger Benutzername!");
84
-  }
85
-
86
-  if (!is_array($requested_modules)) {
87
-    system_failure("Module nicht als array erhalten!");
88
-  }
89
-  DEBUG($requested_modules);
90
-  $allmods = available_modules();
91
-  $modules = array();
92
-  foreach ($requested_modules as $mod) {
93
-    if (isset($allmods[$mod])) {
94
-      $modules[] = $mod;
81
+    $username = filter_input_username($username);
82
+    if (strpos($username, $_SESSION['userinfo']['username']) !== 0) {
83
+        // Username nicht enthalten (FALSE) oder nicht am Anfang (>0)
84
+        system_failure("Ungültiger Benutzername!");
85
+    }
86
+
87
+    if (!is_array($requested_modules)) {
88
+        system_failure("Module nicht als array erhalten!");
89
+    }
90
+    DEBUG($requested_modules);
91
+    $allmods = available_modules();
92
+    $modules = array();
93
+    foreach ($requested_modules as $mod) {
94
+        if (isset($allmods[$mod])) {
95
+            $modules[] = $mod;
96
+        }
97
+    }
98
+    DEBUG($modules);
99
+    if (count($modules) == 0) {
100
+        system_failure("Es sind (nach der Filterung) keine Module mehr übrig!");
95 101
     }
96
-  }
97
-  DEBUG($modules);
98
-  if (count($modules) == 0) {
99
-    system_failure("Es sind (nach der Filterung) keine Module mehr übrig!");
100
-  }
101 102
   
102
-  $result = strong_password($password);
103
-  if ($result !== true) {
104
-    system_failure("Unsicheres Passwort: ".$result);
105
-  }
103
+    $result = strong_password($password);
104
+    if ($result !== true) {
105
+        system_failure("Unsicheres Passwort: ".$result);
106
+    }
106 107
 
107
-  $args = array(":uid" => $_SESSION['userinfo']['uid'],
108
+    $args = array(":uid" => $_SESSION['userinfo']['uid'],
108 109
                 ":username" => $username,
109 110
                 ":password" => hash("sha256", $password),
110 111
                 ":modules" => implode(',', $modules));
111 112
 
112
-  db_query("INSERT INTO system.subusers (uid, username, password, modules) VALUES (:uid, :username, :password, :modules)", $args);
113
+    db_query("INSERT INTO system.subusers (uid, username, password, modules) VALUES (:uid, :username, :password, :modules)", $args);
113 114
 }
114 115
 
115 116
 
116
-function edit_subuser($id, $username, $requested_modules, $password) 
117
+function edit_subuser($id, $username, $requested_modules, $password)
117 118
 {
118
-  $uid = (int) $_SESSION['userinfo']['uid'];
119
-
120
-  $id = (int) $id;
121
-  $my_subusers = list_subusers();
122
-  $valid = false;
123
-  foreach ($my_subusers as $x) {
124
-    if ($x['id'] == $id) {
125
-      $valid = true;
119
+    $uid = (int) $_SESSION['userinfo']['uid'];
120
+
121
+    $id = (int) $id;
122
+    $my_subusers = list_subusers();
123
+    $valid = false;
124
+    foreach ($my_subusers as $x) {
125
+        if ($x['id'] == $id) {
126
+            $valid = true;
127
+        }
126 128
     }
127
-  }
128
-  if (!$valid) {
129
-    system_failure("Kann diesen Account nicht finden!");
130
-  }
131
-
132
-  $username = filter_input_username($username);
133
-  if (strpos($username, $_SESSION['userinfo']['username']) !== 0) {
134
-    // Username nicht enthalten (FALSE) oder nicht am Anfang (>0)
135
-    system_failure("Ungültiger Benutzername!");
136
-  }
137
-
138
-
139
-  if (!is_array($requested_modules)) {
140
-    system_failure("Module nicht als array erhalten!");
141
-  }
142
-  $allmods = available_modules();
143
-  $modules = array();
144
-  foreach ($requested_modules as $mod) {
145
-    if (isset($allmods[$mod])) {
146
-      $modules[] = $mod;
129
+    if (!$valid) {
130
+        system_failure("Kann diesen Account nicht finden!");
131
+    }
132
+
133
+    $username = filter_input_username($username);
134
+    if (strpos($username, $_SESSION['userinfo']['username']) !== 0) {
135
+        // Username nicht enthalten (FALSE) oder nicht am Anfang (>0)
136
+        system_failure("Ungültiger Benutzername!");
137
+    }
138
+
139
+
140
+    if (!is_array($requested_modules)) {
141
+        system_failure("Module nicht als array erhalten!");
142
+    }
143
+    $allmods = available_modules();
144
+    $modules = array();
145
+    foreach ($requested_modules as $mod) {
146
+        if (isset($allmods[$mod])) {
147
+            $modules[] = $mod;
148
+        }
149
+    }
150
+    if (count($modules) == 0) {
151
+        system_failure("Es sind (nach der Filterung) keine Module mehr übrig!");
147 152
     }
148
-  }
149
-  if (count($modules) == 0) {
150
-    system_failure("Es sind (nach der Filterung) keine Module mehr übrig!");
151
-  }
152 153
   
153
-  $args = array(":uid" => $_SESSION['userinfo']['uid'],
154
+    $args = array(":uid" => $_SESSION['userinfo']['uid'],
154 155
                 ":id" => $id,
155 156
                 ":username" => $username,
156 157
                 ":modules" => implode(',', $modules));
157 158
 
158
-  $pwchange = '';
159
-  if ($password) {
160
-    $result = strong_password($password);
161
-    if ($result !== true) {
162
-      system_failure("Unsicheres Passwort: ".$result);
159
+    $pwchange = '';
160
+    if ($password) {
161
+        $result = strong_password($password);
162
+        if ($result !== true) {
163
+            system_failure("Unsicheres Passwort: ".$result);
164
+        }
165
+        $args[':password'] = hash("sha256", $password);
166
+        $pwchange = ", password=:password";
163 167
     }
164
-    $args[':password'] = hash("sha256", $password);
165
-    $pwchange = ", password=:password";
166
-  }
167 168
 
168 169
 
169
-  db_query("UPDATE system.subusers SET username=:username, modules=:modules{$pwchange} WHERE id=:id AND uid=:uid", $args);
170
+    db_query("UPDATE system.subusers SET username=:username, modules=:modules{$pwchange} WHERE id=:id AND uid=:uid", $args);
170 171
 }
171
-
172
-
173
-
174
-
175
-
176
-
Browse code

Referenzen auf cracklib entfernt

Bernd Wurst authored on09/02/2018 05:58:06
Showing1 changed files
... ...
@@ -101,7 +101,7 @@ function new_subuser($username, $requested_modules, $password)
101 101
   
102 102
   $result = strong_password($password);
103 103
   if ($result !== true) {
104
-    system_failure("Unsicheres Passwort. Die Meldung von cracklib lautet: ".$result);
104
+    system_failure("Unsicheres Passwort: ".$result);
105 105
   }
106 106
 
107 107
   $args = array(":uid" => $_SESSION['userinfo']['uid'],
... ...
@@ -159,7 +159,7 @@ function edit_subuser($id, $username, $requested_modules, $password)
159 159
   if ($password) {
160 160
     $result = strong_password($password);
161 161
     if ($result !== true) {
162
-      system_failure("Unsicheres Passwort. Die Meldung von cracklib lautet: ".$result);
162
+      system_failure("Unsicheres Passwort: ".$result);
163 163
     }
164 164
     $args[':password'] = hash("sha256", $password);
165 165
     $pwchange = ", password=:password";
Browse code

Copyright year update

Bernd Wurst authored on13/01/2018 06:07:05
Showing1 changed files
... ...
@@ -2,7 +2,7 @@
2 2
 /*
3 3
 This file belongs to the Webinterface of schokokeks.org Hosting
4 4
 
5
-Written 2008-2014 by schokokeks.org Hosting, namely
5
+Written 2008-2018 by schokokeks.org Hosting, namely
6 6
   Bernd Wurst <bernd@schokokeks.org>
7 7
   Hanno Böck <hanno@schokokeks.org>
8 8
 
Browse code

Lizenzinfos in eigenes Modul ausgelagert und Copyright auf 2014 angepasst

Bernd Wurst authored on08/02/2014 05:45:07
Showing1 changed files
... ...
@@ -2,7 +2,7 @@
2 2
 /*
3 3
 This file belongs to the Webinterface of schokokeks.org Hosting
4 4
 
5
-Written 2008-2013 by schokokeks.org Hosting, namely
5
+Written 2008-2014 by schokokeks.org Hosting, namely
6 6
   Bernd Wurst <bernd@schokokeks.org>
7 7
   Hanno Böck <hanno@schokokeks.org>
8 8
 
Browse code

Modul subusers auf prepared statements umgestellt / Typo

Bernd Wurst authored on06/02/2014 09:18:48
Showing1 changed files
... ...
@@ -23,7 +23,7 @@ require_once("inc/debug.php");
23 23
 function list_subusers()
24 24
 {
25 25
   $uid = (int) $_SESSION['userinfo']['uid'];
26
-  $result = db_query("SELECT id, username, modules FROM system.subusers WHERE uid={$uid}");
26
+  $result = db_query("SELECT id, username, modules FROM system.subusers WHERE uid=?", array($uid));
27 27
   $subusers = array();
28 28
   while ($item = $result->fetch())
29 29
   {
... ...
@@ -36,10 +36,9 @@ function list_subusers()
36 36
 
37 37
 
38 38
 function load_subuser($id) {
39
-  $id = (int) $id;
40
-  $uid = (int) $_SESSION['userinfo']['uid'];
39
+  $args = array(":id" => $id, ":uid" => $_SESSION['userinfo']['uid']);
41 40
   
42
-  $result = db_query("SELECT id, username, modules FROM system.subusers WHERE uid={$uid} AND id={$id}");
41
+  $result = db_query("SELECT id, username, modules FROM system.subusers WHERE uid=:uid AND id=:id", $args);
43 42
   $item = $result->fetch();
44 43
   $item['modules'] = explode(',', $item['modules']);
45 44
   return $item;
... ...
@@ -63,23 +62,22 @@ function available_modules()
63 62
 }
64 63
 
65 64
 function delete_subuser($id) {
66
-  $id = (int) $id;
67
-  $uid = (int) $_SESSION['userinfo']['uid'];
65
+  $args = array(":id" => $id, ":uid" => $_SESSION['userinfo']['uid']);
68 66
   
69
-  db_query("DELETE FROM system.subusers WHERE id={$id} AND uid={$uid}");
67
+  db_query("DELETE FROM system.subusers WHERE id=:id AND uid=:uid", $args);
70 68
 }
71 69
 
72 70
 function empty_subuser()
73 71
 {
74
-  $subuser = array("id" => NULL, "username" => $_SESSION['userinfo']['username'].'_', "modules" => array('index'));
72
+  $subuser = array("id" => NULL, 
73
+                   "username" => $_SESSION['userinfo']['username'].'_', 
74
+                   "modules" => array('index'));
75 75
   return $subuser;
76 76
 }
77 77
 
78 78
 function new_subuser($username, $requested_modules, $password) 
79 79
 {
80
-  $uid = (int) $_SESSION['userinfo']['uid'];
81
-
82
-  $username = db_escape_string(filter_input_username($username));
80
+  $username = filter_input_username($username);
83 81
   if (strpos($username, $_SESSION['userinfo']['username']) !== 0) {
84 82
     // Username nicht enthalten (FALSE) oder nicht am Anfang (>0)
85 83
     system_failure("Ungültiger Benutzername!");
... ...
@@ -100,15 +98,18 @@ function new_subuser($username, $requested_modules, $password)
100 98
   if (count($modules) == 0) {
101 99
     system_failure("Es sind (nach der Filterung) keine Module mehr übrig!");
102 100
   }
103
-  $modules = db_escape_string(implode(',', $modules));
104 101
   
105 102
   $result = strong_password($password);
106 103
   if ($result !== true) {
107 104
     system_failure("Unsicheres Passwort. Die Meldung von cracklib lautet: ".$result);
108 105
   }
109
-  $password = hash("sha256", $password);
110 106
 
111
-  db_query("INSERT INTO system.subusers (uid, username, password, modules) VALUES ({$uid}, '{$username}', '{$password}', '{$modules}')");
107
+  $args = array(":uid" => $_SESSION['userinfo']['uid'],
108
+                ":username" => $username,
109
+                ":password" => hash("sha256", $password),
110
+                ":modules" => implode(',', $modules));
111
+
112
+  db_query("INSERT INTO system.subusers (uid, username, password, modules) VALUES (:uid, :username, :password, :modules)", $args);
112 113
 }
113 114
 
114 115
 
... ...
@@ -128,7 +129,7 @@ function edit_subuser($id, $username, $requested_modules, $password)
128 129
     system_failure("Kann diesen Account nicht finden!");
129 130
   }
130 131
 
131
-  $username = db_escape_string(filter_input_username($username));
132
+  $username = filter_input_username($username);
132 133
   if (strpos($username, $_SESSION['userinfo']['username']) !== 0) {
133 134
     // Username nicht enthalten (FALSE) oder nicht am Anfang (>0)
134 135
     system_failure("Ungültiger Benutzername!");
... ...
@@ -148,20 +149,24 @@ function edit_subuser($id, $username, $requested_modules, $password)
148 149
   if (count($modules) == 0) {
149 150
     system_failure("Es sind (nach der Filterung) keine Module mehr übrig!");
150 151
   }
151
-  $modules = db_escape_string(implode(',', $modules));
152 152
   
153
+  $args = array(":uid" => $_SESSION['userinfo']['uid'],
154
+                ":id" => $id,
155
+                ":username" => $username,
156
+                ":modules" => implode(',', $modules));
157
+
153 158
   $pwchange = '';
154 159
   if ($password) {
155 160
     $result = strong_password($password);
156 161
     if ($result !== true) {
157 162
       system_failure("Unsicheres Passwort. Die Meldung von cracklib lautet: ".$result);
158 163
     }
159
-    $password = hash("sha256", $password);
160
-    $pwchange = ", password='{$password}'";
164
+    $args[':password'] = hash("sha256", $password);
165
+    $pwchange = ", password=:password";
161 166
   }
162 167
 
163 168
 
164
-  db_query("UPDATE system.subusers SET username='{$username}', modules='{$modules}'{$pwchange} WHERE id={$id} AND uid={$uid}");
169
+  db_query("UPDATE system.subusers SET username=:username, modules=:modules{$pwchange} WHERE id=:id AND uid=:uid", $args);
165 170
 }
166 171
 
167 172
 
Browse code

Umstellung auf PDO-Datenbankverbindung

Bernd Wurst authored on01/02/2014 18:38:23
Showing1 changed files
... ...
@@ -25,7 +25,7 @@ function list_subusers()
25 25
   $uid = (int) $_SESSION['userinfo']['uid'];
26 26
   $result = db_query("SELECT id, username, modules FROM system.subusers WHERE uid={$uid}");
27 27
   $subusers = array();
28
-  while ($item = mysql_fetch_assoc($result))
28
+  while ($item = $result->fetch())
29 29
   {
30 30
     $item['modules'] = explode(',', $item['modules']);
31 31
     $subusers[] = $item;
... ...
@@ -40,7 +40,7 @@ function load_subuser($id) {
40 40
   $uid = (int) $_SESSION['userinfo']['uid'];
41 41
   
42 42
   $result = db_query("SELECT id, username, modules FROM system.subusers WHERE uid={$uid} AND id={$id}");
43
-  $item = mysql_fetch_assoc($result);
43
+  $item = $result->fetch();
44 44
   $item['modules'] = explode(',', $item['modules']);
45 45
   return $item;
46 46
 }
... ...
@@ -79,7 +79,7 @@ function new_subuser($username, $requested_modules, $password)
79 79
 {
80 80
   $uid = (int) $_SESSION['userinfo']['uid'];
81 81
 
82
-  $username = mysql_real_escape_string(filter_input_username($username));
82
+  $username = db_escape_string(filter_input_username($username));
83 83
   if (strpos($username, $_SESSION['userinfo']['username']) !== 0) {
84 84
     // Username nicht enthalten (FALSE) oder nicht am Anfang (>0)
85 85
     system_failure("Ungültiger Benutzername!");
... ...
@@ -100,7 +100,7 @@ function new_subuser($username, $requested_modules, $password)
100 100
   if (count($modules) == 0) {
101 101
     system_failure("Es sind (nach der Filterung) keine Module mehr übrig!");
102 102
   }
103
-  $modules = mysql_real_escape_string(implode(',', $modules));
103
+  $modules = db_escape_string(implode(',', $modules));
104 104
   
105 105
   $result = strong_password($password);
106 106
   if ($result !== true) {
... ...
@@ -128,7 +128,7 @@ function edit_subuser($id, $username, $requested_modules, $password)
128 128
     system_failure("Kann diesen Account nicht finden!");
129 129
   }
130 130
 
131
-  $username = mysql_real_escape_string(filter_input_username($username));
131
+  $username = db_escape_string(filter_input_username($username));
132 132
   if (strpos($username, $_SESSION['userinfo']['username']) !== 0) {
133 133
     // Username nicht enthalten (FALSE) oder nicht am Anfang (>0)
134 134
     system_failure("Ungültiger Benutzername!");
... ...
@@ -148,7 +148,7 @@ function edit_subuser($id, $username, $requested_modules, $password)
148 148
   if (count($modules) == 0) {
149 149
     system_failure("Es sind (nach der Filterung) keine Module mehr übrig!");
150 150
   }
151
-  $modules = mysql_real_escape_string(implode(',', $modules));
151
+  $modules = db_escape_string(implode(',', $modules));
152 152
   
153 153
   $pwchange = '';
154 154
   if ($password) {
Browse code

Updated copyright notice (2012 => 2013)

Bernd Wurst authored on19/01/2013 10:49:50
Showing1 changed files
... ...
@@ -2,7 +2,7 @@
2 2
 /*
3 3
 This file belongs to the Webinterface of schokokeks.org Hosting
4 4
 
5
-Written 2008-2012 by schokokeks.org Hosting, namely
5
+Written 2008-2013 by schokokeks.org Hosting, namely
6 6
   Bernd Wurst <bernd@schokokeks.org>
7 7
   Hanno Böck <hanno@schokokeks.org>
8 8
 
Browse code

changed subusers module to only require systemuser privileges

Bernd Wurst authored on19/03/2012 13:49:43
Showing1 changed files
... ...
@@ -14,7 +14,7 @@ http://creativecommons.org/publicdomain/zero/1.0/
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15 15
 */
16 16
 
17
-require_role(ROLE_SYSTEMUSER | ROLE_CUSTOMER);
17
+require_role(ROLE_SYSTEMUSER);
18 18
 require_once("inc/base.php");
19 19
 require_once("inc/security.php");
20 20
 require_once("inc/debug.php");
Browse code

Added license tags for CC0, README and COPYING

Bernd Wurst authored on11/03/2012 15:40:04
Showing1 changed files
... ...
@@ -1,4 +1,19 @@
1 1
 <?php
2
+/*
3
+This file belongs to the Webinterface of schokokeks.org Hosting
4
+
5
+Written 2008-2012 by schokokeks.org Hosting, namely
6
+  Bernd Wurst <bernd@schokokeks.org>
7
+  Hanno Böck <hanno@schokokeks.org>
8
+
9
+To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.
10
+
11
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see 
12
+http://creativecommons.org/publicdomain/zero/1.0/
13
+
14
+Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15
+*/
16
+
2 17
 require_role(ROLE_SYSTEMUSER | ROLE_CUSTOMER);
3 18
 require_once("inc/base.php");
4 19
 require_once("inc/security.php");
Browse code

Lese Modul-Infos aus den info-Dateien der Module

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@2225 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on08/03/2012 14:33:21
Showing1 changed files
... ...
@@ -4,26 +4,6 @@ require_once("inc/base.php");
4 4
 require_once("inc/security.php");
5 5
 require_once("inc/debug.php");
6 6
 
7
-// FIXME: Das sollten die Module selbst irgendwo anbieten!
8
-$modinfo = array(
9
-	"index" => "An- und Abmelden",
10
-	"domains" => "Liste der Domains anzeigen",
11
-	"dns" => "DNS-Einträge verändern",
12
-	"mysql" => "MySQL-Datenbanken verwalten",
13
-	"jabber" => "Jabber-Accouns verwalten",
14
-	"vhosts" => "Webserver-Konfiguration verwalten",
15
-	"systemuser" => "Daten des System-Benutzeraccounts einsehen/ändern",
16
-//	"su" => "Das Webinterface unter einem beliebigen anderen Account ausführen",
17
-	"email" => "E-Mail-Adressen und/oder IMAP-Accounts verwalten",
18
-	"webapps" => "Automatische Installation von Web-Anwendungen",
19
-	"greylisting" => "Ausnahmeliste für Greylisting verwalten",
20
-	"invoice" => "Fällige und kommende Rechnungen anzeigen",
21
-	"mailman" => "Mailinglisten verwalten",
22
-	"ftpusers" => "Zugriff per FTP verwalten",
23
-	"subusers" => "Zusätzliche Admin-Zugänge verwalten");
24
-// FIXME: Dependancies der Module sollte man auch irgendwo speichern.
25
-
26
-
27 7
 
28 8
 function list_subusers()
29 9
 {
... ...
@@ -53,12 +33,16 @@ function load_subuser($id) {
53 33
 
54 34
 function available_modules()
55 35
 {
56
-  global $modinfo;
57 36
   $modules = array();
58
-  foreach (config('modules') as $mod)
37
+  $allmodules = get_modules_info();
38
+
39
+  // Das su-Modul ist hierfuer unwichtig
40
+  unset($allmodules['su']);
41
+
42
+  foreach ($allmodules as $modname => $modinfo)
59 43
   {
60
-    if (isset($modinfo[$mod]))
61
-      $modules[$mod] = $modinfo[$mod];
44
+    if (isset($modinfo['permission']))
45
+      $modules[$modname] = $modinfo['permission'];
62 46
   }
63 47
   return $modules;
64 48
 }
Browse code

Berechtigungen für Subuser neu gestaltet. Sind jetzt automatisch Kunde und Systemuser.

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@2072 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on23/11/2011 11:33:20
Showing1 changed files
... ...
@@ -1,4 +1,5 @@
1 1
 <?php
2
+require_role(ROLE_SYSTEMUSER | ROLE_CUSTOMER);
2 3
 require_once("inc/base.php");
3 4
 require_once("inc/security.php");
4 5
 require_once("inc/debug.php");
Browse code

Subusers-Modul in einer ersten funktionsfähigen Version

Bernd Wurst authored on23/11/2011 11:00:31
Showing1 changed files
1 1
new file mode 100644
... ...
@@ -0,0 +1,171 @@
1
+<?php
2
+require_once("inc/base.php");
3
+require_once("inc/security.php");
4
+require_once("inc/debug.php");
5
+
6
+// FIXME: Das sollten die Module selbst irgendwo anbieten!
7
+$modinfo = array(
8
+	"index" => "An- und Abmelden",
9
+	"domains" => "Liste der Domains anzeigen",
10
+	"dns" => "DNS-Einträge verändern",
11
+	"mysql" => "MySQL-Datenbanken verwalten",
12
+	"jabber" => "Jabber-Accouns verwalten",
13
+	"vhosts" => "Webserver-Konfiguration verwalten",
14
+	"systemuser" => "Daten des System-Benutzeraccounts einsehen/ändern",
15
+//	"su" => "Das Webinterface unter einem beliebigen anderen Account ausführen",
16
+	"email" => "E-Mail-Adressen und/oder IMAP-Accounts verwalten",
17
+	"webapps" => "Automatische Installation von Web-Anwendungen",
18
+	"greylisting" => "Ausnahmeliste für Greylisting verwalten",
19
+	"invoice" => "Fällige und kommende Rechnungen anzeigen",
20
+	"mailman" => "Mailinglisten verwalten",
21
+	"ftpusers" => "Zugriff per FTP verwalten",
22
+	"subusers" => "Zusätzliche Admin-Zugänge verwalten");
23
+// FIXME: Dependancies der Module sollte man auch irgendwo speichern.
24
+
25
+
26
+
27
+function list_subusers()
28
+{
29
+  $uid = (int) $_SESSION['userinfo']['uid'];
30
+  $result = db_query("SELECT id, username, modules FROM system.subusers WHERE uid={$uid}");
31
+  $subusers = array();
32
+  while ($item = mysql_fetch_assoc($result))
33
+  {
34
+    $item['modules'] = explode(',', $item['modules']);
35
+    $subusers[] = $item;
36
+  }
37
+  DEBUG($subusers);
38
+  return $subusers;
39
+}
40
+
41
+
42
+function load_subuser($id) {
43
+  $id = (int) $id;
44
+  $uid = (int) $_SESSION['userinfo']['uid'];
45
+  
46
+  $result = db_query("SELECT id, username, modules FROM system.subusers WHERE uid={$uid} AND id={$id}");
47
+  $item = mysql_fetch_assoc($result);
48
+  $item['modules'] = explode(',', $item['modules']);
49
+  return $item;
50
+}
51
+
52
+
53
+function available_modules()
54
+{
55
+  global $modinfo;
56
+  $modules = array();
57
+  foreach (config('modules') as $mod)
58
+  {
59
+    if (isset($modinfo[$mod]))
60
+      $modules[$mod] = $modinfo[$mod];
61
+  }
62
+  return $modules;
63
+}
64
+
65
+function delete_subuser($id) {
66
+  $id = (int) $id;
67
+  $uid = (int) $_SESSION['userinfo']['uid'];
68
+  
69
+  db_query("DELETE FROM system.subusers WHERE id={$id} AND uid={$uid}");
70
+}
71
+
72
+function empty_subuser()
73
+{
74
+  $subuser = array("id" => NULL, "username" => $_SESSION['userinfo']['username'].'_', "modules" => array('index'));
75
+  return $subuser;
76
+}
77
+
78
+function new_subuser($username, $requested_modules, $password) 
79
+{
80
+  $uid = (int) $_SESSION['userinfo']['uid'];
81
+
82
+  $username = mysql_real_escape_string(filter_input_username($username));
83
+  if (strpos($username, $_SESSION['userinfo']['username']) !== 0) {
84
+    // Username nicht enthalten (FALSE) oder nicht am Anfang (>0)
85
+    system_failure("Ungültiger Benutzername!");
86
+  }
87
+
88
+  if (!is_array($requested_modules)) {
89
+    system_failure("Module nicht als array erhalten!");
90
+  }
91
+  DEBUG($requested_modules);
92
+  $allmods = available_modules();
93
+  $modules = array();
94
+  foreach ($requested_modules as $mod) {
95
+    if (isset($allmods[$mod])) {
96
+      $modules[] = $mod;
97
+    }
98
+  }
99
+  DEBUG($modules);
100
+  if (count($modules) == 0) {
101
+    system_failure("Es sind (nach der Filterung) keine Module mehr übrig!");
102
+  }
103
+  $modules = mysql_real_escape_string(implode(',', $modules));
104
+  
105
+  $result = strong_password($password);
106
+  if ($result !== true) {
107
+    system_failure("Unsicheres Passwort. Die Meldung von cracklib lautet: ".$result);
108
+  }
109
+  $password = hash("sha256", $password);
110
+
111
+  db_query("INSERT INTO system.subusers (uid, username, password, modules) VALUES ({$uid}, '{$username}', '{$password}', '{$modules}')");
112
+}
113
+
114
+
115
+function edit_subuser($id, $username, $requested_modules, $password) 
116
+{
117
+  $uid = (int) $_SESSION['userinfo']['uid'];
118
+
119
+  $id = (int) $id;
120
+  $my_subusers = list_subusers();
121
+  $valid = false;
122
+  foreach ($my_subusers as $x) {
123
+    if ($x['id'] == $id) {
124
+      $valid = true;
125
+    }
126
+  }
127
+  if (!$valid) {
128
+    system_failure("Kann diesen Account nicht finden!");
129
+  }
130
+
131
+  $username = mysql_real_escape_string(filter_input_username($username));
132
+  if (strpos($username, $_SESSION['userinfo']['username']) !== 0) {
133
+    // Username nicht enthalten (FALSE) oder nicht am Anfang (>0)
134
+    system_failure("Ungültiger Benutzername!");
135
+  }
136
+
137
+
138
+  if (!is_array($requested_modules)) {
139
+    system_failure("Module nicht als array erhalten!");
140
+  }
141
+  $allmods = available_modules();
142
+  $modules = array();
143
+  foreach ($requested_modules as $mod) {
144
+    if (isset($allmods[$mod])) {
145
+      $modules[] = $mod;
146
+    }
147
+  }
148
+  if (count($modules) == 0) {
149
+    system_failure("Es sind (nach der Filterung) keine Module mehr übrig!");
150
+  }
151
+  $modules = mysql_real_escape_string(implode(',', $modules));
152
+  
153
+  $pwchange = '';
154
+  if ($password) {
155
+    $result = strong_password($password);
156
+    if ($result !== true) {
157
+      system_failure("Unsicheres Passwort. Die Meldung von cracklib lautet: ".$result);
158
+    }
159
+    $password = hash("sha256", $password);
160
+    $pwchange = ", password='{$password}'";
161
+  }
162
+
163
+
164
+  db_query("UPDATE system.subusers SET username='{$username}', modules='{$modules}'{$pwchange} WHERE id={$id} AND uid={$uid}");
165
+}
166
+
167
+
168
+
169
+
170
+
171
+