Browse code

add feature to disable SSH password login

Bernd Wurst authored on30/07/2020 10:30:34
Showing1 changed files
... ...
@@ -95,6 +95,10 @@ else
95 95
         $account['name'] = filter_input_oneline($_POST['fullname']);
96 96
     }
97 97
 
98
+    if (isset($_POST['passwordlogin'])) {
99
+        $account['passwordlogin'] = (int) $_POST['passwordlogin'];
100
+    }
101
+
98 102
     $shells = available_shells();
99 103
     if (isset($shells[$_POST['shell']])) {
100 104
         $account['shell'] = $_POST['shell'];
Browse code

Umstellung von filter_input_general() auf filter_output_html()

Bernd Wurst authored on21/09/2019 17:07:48
Showing1 changed files
... ...
@@ -92,7 +92,7 @@ else
92 92
     if ($_POST['defaultname'] == 1) {
93 93
         $account['name'] = null;
94 94
     } else {
95
-        $account['name'] = filter_input_general($_POST['fullname']);
95
+        $account['name'] = filter_input_oneline($_POST['fullname']);
96 96
     }
97 97
 
98 98
     $shells = available_shells();
... ...
@@ -113,7 +113,7 @@ else
113 113
 } elseif ($_GET['action'] == 'delete') {
114 114
     system_failure("Benutzeraccounts zu löschen ist momentan nicht über diese Oberfläche möglich. Bitte wenden Sie sich an einen Administrator.");
115 115
 /*
116
-$account_string = filter_input_general( $account['local'].'@'.$account['domain'] );
116
+$account_string = filter_output_html($account['local'].'@'.$account['domain']);
117 117
 $sure = user_is_sure();
118 118
 if ($sure === NULL)
119 119
 {
Browse code

unneeded variable

Bernd Wurst authored on18/07/2018 12:55:40
Showing1 changed files
... ...
@@ -70,7 +70,6 @@ else
70 70
         header('Location: account');
71 71
     }
72 72
 } elseif ($_GET['action'] == 'edit') {
73
-    $error = false;
74 73
     check_form_token('systemuser_edit');
75 74
     $account = null;
76 75
     if ($role & ROLE_CUSTOMER) {
... ...
@@ -104,7 +103,7 @@ else
104 103
     }
105 104
 
106 105
     set_account_details($account);
107
-    if (! ($debugmode || $error)) {
106
+    if (! ($debugmode)) {
108 107
         $location = 'myaccount';
109 108
         if ($_SESSION['role'] & ROLE_CUSTOMER) {
110 109
             $location = 'account';
Browse code

make sure is initialized to avoid PHP warning

Hanno authored on17/07/2018 18:12:44
Showing1 changed files
... ...
@@ -70,6 +70,7 @@ else
70 70
         header('Location: account');
71 71
     }
72 72
 } elseif ($_GET['action'] == 'edit') {
73
+    $error = false;
73 74
     check_form_token('systemuser_edit');
74 75
     $account = null;
75 76
     if ($role & ROLE_CUSTOMER) {
Browse code

remove whitespace in empty lines

Hanno authored on26/06/2018 23:36:40
Showing1 changed files
... ...
@@ -81,7 +81,7 @@ else
81 81
     if ($role & ROLE_CUSTOMER) {
82 82
         $customerquota = get_customer_quota();
83 83
         $maxquota = $customerquota['max'] - $customerquota['assigned'] + $account['quota'];
84
-   
84
+
85 85
         $quota = (int) $_POST['quota'];
86 86
         if ($quota > $maxquota) {
87 87
             system_failure("Sie können diesem Account maximal {$maxquota} MB Speicherplatz zuweisen.");
... ...
@@ -94,7 +94,7 @@ else
94 94
     } else {
95 95
         $account['name'] = filter_input_general($_POST['fullname']);
96 96
     }
97
-  
97
+
98 98
     $shells = available_shells();
99 99
     if (isset($shells[$_POST['shell']])) {
100 100
         $account['shell'] = $_POST['shell'];
Browse code

Fix coding style with php-cs-checker, see https://cs.sensiolabs.org/

Hanno authored on26/06/2018 13:58:19
Showing1 changed files
... ...
@@ -8,7 +8,7 @@ Written 2008-2018 by schokokeks.org Hosting, namely
8 8
 
9 9
 To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.
10 10
 
11
-You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see 
11
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see
12 12
 http://creativecommons.org/publicdomain/zero/1.0/
13 13
 
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
... ...
@@ -28,120 +28,111 @@ $role = $_SESSION['role'];
28 28
 require_once("inc/debug.php");
29 29
 global $debugmode;
30 30
 
31
-if ($_GET['action'] == 'new')
31
+if ($_GET['action'] == 'new') {
32
+    system_failure('not implemented');
33
+/*
34
+check_form_token('systemuser_new');
35
+if (filter_input_username($_POST['username']) == '' ||
36
+    filter_shell($_POST['password']) == '')
32 37
 {
33
-  system_failure('not implemented');
34
-  /*
35
-  check_form_token('systemuser_new');
36
-  if (filter_input_username($_POST['username']) == '' ||
37
-      filter_shell($_POST['password']) == '')
38
-  {
39
-    input_error('Sie müssen alle Felder ausfüllen!');
40
-  }
41
-  else
42
-  {
43
-    create_jabber_account($_POST['local'], $_POST['domain'], $_POST['password']);
44
-    if (! $debugmode)
45
-      header('Location: account');
46
-  }
47
-  */
38
+  input_error('Sie müssen alle Felder ausfüllen!');
48 39
 }
49
-elseif ($_GET['action'] == 'pwchange')
40
+else
50 41
 {
51
-  if (! $role & ROLE_CUSTOMER)
52
-    system_failure("Zum Ändern Ihres Passworts verwenden Sie bitte die Funktion im Hauptmenü!");
53
-  $error = false;
54
-  check_form_token('systemuser_pwchange');
55
-  if (customer_useraccount($_REQUEST['uid']))
56
-    system_failure('Zum Ändern dieses Passworts verwenden Sie bitte die Funktion im Hauptmenü!');
57
-
58
-  //if (! strong_password($_POST['newpass']))
59
-  //  input_error('Das Passwort ist zu einfach');
60
-  //else
61
-  if ($_POST['newpass1'] == '' ||
62
-      $_POST['newpass1'] != $_POST['newpass2'])
63
-  {
64
-    input_error('Bitte zweimal ein neues Passwort eingeben!');
65
-    $error = true;
66
-  }
67
-  else
68
-  {
69
-    $user = get_account_details($_REQUEST['uid']);
70
-    # set_systemuser_password kommt aus den Session-Funktionen!
71
-    set_systemuser_password($user['uid'], $_POST['newpass1']);
72
-  }
73
-  if (! ($debugmode || $error))
42
+  create_jabber_account($_POST['local'], $_POST['domain'], $_POST['password']);
43
+  if (! $debugmode)
74 44
     header('Location: account');
75 45
 }
76
-elseif ($_GET['action'] == 'edit')
77
-{
78
-  check_form_token('systemuser_edit');
79
-  $account = NULL;
80
-  if ($role & ROLE_CUSTOMER)
81
-    $account = get_account_details($_REQUEST['uid']);
82
-  else
83
-    $account = get_account_details($_SESSION['userinfo']['uid'], $_SESSION['userinfo']['customerno']);
84
-
85
-  if ($role & ROLE_CUSTOMER)
86
-  {
87
-    $customerquota = get_customer_quota();
88
-    $maxquota = $customerquota['max'] - $customerquota['assigned'] + $account['quota'];
46
+*/
47
+} elseif ($_GET['action'] == 'pwchange') {
48
+    if (! $role & ROLE_CUSTOMER) {
49
+        system_failure("Zum Ändern Ihres Passworts verwenden Sie bitte die Funktion im Hauptmenü!");
50
+    }
51
+    $error = false;
52
+    check_form_token('systemuser_pwchange');
53
+    if (customer_useraccount($_REQUEST['uid'])) {
54
+        system_failure('Zum Ändern dieses Passworts verwenden Sie bitte die Funktion im Hauptmenü!');
55
+    }
56
+
57
+    //if (! strong_password($_POST['newpass']))
58
+    //  input_error('Das Passwort ist zu einfach');
59
+    //else
60
+    if ($_POST['newpass1'] == '' ||
61
+      $_POST['newpass1'] != $_POST['newpass2']) {
62
+        input_error('Bitte zweimal ein neues Passwort eingeben!');
63
+        $error = true;
64
+    } else {
65
+        $user = get_account_details($_REQUEST['uid']);
66
+        # set_systemuser_password kommt aus den Session-Funktionen!
67
+        set_systemuser_password($user['uid'], $_POST['newpass1']);
68
+    }
69
+    if (! ($debugmode || $error)) {
70
+        header('Location: account');
71
+    }
72
+} elseif ($_GET['action'] == 'edit') {
73
+    check_form_token('systemuser_edit');
74
+    $account = null;
75
+    if ($role & ROLE_CUSTOMER) {
76
+        $account = get_account_details($_REQUEST['uid']);
77
+    } else {
78
+        $account = get_account_details($_SESSION['userinfo']['uid'], $_SESSION['userinfo']['customerno']);
79
+    }
80
+
81
+    if ($role & ROLE_CUSTOMER) {
82
+        $customerquota = get_customer_quota();
83
+        $maxquota = $customerquota['max'] - $customerquota['assigned'] + $account['quota'];
89 84
    
90
-    $quota = (int) $_POST['quota'];
91
-    if ($quota > $maxquota) 
92
-      system_failure("Sie können diesem Account maximal {$maxquota} MB Speicherplatz zuweisen.");
93
-    $account['quota'] = $quota;
94
-  }
95
-
96
-  if ($_POST['defaultname'] == 1)
97
-    $account['name'] = NULL;
98
-  else
99
-    $account['name'] = filter_input_general($_POST['fullname']);
100
-  
101
-  $shells = available_shells();
102
-  if (isset($shells[$_POST['shell']]))
103
-    $account['shell'] = $_POST['shell'];
104
-  else
105
-    if (isset($_POST['shell']) && $_POST['shell'] != '')
106
-      system_failure('Ungültige Shell');
107
-
108
-  set_account_details($account);
109
-  if (! ($debugmode || $error)) {
110
-    $location = 'myaccount';
111
-    if ($_SESSION['role'] & ROLE_CUSTOMER) {
112
-      $location = 'account';
85
+        $quota = (int) $_POST['quota'];
86
+        if ($quota > $maxquota) {
87
+            system_failure("Sie können diesem Account maximal {$maxquota} MB Speicherplatz zuweisen.");
88
+        }
89
+        $account['quota'] = $quota;
90
+    }
91
+
92
+    if ($_POST['defaultname'] == 1) {
93
+        $account['name'] = null;
94
+    } else {
95
+        $account['name'] = filter_input_general($_POST['fullname']);
113 96
     }
114
-    header('Location: '.$location);
115
-  }
116 97
   
98
+    $shells = available_shells();
99
+    if (isset($shells[$_POST['shell']])) {
100
+        $account['shell'] = $_POST['shell'];
101
+    } elseif (isset($_POST['shell']) && $_POST['shell'] != '') {
102
+        system_failure('Ungültige Shell');
103
+    }
104
+
105
+    set_account_details($account);
106
+    if (! ($debugmode || $error)) {
107
+        $location = 'myaccount';
108
+        if ($_SESSION['role'] & ROLE_CUSTOMER) {
109
+            $location = 'account';
110
+        }
111
+        header('Location: '.$location);
112
+    }
113
+} elseif ($_GET['action'] == 'delete') {
114
+    system_failure("Benutzeraccounts zu löschen ist momentan nicht über diese Oberfläche möglich. Bitte wenden Sie sich an einen Administrator.");
115
+/*
116
+$account_string = filter_input_general( $account['local'].'@'.$account['domain'] );
117
+$sure = user_is_sure();
118
+if ($sure === NULL)
119
+{
120
+  are_you_sure("action=delete&account={$_GET['account']}", "Möchten Sie den Account »{$account_string}« wirklich löschen?");
117 121
 }
118
-elseif ($_GET['action'] == 'delete')
122
+elseif ($sure === true)
119 123
 {
120
-  system_failure("Benutzeraccounts zu löschen ist momentan nicht über diese Oberfläche möglich. Bitte wenden Sie sich an einen Administrator.");
121
-  /*
122
-  $account_string = filter_input_general( $account['local'].'@'.$account['domain'] );
123
-  $sure = user_is_sure();
124
-  if ($sure === NULL)
125
-  {
126
-    are_you_sure("action=delete&account={$_GET['account']}", "Möchten Sie den Account »{$account_string}« wirklich löschen?");
127
-  }
128
-  elseif ($sure === true)
129
-  {
130
-    delete_jabber_account($account['id']);
131
-    if (! $debugmode)
132
-      header("Location: account");
133
-  }
134
-  elseif ($sure === false)
135
-  {
136
-    if (! $debugmode)
137
-      header("Location: account");
138
-  }
139
-  */
124
+  delete_jabber_account($account['id']);
125
+  if (! $debugmode)
126
+    header("Location: account");
127
+}
128
+elseif ($sure === false)
129
+{
130
+  if (! $debugmode)
131
+    header("Location: account");
132
+}
133
+*/
134
+} else {
135
+    system_failure("Unimplemented action");
140 136
 }
141
-else
142
-  system_failure("Unimplemented action");
143 137
 
144 138
 output('');
145
-
146
-
147
-?>
Browse code

Copyright year update

Bernd Wurst authored on13/01/2018 06:07:05
Showing1 changed files
... ...
@@ -2,7 +2,7 @@
2 2
 /*
3 3
 This file belongs to the Webinterface of schokokeks.org Hosting
4 4
 
5
-Written 2008-2014 by schokokeks.org Hosting, namely
5
+Written 2008-2018 by schokokeks.org Hosting, namely
6 6
   Bernd Wurst <bernd@schokokeks.org>
7 7
   Hanno Böck <hanno@schokokeks.org>
8 8
 
Browse code

Lizenzinfos in eigenes Modul ausgelagert und Copyright auf 2014 angepasst

Bernd Wurst authored on08/02/2014 05:45:07
Showing1 changed files
... ...
@@ -2,7 +2,7 @@
2 2
 /*
3 3
 This file belongs to the Webinterface of schokokeks.org Hosting
4 4
 
5
-Written 2008-2013 by schokokeks.org Hosting, namely
5
+Written 2008-2014 by schokokeks.org Hosting, namely
6 6
   Bernd Wurst <bernd@schokokeks.org>
7 7
   Hanno Böck <hanno@schokokeks.org>
8 8
 
Browse code

Updated copyright notice (2012 => 2013)

Bernd Wurst authored on19/01/2013 10:49:50
Showing1 changed files
... ...
@@ -2,7 +2,7 @@
2 2
 /*
3 3
 This file belongs to the Webinterface of schokokeks.org Hosting
4 4
 
5
-Written 2008-2012 by schokokeks.org Hosting, namely
5
+Written 2008-2013 by schokokeks.org Hosting, namely
6 6
   Bernd Wurst <bernd@schokokeks.org>
7 7
   Hanno Böck <hanno@schokokeks.org>
8 8
 
Browse code

Redirect non-customer users to the right overview page

Bernd Wurst authored on22/05/2012 15:04:39
Showing1 changed files
... ...
@@ -106,8 +106,13 @@ elseif ($_GET['action'] == 'edit')
106 106
       system_failure('Ungültige Shell');
107 107
 
108 108
   set_account_details($account);
109
-  if (! ($debugmode || $error))
110
-    header('Location: account');
109
+  if (! ($debugmode || $error)) {
110
+    $location = 'myaccount';
111
+    if ($_SESSION['role'] & ROLE_CUSTOMER) {
112
+      $location = 'account';
113
+    }
114
+    header('Location: '.$location);
115
+  }
111 116
   
112 117
 }
113 118
 elseif ($_GET['action'] == 'delete')
Browse code

Added license tags for CC0, README and COPYING

Bernd Wurst authored on11/03/2012 15:40:04
Showing1 changed files
... ...
@@ -1,4 +1,18 @@
1 1
 <?php
2
+/*
3
+This file belongs to the Webinterface of schokokeks.org Hosting
4
+
5
+Written 2008-2012 by schokokeks.org Hosting, namely
6
+  Bernd Wurst <bernd@schokokeks.org>
7
+  Hanno Böck <hanno@schokokeks.org>
8
+
9
+To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.
10
+
11
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see 
12
+http://creativecommons.org/publicdomain/zero/1.0/
13
+
14
+Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15
+*/
2 16
 
3 17
 require_once('session/start.php');
4 18
 
Browse code

Falsche Umleitung

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1846 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on28/11/2010 10:24:03
Showing1 changed files
... ...
@@ -28,7 +28,7 @@ if ($_GET['action'] == 'new')
28 28
   {
29 29
     create_jabber_account($_POST['local'], $_POST['domain'], $_POST['password']);
30 30
     if (! $debugmode)
31
-      header('Location: accounts');
31
+      header('Location: account');
32 32
   }
33 33
   */
34 34
 }
... ...
@@ -57,7 +57,7 @@ elseif ($_GET['action'] == 'pwchange')
57 57
     set_systemuser_password($user['uid'], $_POST['newpass1']);
58 58
   }
59 59
   if (! ($debugmode || $error))
60
-    header('Location: accounts');
60
+    header('Location: account');
61 61
 }
62 62
 elseif ($_GET['action'] == 'edit')
63 63
 {
... ...
@@ -92,11 +92,8 @@ elseif ($_GET['action'] == 'edit')
92 92
       system_failure('Ungültige Shell');
93 93
 
94 94
   set_account_details($account);
95
-  $target = 'accounts';
96
-  if (! ($role & ROLE_CUSTOMER))
97
-    $target = 'myaccount';
98 95
   if (! ($debugmode || $error))
99
-    header('Location: '.$target);
96
+    header('Location: account');
100 97
   
101 98
 }
102 99
 elseif ($_GET['action'] == 'delete')
... ...
@@ -113,12 +110,12 @@ elseif ($_GET['action'] == 'delete')
113 110
   {
114 111
     delete_jabber_account($account['id']);
115 112
     if (! $debugmode)
116
-      header("Location: accounts");
113
+      header("Location: account");
117 114
   }
118 115
   elseif ($sure === false)
119 116
   {
120 117
     if (! $debugmode)
121
-      header("Location: accounts");
118
+      header("Location: account");
122 119
   }
123 120
   */
124 121
 }
Browse code

Fehlermeldung, wenn ungültige Shell gewählt wird

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1726 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on19/04/2010 14:20:12
Showing1 changed files
... ...
@@ -87,6 +87,9 @@ elseif ($_GET['action'] == 'edit')
87 87
   $shells = available_shells();
88 88
   if (isset($shells[$_POST['shell']]))
89 89
     $account['shell'] = $_POST['shell'];
90
+  else
91
+    if (isset($_POST['shell']) && $_POST['shell'] != '')
92
+      system_failure('Ungültige Shell');
90 93
 
91 94
   set_account_details($account);
92 95
   $target = 'accounts';
Browse code

Erlaube Änderung von Name und Shell auch bei einem Nicht-Kunden

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1722 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on13/04/2010 10:34:13
Showing1 changed files
... ...
@@ -7,7 +7,9 @@ require_once('useraccounts.php');
7 7
 require_once('inc/security.php');
8 8
 
9 9
 
10
-require_role(ROLE_CUSTOMER);
10
+require_role(array(ROLE_CUSTOMER, ROLE_SYSTEMUSER));
11
+
12
+$role = $_SESSION['role'];
11 13
 
12 14
 require_once("inc/debug.php");
13 15
 global $debugmode;
... ...
@@ -32,6 +34,8 @@ if ($_GET['action'] == 'new')
32 34
 }
33 35
 elseif ($_GET['action'] == 'pwchange')
34 36
 {
37
+  if (! $role & ROLE_CUSTOMER)
38
+    system_failure("Zum Ändern Ihres Passworts verwenden Sie bitte die Funktion im Hauptmenü!");
35 39
   $error = false;
36 40
   check_form_token('systemuser_pwchange');
37 41
   if (customer_useraccount($_REQUEST['uid']))
... ...
@@ -58,15 +62,22 @@ elseif ($_GET['action'] == 'pwchange')
58 62
 elseif ($_GET['action'] == 'edit')
59 63
 {
60 64
   check_form_token('systemuser_edit');
61
-  $account = get_account_details($_REQUEST['uid']);
65
+  $account = NULL;
66
+  if ($role & ROLE_CUSTOMER)
67
+    $account = get_account_details($_REQUEST['uid']);
68
+  else
69
+    $account = get_account_details($_SESSION['userinfo']['uid'], $_SESSION['userinfo']['customerno']);
62 70
 
63
-  $customerquota = get_customer_quota();
64
-  $maxquota = $customerquota['max'] - $customerquota['assigned'] + $account['quota'];
65
- 
66
-  $quota = (int) $_POST['quota'];
67
-  if ($quota > $maxquota) 
68
-    system_failure("Sie können diesem Account maximal {$maxquota} MB Speicherplatz zuweisen.");
69
-  $account['quota'] = $quota;
71
+  if ($role & ROLE_CUSTOMER)
72
+  {
73
+    $customerquota = get_customer_quota();
74
+    $maxquota = $customerquota['max'] - $customerquota['assigned'] + $account['quota'];
75
+   
76
+    $quota = (int) $_POST['quota'];
77
+    if ($quota > $maxquota) 
78
+      system_failure("Sie können diesem Account maximal {$maxquota} MB Speicherplatz zuweisen.");
79
+    $account['quota'] = $quota;
80
+  }
70 81
 
71 82
   if ($_POST['defaultname'] == 1)
72 83
     $account['name'] = NULL;
... ...
@@ -78,8 +89,11 @@ elseif ($_GET['action'] == 'edit')
78 89
     $account['shell'] = $_POST['shell'];
79 90
 
80 91
   set_account_details($account);
92
+  $target = 'accounts';
93
+  if (! ($role & ROLE_CUSTOMER))
94
+    $target = 'myaccount';
81 95
   if (! ($debugmode || $error))
82
-    header('Location: accounts');
96
+    header('Location: '.$target);
83 97
   
84 98
 }
85 99
 elseif ($_GET['action'] == 'delete')
Browse code

Überarbeitetes Systemuser-Modul, mit dem man Quotas, Realname und Shell selbst setzen kann.

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1718 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on12/04/2010 15:46:40
Showing1 changed files
... ...
@@ -30,33 +30,54 @@ if ($_GET['action'] == 'new')
30 30
   }
31 31
   */
32 32
 }
33
-elseif ($_GET['action'] == 'edit')
33
+elseif ($_GET['action'] == 'pwchange')
34 34
 {
35 35
   $error = false;
36
-  check_form_token('systemuser_edit');
37
-  if (customer_useraccount($_POST['uid']))
38
-    system_failure('Aus Sicherheitsgründen können Sie diesen Account nicht ändern!');
36
+  check_form_token('systemuser_pwchange');
37
+  if (customer_useraccount($_REQUEST['uid']))
38
+    system_failure('Zum Ändern dieses Passworts verwenden Sie bitte die Funktion im Hauptmenü!');
39 39
 
40
-  if ($_POST['newpass'] != '')
40
+  //if (! strong_password($_POST['newpass']))
41
+  //  input_error('Das Passwort ist zu einfach');
42
+  //else
43
+  if ($_POST['newpass1'] == '' ||
44
+      $_POST['newpass1'] != $_POST['newpass2'])
45
+  {
46
+    input_error('Bitte zweimal ein neues Passwort eingeben!');
47
+    $error = true;
48
+  }
49
+  else
41 50
   {
42
-    //if (! strong_password($_POST['newpass']))
43
-    //  input_error('Das Passwort ist zu einfach');
44
-    //else
45
-    if ($_POST['newpass2'] == '' ||
46
-        $_POST['newpass'] != $_POST['newpass2'])
47
-    {
48
-      input_error('Bitte zweimal ein neues Passwort eingeben!');
49
-      $error = true;
50
-    }
51
-    else
52
-    {
53
-      $user = get_account_details($_POST['uid']);
54
-      # set_systemuser_password kommt aus den Session-Funktionen!
55
-      set_systemuser_password($user['uid'], $_POST['newpass']);
56
-    }
51
+    $user = get_account_details($_REQUEST['uid']);
52
+    # set_systemuser_password kommt aus den Session-Funktionen!
53
+    set_systemuser_password($user['uid'], $_POST['newpass1']);
57 54
   }
55
+  if (! ($debugmode || $error))
56
+    header('Location: accounts');
57
+}
58
+elseif ($_GET['action'] == 'edit')
59
+{
60
+  check_form_token('systemuser_edit');
61
+  $account = get_account_details($_REQUEST['uid']);
62
+
63
+  $customerquota = get_customer_quota();
64
+  $maxquota = $customerquota['max'] - $customerquota['assigned'] + $account['quota'];
65
+ 
66
+  $quota = (int) $_POST['quota'];
67
+  if ($quota > $maxquota) 
68
+    system_failure("Sie können diesem Account maximal {$maxquota} MB Speicherplatz zuweisen.");
69
+  $account['quota'] = $quota;
70
+
71
+  if ($_POST['defaultname'] == 1)
72
+    $account['name'] = NULL;
73
+  else
74
+    $account['name'] = filter_input_general($_POST['fullname']);
75
+  
76
+  $shells = available_shells();
77
+  if (isset($shells[$_POST['shell']]))
78
+    $account['shell'] = $_POST['shell'];
58 79
 
59
-  set_systemuser_details($_POST['uid'], $_POST['fullname'], $_POST['quota']);
80
+  set_account_details($account);
60 81
   if (! ($debugmode || $error))
61 82
     header('Location: accounts');
62 83
   
Browse code

* alle internen Links sinnvoll (und gleichartig!) encoden * Automatischer Upgrader für Drupal funktioniert jetzt

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1301 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on07/03/2009 14:48:53
Showing1 changed files
... ...
@@ -69,7 +69,7 @@ elseif ($_GET['action'] == 'delete')
69 69
   $sure = user_is_sure();
70 70
   if ($sure === NULL)
71 71
   {
72
-    are_you_sure("action=delete&amp;account={$_GET['account']}", "Möchten Sie den Account »{$account_string}« wirklich löschen?");
72
+    are_you_sure("action=delete&account={$_GET['account']}", "Möchten Sie den Account »{$account_string}« wirklich löschen?");
73 73
   }
74 74
   elseif ($sure === true)
75 75
   {
Browse code

eliminate .php extensions for URLs

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1128 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on08/08/2008 19:32:32
Showing1 changed files
... ...
@@ -26,7 +26,7 @@ if ($_GET['action'] == 'new')
26 26
   {
27 27
     create_jabber_account($_POST['local'], $_POST['domain'], $_POST['password']);
28 28
     if (! $debugmode)
29
-      header('Location: accounts.php');
29
+      header('Location: accounts');
30 30
   }
31 31
   */
32 32
 }
... ...
@@ -58,7 +58,7 @@ elseif ($_GET['action'] == 'edit')
58 58
 
59 59
   set_systemuser_details($_POST['uid'], $_POST['fullname'], $_POST['quota']);
60 60
   if (! ($debugmode || $error))
61
-    header('Location: accounts.php');
61
+    header('Location: accounts');
62 62
   
63 63
 }
64 64
 elseif ($_GET['action'] == 'delete')
... ...
@@ -75,12 +75,12 @@ elseif ($_GET['action'] == 'delete')
75 75
   {
76 76
     delete_jabber_account($account['id']);
77 77
     if (! $debugmode)
78
-      header("Location: accounts.php");
78
+      header("Location: accounts");
79 79
   }
80 80
   elseif ($sure === false)
81 81
   {
82 82
     if (! $debugmode)
83
-      header("Location: accounts.php");
83
+      header("Location: accounts");
84 84
   }
85 85
   */
86 86
 }
Browse code

nicht mehr der user mit der kleinsten UID ist Kunden sondern der, der als solcher gekennzeichnet ist.

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@618 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on11/08/2007 17:50:51
Showing1 changed files
... ...
@@ -34,7 +34,7 @@ elseif ($_GET['action'] == 'edit')
34 34
 {
35 35
   $error = false;
36 36
   check_form_token('systemuser_edit');
37
-  if ($_POST['uid'] == primary_useraccount())
37
+  if (customer_useraccount($_POST['uid']))
38 38
     system_failure('Aus Sicherheitsgründen können Sie diesen Account nicht ändern!');
39 39
 
40 40
   if ($_POST['newpass'] != '')
Browse code

Primärer Useraccount kann damit nicht mehr geändert werden, wenn er zum Login benutzt wurde.

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@566 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on30/07/2007 13:02:41
Showing1 changed files
... ...
@@ -16,9 +16,8 @@ if ($_GET['action'] == 'new')
16 16
 {
17 17
   system_failure('not implemented');
18 18
   /*
19
-  check_form_token('jabber_new_account');
20
-  if (filter_input_username($_POST['local']) == '' ||
21
-      $_POST['domain'] == '' ||
19
+  check_form_token('systemuser_new');
20
+  if (filter_input_username($_POST['username']) == '' ||
22 21
       filter_shell($_POST['password']) == '')
23 22
   {
24 23
     input_error('Sie müssen alle Felder ausfüllen!');
... ...
@@ -35,8 +34,14 @@ elseif ($_GET['action'] == 'edit')
35 34
 {
36 35
   $error = false;
37 36
   check_form_token('systemuser_edit');
37
+  if ($_POST['uid'] == primary_useraccount())
38
+    system_failure('Aus Sicherheitsgründen können Sie diesen Account nicht ändern!');
39
+
38 40
   if ($_POST['newpass'] != '')
39 41
   {
42
+    //if (! strong_password($_POST['newpass']))
43
+    //  input_error('Das Passwort ist zu einfach');
44
+    //else
40 45
     if ($_POST['newpass2'] == '' ||
41 46
         $_POST['newpass'] != $_POST['newpass2'])
42 47
     {
Browse code

Systemuser-Modul hinzugefügt

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@563 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on28/07/2007 18:07:01
Showing1 changed files
1 1
new file mode 100644
... ...
@@ -0,0 +1,88 @@
1
+<?php
2
+
3
+require_once('session/start.php');
4
+
5
+require_once('useraccounts.php');
6
+
7
+require_once('inc/security.php');
8
+
9
+
10
+require_role(ROLE_CUSTOMER);
11
+
12
+require_once("inc/debug.php");
13
+global $debugmode;
14
+
15
+if ($_GET['action'] == 'new')
16
+{
17
+  system_failure('not implemented');
18
+  /*
19
+  check_form_token('jabber_new_account');
20
+  if (filter_input_username($_POST['local']) == '' ||
21
+      $_POST['domain'] == '' ||
22
+      filter_shell($_POST['password']) == '')
23
+  {
24
+    input_error('Sie müssen alle Felder ausfüllen!');
25
+  }
26
+  else
27
+  {
28
+    create_jabber_account($_POST['local'], $_POST['domain'], $_POST['password']);
29
+    if (! $debugmode)
30
+      header('Location: accounts.php');
31
+  }
32
+  */
33
+}
34
+elseif ($_GET['action'] == 'edit')
35
+{
36
+  $error = false;
37
+  check_form_token('systemuser_edit');
38
+  if ($_POST['newpass'] != '')
39
+  {
40
+    if ($_POST['newpass2'] == '' ||
41
+        $_POST['newpass'] != $_POST['newpass2'])
42
+    {
43
+      input_error('Bitte zweimal ein neues Passwort eingeben!');
44
+      $error = true;
45
+    }
46
+    else
47
+    {
48
+      $user = get_account_details($_POST['uid']);
49
+      # set_systemuser_password kommt aus den Session-Funktionen!
50
+      set_systemuser_password($user['uid'], $_POST['newpass']);
51
+    }
52
+  }
53
+
54
+  set_systemuser_details($_POST['uid'], $_POST['fullname'], $_POST['quota']);
55
+  if (! ($debugmode || $error))
56
+    header('Location: accounts.php');
57
+  
58
+}
59
+elseif ($_GET['action'] == 'delete')
60
+{
61
+  system_failure("Benutzeraccounts zu löschen ist momentan nicht über diese Oberfläche möglich. Bitte wenden Sie sich an einen Administrator.");
62
+  /*
63
+  $account_string = filter_input_general( $account['local'].'@'.$account['domain'] );
64
+  $sure = user_is_sure();
65
+  if ($sure === NULL)
66
+  {
67
+    are_you_sure("action=delete&amp;account={$_GET['account']}", "Möchten Sie den Account »{$account_string}« wirklich löschen?");
68
+  }
69
+  elseif ($sure === true)
70
+  {
71
+    delete_jabber_account($account['id']);
72
+    if (! $debugmode)
73
+      header("Location: accounts.php");
74
+  }
75
+  elseif ($sure === false)
76
+  {
77
+    if (! $debugmode)
78
+      header("Location: accounts.php");
79
+  }
80
+  */
81
+}
82
+else
83
+  system_failure("Unimplemented action");
84
+
85
+output('');
86
+
87
+
88
+?>