Browse code

Codingstyle PSR12 + array syntax

Hanno Böck authored on 30/10/2021 21:18:17
Showing 1 changed files
... ...
@@ -16,7 +16,7 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r
16 16
 
17 17
 require_once('session/start.php');
18 18
 require_once('inc/icons.php');
19
-require_role(array(ROLE_SYSTEMUSER));
19
+require_role([ROLE_SYSTEMUSER]);
20 20
 
21 21
 global $prefix;
22 22
 
Browse code

add password strength check for mysql users

Bernd Wurst authored on 10/04/2019 09:15:05
Showing 1 changed files
... ...
@@ -50,6 +50,10 @@ if (isset($_GET['action']) && $_GET['action'] == 'newuser') {
50 50
     $username = $_POST['newuser'];
51 51
     $desc = $_POST['description'];
52 52
     $password = $_POST['newpass'];
53
+    $check = strong_password($password);
54
+    if ($check !== true) {
55
+        system_failure('Das Passwort ist nicht sicher genug.');
56
+    }
53 57
     create_mysql_account($username, $desc);
54 58
     set_mysql_password($username, $password);
55 59
     if (isset($_POST['access'])) {
... ...
@@ -108,6 +112,10 @@ if (isset($_GET['action'])) {
108 112
       break;
109 113
     case 'change_pw':
110 114
       check_form_token('mysql_databases');
115
+      $check = strong_password($_POST['newpass']);
116
+      if ($check !== true) {
117
+          system_failure('Das Passwort ist nicht sicher genug.');
118
+      }
111 119
       set_mysql_password($_POST['mysql_username'], $_POST['newpass']);
112 120
       redirect('overview');
113 121
       break;
Browse code

remove whitespace in empty lines

Hanno authored on 26/06/2018 23:36:40
Showing 1 changed files
... ...
@@ -121,7 +121,7 @@ $users = get_mysql_accounts($_SESSION['userinfo']['uid']);
121 121
 
122 122
 if (isset($_POST['accesseditor'])) {
123 123
     check_form_token('mysql_databases');
124
-  
124
+
125 125
     foreach ($dbs as $db) {
126 126
         $db = $db['name'];
127 127
         foreach ($users as $user) {
Browse code

Fix coding style with php-cs-checker, see https://cs.sensiolabs.org/

Hanno authored on 26/06/2018 13:58:19
Showing 1 changed files
... ...
@@ -8,7 +8,7 @@ Written 2008-2018 by schokokeks.org Hosting, namely
8 8
 
9 9
 To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.
10 10
 
11
-You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see 
11
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see
12 12
 http://creativecommons.org/publicdomain/zero/1.0/
13 13
 
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
... ...
@@ -23,96 +23,87 @@ global $prefix;
23 23
 require_once('mysql.php');
24 24
 
25 25
 if (isset($_GET['action']) && $_GET['action'] == 'permchange') {
26
-  check_form_token('mysql_permchange');
27
-  set_mysql_access($_GET['db'], $_GET['user'], ($_GET['access'] == 1));
28
-  redirect('overview');
26
+    check_form_token('mysql_permchange');
27
+    set_mysql_access($_GET['db'], $_GET['user'], ($_GET['access'] == 1));
28
+    redirect('overview');
29 29
 }
30 30
 
31 31
 if (isset($_GET['action']) && $_GET['action'] == 'newdb') {
32
-  check_form_token('mysql_newdb');
33
-  $dbname = $_POST['newdb'];
34
-  $desc = $_POST['description'];
35
-  $server = NULL;
36
-  if (isset($_POST['server'])) {
37
-    $server = $_POST['server'];
38
-  }
39
-  create_mysql_database($dbname, $desc, $server);
40
-  if (isset($_POST['access'])) {
41
-    foreach ($_POST['access'] as $user) {
42
-      set_mysql_access($dbname, $user, true);
32
+    check_form_token('mysql_newdb');
33
+    $dbname = $_POST['newdb'];
34
+    $desc = $_POST['description'];
35
+    $server = null;
36
+    if (isset($_POST['server'])) {
37
+        $server = $_POST['server'];
43 38
     }
44
-  }
45
-  redirect('overview');
39
+    create_mysql_database($dbname, $desc, $server);
40
+    if (isset($_POST['access'])) {
41
+        foreach ($_POST['access'] as $user) {
42
+            set_mysql_access($dbname, $user, true);
43
+        }
44
+    }
45
+    redirect('overview');
46 46
 }
47 47
 
48 48
 if (isset($_GET['action']) && $_GET['action'] == 'newuser') {
49
-  check_form_token('mysql_newuser');
50
-  $username = $_POST['newuser'];
51
-  $desc = $_POST['description'];
52
-  $password = $_POST['newpass'];
53
-  create_mysql_account($username, $desc);
54
-  set_mysql_password($username, $password);
55
-  if (isset($_POST['access'])) {
56
-    foreach ($_POST['access'] as $dbname) {
57
-      set_mysql_access($dbname, $username, true);
49
+    check_form_token('mysql_newuser');
50
+    $username = $_POST['newuser'];
51
+    $desc = $_POST['description'];
52
+    $password = $_POST['newpass'];
53
+    create_mysql_account($username, $desc);
54
+    set_mysql_password($username, $password);
55
+    if (isset($_POST['access'])) {
56
+        foreach ($_POST['access'] as $dbname) {
57
+            set_mysql_access($dbname, $username, true);
58
+        }
58 59
     }
59
-  }
60
-  redirect('overview');
60
+    redirect('overview');
61 61
 }
62 62
 
63 63
 if (isset($_GET['action']) && $_GET['action'] == 'description') {
64
-  check_form_token('mysql_description');
65
-  if (isset($_GET['db'])) {
66
-    $db = $_GET['db'];
67
-    $description = $_POST['description'];
68
-    set_database_description($db, $description);
69
-  }
70
-  if (isset($_GET['username'])) {
71
-    $user = $_GET['username'];
72
-    $description = $_POST['description'];
73
-    set_dbuser_description($user, $description);
74
-  }
75
-  redirect('overview');
64
+    check_form_token('mysql_description');
65
+    if (isset($_GET['db'])) {
66
+        $db = $_GET['db'];
67
+        $description = $_POST['description'];
68
+        set_database_description($db, $description);
69
+    }
70
+    if (isset($_GET['username'])) {
71
+        $user = $_GET['username'];
72
+        $description = $_POST['description'];
73
+        set_dbuser_description($user, $description);
74
+    }
75
+    redirect('overview');
76 76
 }
77 77
 
78 78
 
79 79
 if (isset($_GET['action'])) {
80
-  switch ($_GET['action'])
81
-  {
80
+    switch ($_GET['action']) {
82 81
     case 'delete_db':
83
-      if (! has_mysql_database($_GET['db']))
84
-        system_failure('Ungültige Datenbank');
85
-      $sure = user_is_sure();
86
-      if ($sure === NULL)
87
-      {
88
-        are_you_sure("action=delete_db&db={$_GET['db']}", "Möchten Sie die Datenbank »{$_GET['db']}« wirklich löschen?");
82
+      if (! has_mysql_database($_GET['db'])) {
83
+          system_failure('Ungültige Datenbank');
89 84
       }
90
-      elseif ($sure === true)
91
-      {
92
-        delete_mysql_database($_GET['db']);
93
-        redirect('overview');
94
-      }
95
-      elseif ($sure === false)
96
-      {
97
-        redirect('overview');
85
+      $sure = user_is_sure();
86
+      if ($sure === null) {
87
+          are_you_sure("action=delete_db&db={$_GET['db']}", "Möchten Sie die Datenbank »{$_GET['db']}« wirklich löschen?");
88
+      } elseif ($sure === true) {
89
+          delete_mysql_database($_GET['db']);
90
+          redirect('overview');
91
+      } elseif ($sure === false) {
92
+          redirect('overview');
98 93
       }
99 94
       break;
100 95
     case 'delete_user':
101
-      if (! has_mysql_user($_GET['user']))
102
-        system_failure('Ungültiger Benutzer');
103
-      $sure = user_is_sure();
104
-      if ($sure === NULL)
105
-      {
106
-        are_you_sure("action=delete_user&user={$_GET['user']}", "Möchten Sie den Benutzer »{$_GET['user']}« wirklich löschen?");
107
-      }
108
-      elseif ($sure === true)
109
-      {
110
-        delete_mysql_account($_GET['user']);
111
-        redirect('overview');
96
+      if (! has_mysql_user($_GET['user'])) {
97
+          system_failure('Ungültiger Benutzer');
112 98
       }
113
-      elseif ($sure === false)
114
-      {
115
-        redirect('overview');
99
+      $sure = user_is_sure();
100
+      if ($sure === null) {
101
+          are_you_sure("action=delete_user&user={$_GET['user']}", "Möchten Sie den Benutzer »{$_GET['user']}« wirklich löschen?");
102
+      } elseif ($sure === true) {
103
+          delete_mysql_account($_GET['user']);
104
+          redirect('overview');
105
+      } elseif ($sure === false) {
106
+          redirect('overview');
116 107
       }
117 108
       break;
118 109
     case 'change_pw':
... ...
@@ -128,24 +119,19 @@ if (isset($_GET['action'])) {
128 119
 $dbs = get_mysql_databases($_SESSION['userinfo']['uid']);
129 120
 $users = get_mysql_accounts($_SESSION['userinfo']['uid']);
130 121
 
131
-if (isset($_POST['accesseditor']))
132
-{
133
-  check_form_token('mysql_databases');
122
+if (isset($_POST['accesseditor'])) {
123
+    check_form_token('mysql_databases');
134 124
   
135
-  foreach ($dbs as $db)
136
-  {
137
-    $db = $db['name'];
138
-    foreach ($users as $user)
139
-    {
140
-      $user = $user['username'];
141
-      if (! isset($_POST['access'][$db]))
142
-        set_mysql_access($db, $user, false);
143
-      else
144
-        set_mysql_access($db, $user, in_array($user, $_POST['access'][$db]));
125
+    foreach ($dbs as $db) {
126
+        $db = $db['name'];
127
+        foreach ($users as $user) {
128
+            $user = $user['username'];
129
+            if (! isset($_POST['access'][$db])) {
130
+                set_mysql_access($db, $user, false);
131
+            } else {
132
+                set_mysql_access($db, $user, in_array($user, $_POST['access'][$db]));
133
+            }
134
+        }
145 135
     }
146
-  }
147
-  $mysql_access = NULL;
136
+    $mysql_access = null;
148 137
 }
149
-
150
-
151
-?>
Browse code

Copyright year update

Bernd Wurst authored on 13/01/2018 06:07:05
Showing 1 changed files
... ...
@@ -2,7 +2,7 @@
2 2
 /*
3 3
 This file belongs to the Webinterface of schokokeks.org Hosting
4 4
 
5
-Written 2008-2014 by schokokeks.org Hosting, namely
5
+Written 2008-2018 by schokokeks.org Hosting, namely
6 6
   Bernd Wurst <bernd@schokokeks.org>
7 7
   Hanno Böck <hanno@schokokeks.org>
8 8
 
Browse code

Lizenzinfos in eigenes Modul ausgelagert und Copyright auf 2014 angepasst

Bernd Wurst authored on 08/02/2014 05:45:07
Showing 1 changed files
... ...
@@ -2,7 +2,7 @@
2 2
 /*
3 3
 This file belongs to the Webinterface of schokokeks.org Hosting
4 4
 
5
-Written 2008-2013 by schokokeks.org Hosting, namely
5
+Written 2008-2014 by schokokeks.org Hosting, namely
6 6
   Bernd Wurst <bernd@schokokeks.org>
7 7
   Hanno Böck <hanno@schokokeks.org>
8 8
 
Browse code

Passwort-Erzeugung auch beim Ändern des MySQL-Passworts

Bernd Wurst authored on 13/03/2013 11:19:19
Showing 1 changed files
... ...
@@ -117,7 +117,7 @@ if (isset($_GET['action'])) {
117 117
       break;
118 118
     case 'change_pw':
119 119
       check_form_token('mysql_databases');
120
-      set_mysql_password($_POST['mysql_username'], $_POST['mysql_password']);
120
+      set_mysql_password($_POST['mysql_username'], $_POST['newpass']);
121 121
       redirect('overview');
122 122
       break;
123 123
     default:
Browse code

Neue MySQL-Verwaltung

Bernd Wurst authored on 28/02/2013 15:51:12
Showing 1 changed files
1 1
new file mode 100644
... ...
@@ -0,0 +1,151 @@
1
+<?php
2
+/*
3
+This file belongs to the Webinterface of schokokeks.org Hosting
4
+
5
+Written 2008-2013 by schokokeks.org Hosting, namely
6
+  Bernd Wurst <bernd@schokokeks.org>
7
+  Hanno Böck <hanno@schokokeks.org>
8
+
9
+To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.
10
+
11
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see 
12
+http://creativecommons.org/publicdomain/zero/1.0/
13
+
14
+Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15
+*/
16
+
17
+require_once('session/start.php');
18
+require_once('inc/icons.php');
19
+require_role(array(ROLE_SYSTEMUSER));
20
+
21
+global $prefix;
22
+
23
+require_once('mysql.php');
24
+
25
+if (isset($_GET['action']) && $_GET['action'] == 'permchange') {
26
+  check_form_token('mysql_permchange');
27
+  set_mysql_access($_GET['db'], $_GET['user'], ($_GET['access'] == 1));
28
+  redirect('overview');
29
+}
30
+
31
+if (isset($_GET['action']) && $_GET['action'] == 'newdb') {
32
+  check_form_token('mysql_newdb');
33
+  $dbname = $_POST['newdb'];
34
+  $desc = $_POST['description'];
35
+  $server = NULL;
36
+  if (isset($_POST['server'])) {
37
+    $server = $_POST['server'];
38
+  }
39
+  create_mysql_database($dbname, $desc, $server);
40
+  if (isset($_POST['access'])) {
41
+    foreach ($_POST['access'] as $user) {
42
+      set_mysql_access($dbname, $user, true);
43
+    }
44
+  }
45
+  redirect('overview');
46
+}
47
+
48
+if (isset($_GET['action']) && $_GET['action'] == 'newuser') {
49
+  check_form_token('mysql_newuser');
50
+  $username = $_POST['newuser'];
51
+  $desc = $_POST['description'];
52
+  $password = $_POST['newpass'];
53
+  create_mysql_account($username, $desc);
54
+  set_mysql_password($username, $password);
55
+  if (isset($_POST['access'])) {
56
+    foreach ($_POST['access'] as $dbname) {
57
+      set_mysql_access($dbname, $username, true);
58
+    }
59
+  }
60
+  redirect('overview');
61
+}
62
+
63
+if (isset($_GET['action']) && $_GET['action'] == 'description') {
64
+  check_form_token('mysql_description');
65
+  if (isset($_GET['db'])) {
66
+    $db = $_GET['db'];
67
+    $description = $_POST['description'];
68
+    set_database_description($db, $description);
69
+  }
70
+  if (isset($_GET['username'])) {
71
+    $user = $_GET['username'];
72
+    $description = $_POST['description'];
73
+    set_dbuser_description($user, $description);
74
+  }
75
+  redirect('overview');
76
+}
77
+
78
+
79
+if (isset($_GET['action'])) {
80
+  switch ($_GET['action'])
81
+  {
82
+    case 'delete_db':
83
+      if (! has_mysql_database($_GET['db']))
84
+        system_failure('Ungültige Datenbank');
85
+      $sure = user_is_sure();
86
+      if ($sure === NULL)
87
+      {
88
+        are_you_sure("action=delete_db&db={$_GET['db']}", "Möchten Sie die Datenbank »{$_GET['db']}« wirklich löschen?");
89
+      }
90
+      elseif ($sure === true)
91
+      {
92
+        delete_mysql_database($_GET['db']);
93
+        redirect('overview');
94
+      }
95
+      elseif ($sure === false)
96
+      {
97
+        redirect('overview');
98
+      }
99
+      break;
100
+    case 'delete_user':
101
+      if (! has_mysql_user($_GET['user']))
102
+        system_failure('Ungültiger Benutzer');
103
+      $sure = user_is_sure();
104
+      if ($sure === NULL)
105
+      {
106
+        are_you_sure("action=delete_user&user={$_GET['user']}", "Möchten Sie den Benutzer »{$_GET['user']}« wirklich löschen?");
107
+      }
108
+      elseif ($sure === true)
109
+      {
110
+        delete_mysql_account($_GET['user']);
111
+        redirect('overview');
112
+      }
113
+      elseif ($sure === false)
114
+      {
115
+        redirect('overview');
116
+      }
117
+      break;
118
+    case 'change_pw':
119
+      check_form_token('mysql_databases');
120
+      set_mysql_password($_POST['mysql_username'], $_POST['mysql_password']);
121
+      redirect('overview');
122
+      break;
123
+    default:
124
+      system_failure("Diese Funktion scheint noch nicht eingebaut zu sein!");
125
+  }
126
+}
127
+
128
+$dbs = get_mysql_databases($_SESSION['userinfo']['uid']);
129
+$users = get_mysql_accounts($_SESSION['userinfo']['uid']);
130
+
131
+if (isset($_POST['accesseditor']))
132
+{
133
+  check_form_token('mysql_databases');
134
+  
135
+  foreach ($dbs as $db)
136
+  {
137
+    $db = $db['name'];
138
+    foreach ($users as $user)
139
+    {
140
+      $user = $user['username'];
141
+      if (! isset($_POST['access'][$db]))
142
+        set_mysql_access($db, $user, false);
143
+      else
144
+        set_mysql_access($db, $user, in_array($user, $_POST['access'][$db]));
145
+    }
146
+  }
147
+  $mysql_access = NULL;
148
+}
149
+
150
+
151
+?>