AdminpasswordHandler.php:

- new file, used for "change password" for admins configs/menu.conf: - switch from password.php to edit.php?table=adminpassword password.php: - deleted, replaced by AdminpasswordHandler git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1491 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago · 00bc5c6553
parent ce233789b9
commit 00bc5c6553
3 changed files with 109 additions and 101 deletions
--- a/configs/menu.conf
+++ b/configs/menu.conf
@ -17,7 +17,7 @@ url_fetchmail_new_entry = fetchmail.php?new=1
 url_sendmail = sendmail.php
 url_broadcast_message = broadcast-message.php
 # password
-url_password = password.php
+url_password = edit.php?table=adminpassword
 # backup
 url_backup = backup.php
 # viewlog
--- a/model/AdminpasswordHandler.php
+++ b/model/AdminpasswordHandler.php
@ -0,0 +1,108 @@
+<?php
+# $Id$
+
+class AdminpasswordHandler extends PFAHandler {
+
+    protected $db_table = 'admin';
+    protected $id_field = 'username';
+
+    # do not skip empty password fields
+    protected $skip_empty_pass = false;
+
+    protected function no_domain_field() {
+        # PFAHandler die()s if domain field is not set. Disable this behaviour for AdminHandler.
+    }
+
+    protected function validate_new_id() {
+        # unused in AdminpasswordHandler, but must be defined
+    }
+
+    # init $this->struct, $this->db_table and $this->id_field
+    protected function initStruct() {
+        # TODO: shorter PALANG labels ;-)
+
+        $this->struct=array(
+            # field name                allow       display in...   type    $PALANG label                    $PALANG description                 default / options / ...
+            #                           editing?    form    list
+            'username'        => pacol( 0,          1,      1,      'text', 'pAdminEdit_admin_username'    , ''                                 ),
+            'oldpass'         => pacol( 1,          1,      0,      'pass', 'pPassword_password_current'   , 'pPassword_password_current_text', '', '', 
+                /*not_in_db*/ 1  ),
+            'password'        => pacol( 1,          1,      0,      'pass', 'pPassword_password'           , ''                                 ),
+            'password2'       => pacol( 1,          1,      0,      'pass', 'pPassword_password2'          , ''                                 , '', '',
+                /*not_in_db*/ 0,
+                /*dont_write_to_db*/ 1,
+                /*select*/ 'password as password2'
+            ),
+        );
+    }
+
+    public function init($id) {
+        # hardcode to logged in admin
+        if ($this->admin_username == '') die("No admin logged in");
+        $this->id = $this->admin_username;
+        $this->values['username'] = $this->id;
+        $this->struct['username']['default'] = $this->id;
+
+        # hardcode to edit mode
+        $this->new = 0;
+
+        return parent::init($this->id);
+    }
+
+    public function initMsg() {
+        $this->msg['error_already_exists'] = 'pAdminCreate_admin_username_text_error2'; # probably unused
+        $this->msg['error_does_not_exist'] = 'pAdminEdit_admin_result_error'; # probably unused
+
+        $this->msg['logname'] = 'edit_password';
+        $this->msg['store_error'] = 'pPassword_result_error';
+        $this->msg['successmessage'] = 'pPassword_result_success';
+    }
+
+    public function webformConfig() {
+        return array(
+            # $PALANG labels
+            'formtitle_create' => 'pPassword_welcome',
+            'formtitle_edit' => 'pPassword_welcome',
+            'create_button' => 'pPassword_button',
+
+            # various settings
+            'required_role' => 'admin',
+            'listview' => 'main.php',
+            'early_init' => 1,
+
+            'hardcoded_edit' => true,
+        );
+    }
+
+    /**
+     * check if old password is correct
+     */
+    protected function _field_oldpass($field, $val) {
+        if ( $this->login($this->id, $val) ) {
+            return true;
+        }
+
+        $this->errormsg[$field] = Lang::read('pPassword_password_current_text_error');
+        return false;
+    }
+
+    /**
+     * skip default validation (check if password is good enough) for old password
+     */
+    protected function _inp_pass($field, $val) {
+        if ($field == 'oldpass') return true;
+
+        return parent::_inp_pass($field, $val);
+    }
+
+    /**
+     * compare password / password2 field
+     * error message will be displayed at the password2 field
+     */
+    protected function _field_password2($field, $val) {
+        return $this->compare_password_fields('password', 'password2');
+    }
+
+}
+
+/* vim: set expandtab softtabstop=4 tabstop=4 shiftwidth=4: */
--- a/password.php
+++ b/password.php
@ -1,100 +0,0 @@
-<?php
-/** 
- * Postfix Admin 
- * 
- * LICENSE 
- * This source file is subject to the GPL license that is bundled with  
- * this package in the file LICENSE.TXT. 
- * 
- * Further details on the project are available at : 
- *     http://www.postfixadmin.com or http://postfixadmin.sf.net 
- * 
- * @version $Id$ 
- * @license GNU GPL v2 or later. 
- * 
- * File: password.php
- * Allows admins to change their own password.
- * Template File: password.tpl
- *
- * Template Variables:
- *
- * none
- *
- * Form POST \ GET Variables:
- *
- * fPassword_current
- * fPassword
- * fPassword2
- */
-
-require_once('common.php');
-
-authentication_require_role('admin');
-
-$SESSID_USERNAME = authentication_get_username();
-
-$smarty->assign ('SESSID_USERNAME', $SESSID_USERNAME);
-$smarty->assign ('smarty_template', 'password');
-
-$pPassword_password_current_text = "";
-$pPassword_password_text = "";
-
-if ($_SERVER['REQUEST_METHOD'] == "GET")
-{
-	$smarty->display ('index.tpl');
-}
-
-if ($_SERVER['REQUEST_METHOD'] == "POST")
-{
-    if (isset ($_POST['fPassword_current'])) $fPassword_current = escape_string ($_POST['fPassword_current']);
-    if (isset ($_POST['fPassword'])) $fPassword = escape_string ($_POST['fPassword']);
-    if (isset ($_POST['fPassword2'])) $fPassword2 = escape_string ($_POST['fPassword2']);
-
-    $username = $SESSID_USERNAME;
-
-    $result = db_query ("SELECT * FROM $table_admin WHERE username='$username'");
-    if ($result['rows'] == 1)
-    {
-        $row = db_array ($result['result']);
-        $checked_password = escape_string(pacrypt ($fPassword_current, $row['password']));
-
-        $result = db_query ("SELECT * FROM $table_admin WHERE username='$username' AND password='$checked_password'");
-        if ($result['rows'] != 1)
-        {
-            $error = 1;
-            $pPassword_password_current_text = $PALANG['pPassword_password_current_text_error'];
-        }
-    }
-    else
-    {
-        $error = 1;
-        $pPassword_email_text = $PALANG['pPassword_email_text_error'];
-    }
-
-    if (empty ($fPassword) or ($fPassword != $fPassword2))
-    {
-        $error = 1;
-        $pPassword_password_text = $PALANG['pPassword_password_text_error'];
-    }
-
-    if ($error != 1)
-    {
-        $password = escape_string(pacrypt ($fPassword));
-        $result = db_query ("UPDATE $table_admin SET password='$password',modified=NOW() WHERE username='$username'");
-        if ($result['rows'] == 1)
-        {
-            flash_info($PALANG['pPassword_result_success']);
-        }
-        else
-        {
-            flash_error($PALANG['pPassword_result_error']);
-        }
-    }
-
-	$smarty->assign ('pPassword_password_current_text', $pPassword_password_current_text);
-	$smarty->assign ('pPassword_password_text', $pPassword_password_text);
-	$smarty->display ('index.tpl');
-}
-
-/* vim: set expandtab softtabstop=4 tabstop=4 shiftwidth=4: */
-?>