From 83ec3e0cab67d89d8fb02af06913e5aa0249fd75 Mon Sep 17 00:00:00 2001 From: Christian Boltz Date: Sun, 25 Sep 2011 19:13:39 +0000 Subject: [PATCH] create-mailbox.php: - check password with validate_password - cleanup password validation - cleanup/merge duplicate assignment of $t* variables This fixes the remaining 50% of https://sourceforge.net/tracker/?func=detail&aid=1951979&group_id=191583&atid=937964 git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1194 a1433add-5e2c-0410-b055-b7f2511e0802 --- create-mailbox.php | 48 ++++++++++++++-------------------------------- 1 file changed, 14 insertions(+), 34 deletions(-) diff --git a/create-mailbox.php b/create-mailbox.php index 7ce7a874..3110af4d 100644 --- a/create-mailbox.php +++ b/create-mailbox.php @@ -87,49 +87,33 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") if ( (!check_owner ($SESSID_USERNAME, $fDomain)) && (!authentication_has_role('global-admin')) ) { $error = 1; - $tUsername = escape_string ($_POST['fUsername']); - $tName = $fName; - $tQuota = $fQuota; - $tDomain = $fDomain; $pCreate_mailbox_username_text_error = $PALANG['pCreate_mailbox_username_text_error1']; } if (!check_mailbox ($fDomain)) { $error = 1; - $tUsername = escape_string ($_POST['fUsername']); - $tName = $fName; - $tQuota = $fQuota; - $tDomain = $fDomain; $pCreate_mailbox_username_text_error = $PALANG['pCreate_mailbox_username_text_error3']; } if (empty ($fUsername) or !check_email ($fUsername)) { $error = 1; - $tUsername = escape_string ($_POST['fUsername']); - $tName = $fName; - $tQuota = $fQuota; - $tDomain = $fDomain; $pCreate_mailbox_username_text_error = $PALANG['pCreate_mailbox_username_text_error1']; } $tPassGenerated = 0; - if (empty ($fPassword) or empty ($fPassword2) or ($fPassword != $fPassword2)) - { - if (empty ($fPassword) and empty ($fPassword2) and $CONF['generate_password'] == "YES") - { - $fPassword = generate_password (); - $tPassGenerated = 1; - } - else - { + if (empty ($fPassword) && empty ($fPassword2) && $CONF['generate_password'] == "YES") { + $fPassword = generate_password (); + $tPassGenerated = 1; + } elseif (empty ($fPassword) || empty ($fPassword2) || ($fPassword != $fPassword2)) { $error = 1; - $tUsername = escape_string ($_POST['fUsername']); - $tName = $fName; - $tQuota = $fQuota; - $tDomain = $fDomain; $pCreate_mailbox_password_text_error = $PALANG['pCreate_mailbox_password_text_error']; + } else { + $validpass = validate_password($fPassword); + if(count($validpass) > 0) { + $pCreate_mailbox_password_text_error = $validpass[0]; # TODO: honor all error messages, not only the first one + $error = 1; } } @@ -138,10 +122,6 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") if (!check_quota ($fQuota, $fDomain)) { $error = 1; - $tUsername = escape_string ($_POST['fUsername']); - $tName = $fName; - $tQuota = $fQuota; - $tDomain = $fDomain; $pCreate_mailbox_quota_text_error = $PALANG['pCreate_mailbox_quota_text_error']; } } @@ -150,15 +130,15 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") if ($result['rows'] == 1) { $error = 1; + $pCreate_mailbox_username_text_error = $PALANG['pCreate_mailbox_username_text_error2']; + } + + if ($error != 0) { $tUsername = escape_string ($_POST['fUsername']); $tName = $fName; $tQuota = $fQuota; $tDomain = $fDomain; - $pCreate_mailbox_username_text_error = $PALANG['pCreate_mailbox_username_text_error2']; - } - - if ($error != 1) - { + } else { $password = pacrypt ($fPassword); if($CONF['maildir_name_hook'] != 'NO' && function_exists($CONF['maildir_name_hook'])) {