banananetwork
/
postfixadmin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #60 from Vilican/master

Browse Source 
Security fixes
pull/79/head
David Goodwin 8 years ago committed by GitHub
parent db06ac919c 3c95ec4a09
commit 8bb6000072
4 changed files with 18 additions and 7 deletions
Show Stats Download Patch File Download Diff File

9
login.php
Unescape Escape View File

@ -23,10 +23,10 @@
* *
* fUsername * fUsername
* fPassword * fPassword
* token
* lang * lang
*/ */
define('POSTFIXADMIN_LOGOUT', 1);
require_once('common.php'); require_once('common.php');
if($CONF['configured'] !== true) { if($CONF['configured'] !== true) {
@ -38,6 +38,9 @@ check_db_version(); # check if the database layout is up to date (and error out
if ($_SERVER['REQUEST_METHOD'] == "POST") if ($_SERVER['REQUEST_METHOD'] == "POST")
{ {
if (safepost('token') != $_SESSION['PFA_token']) die('Invalid token!');
$lang = safepost('lang'); $lang = safepost('lang');
$fUsername = trim(safepost('fUsername')); $fUsername = trim(safepost('fUsername'));
$fPassword = safepost('fPassword'); $fPassword = safepost('fPassword');
@ -49,7 +52,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
$h = new AdminHandler; $h = new AdminHandler;
if ( $h->login($fUsername, $fPassword) ) { if ( $h->login($fUsername, $fPassword) ) {
session_regenerate_id(); session_regenerate_id(true);
$_SESSION['sessid'] = array(); $_SESSION['sessid'] = array();
$_SESSION['sessid']['roles'] = array(); $_SESSION['sessid']['roles'] = array();
$_SESSION['sessid']['roles'][] = 'admin'; $_SESSION['sessid']['roles'][] = 'admin';
@ -82,6 +85,8 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
} }
} }
$_SESSION['PFA_token'] = md5(uniqid(rand(), true));
$smarty->assign ('language_selector', language_selector(), false); $smarty->assign ('language_selector', language_selector(), false);
$smarty->assign ('smarty_template', 'login'); $smarty->assign ('smarty_template', 'login');
$smarty->assign ('logintype', 'admin'); $smarty->assign ('logintype', 'admin');

6
templates/footer.tpl
Unescape Escape View File

@ -1,8 +1,8 @@
<!-- {$smarty.template} --> <!-- {$smarty.template} -->
<div id="footer"> <div id="footer">
<a target="_blank" href="http://postfixadmin.sf.net/">Postfix Admin {$version}</a> <a target="_blank" rel="noopener" href="http://postfixadmin.sf.net/">Postfix Admin {$version}</a>
<span id="update-check">&nbsp;&nbsp;&nbsp;|&nbsp;&nbsp;&nbsp; <span id="update-check">&nbsp;&nbsp;&nbsp;|&nbsp;&nbsp;&nbsp;
<a target="_blank" href="http://postfixadmin.sf.net/update-check.php?version={$version|escape:"url"}">{$PALANG.check_update}</a></span> <a target="_blank" rel="noopener" href="http://postfixadmin.sf.net/update-check.php?version={$version|escape:"url"}">{$PALANG.check_update}</a></span>
{if isset($smarty.session.sessid)} {if isset($smarty.session.sessid)}
{if $smarty.session.sessid.username} {if $smarty.session.sessid.username}
&nbsp;&nbsp;&nbsp;|&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;|&nbsp;&nbsp;&nbsp;
@ -11,7 +11,7 @@
{/if} {/if}
{if $CONF.show_footer_text == 'YES' && $CONF.footer_link} {if $CONF.show_footer_text == 'YES' && $CONF.footer_link}
&nbsp;&nbsp;&nbsp;|&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;|&nbsp;&nbsp;&nbsp;
<a href="{$CONF.footer_link}">{$CONF.footer_text}</a> <a href="{$CONF.footer_link}" rel="noopener">{$CONF.footer_text}</a>
{/if} {/if}
</div> </div>
</div> </div>

1
templates/login.tpl
Unescape Escape View File

@ -1,5 +1,6 @@
<div id="login"> <div id="login">
<form name="frmLogin" method="post" action=""> <form name="frmLogin" method="post" action="">
<input class="flat" type="hidden" name="token" value="{$smarty.session.PFA_token|escape:"url"}" />
<table id="login_table" cellspacing="10"> <table id="login_table" cellspacing="10">
<tr> <tr>
<th colspan="2"> <th colspan="2">

9
users/login.php
Unescape Escape View File

@ -23,17 +23,20 @@
* *
* fUsername * fUsername
* fPassword * fPassword
* token
* lang * lang
*/ */
$rel_path = '../'; $rel_path = '../';
define('POSTFIXADMIN_LOGOUT', 1);
require_once("../common.php"); require_once("../common.php");
check_db_version(); # check if the database layout is up to date (and error out if not) check_db_version(); # check if the database layout is up to date (and error out if not)
if ($_SERVER['REQUEST_METHOD'] == "POST") if ($_SERVER['REQUEST_METHOD'] == "POST")
{ {
if (safepost('token') != $_SESSION['PFA_token']) die('Invalid token!');
$lang = safepost('lang'); $lang = safepost('lang');
$fUsername = trim(safepost('fUsername')); $fUsername = trim(safepost('fUsername'));
$fPassword = safepost('fPassword'); $fPassword = safepost('fPassword');
@ -45,7 +48,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
$h = new MailboxHandler(); $h = new MailboxHandler();
if($h->login($fUsername, $fPassword)) { if($h->login($fUsername, $fPassword)) {
session_regenerate_id(); session_regenerate_id(true);
$_SESSION['sessid'] = array(); $_SESSION['sessid'] = array();
$_SESSION['sessid']['roles'] = array(); $_SESSION['sessid']['roles'] = array();
$_SESSION['sessid']['roles'][] = 'user'; $_SESSION['sessid']['roles'][] = 'user';
@ -59,6 +62,8 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
} }
} }
$_SESSION['PFA_token'] = md5(uniqid(rand(), true));
$smarty->assign ('language_selector', language_selector(), false); $smarty->assign ('language_selector', language_selector(), false);
$smarty->assign ('smarty_template', 'login'); $smarty->assign ('smarty_template', 'login');
$smarty->assign ('logintype', 'user'); $smarty->assign ('logintype', 'user');

Write Preview
Loading…
Cancel
Save