banananetwork
/
postfixadmin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

setup.php

Browse Source 
- add rewritten function create_admin() (now using AdminHandler, 
  which means 25 instead of 80 lines)
- various follow-up changes to match the rewritten function create_admin()

functions.inc.php:
- delete function create_admin() - setup.php was the last file calling it
- honor POSTFIXADMIN_SETUP in authentification_get_username() to avoid
  a redirect to login.php after creating an admin with setup.php and to
  get "SETUP.PHP" for db_log()

model/AdminHandler.php:
- add TODO: implement generate_password


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1301 a1433add-5e2c-0410-b055-b7f2511e0802
pull/2/head
Christian Boltz 13 years ago
parent f6425e025b
commit ee33647232
3 changed files with 53 additions and 90 deletions
Show Stats Download Patch File Download Diff File

82
functions.inc.php
Unescape Escape View File

@ -31,6 +31,10 @@ function authentication_get_username() {
return 'CLI';
}
if (defined('POSTFIXADMIN_SETUP')) {
return 'SETUP.PHP';
}
if (!isset($_SESSION['sessid'])) {
header ("Location: login.php");
exit(0);
@ -2226,84 +2230,6 @@ function gen_show_status ($show_alias) {
)
*/
function create_admin($fUsername, $fPassword, $fPassword2, $fDomains, $no_generate_password=0) {
global $PALANG;
global $CONF;
$error = 0;
$pAdminCreate_admin_message = '';
$pAdminCreate_admin_username_text_error = '';
$pAdminCreate_admin_password_text_error = '';
if (!check_email ($fUsername)) {
$error = 1;
$pAdminCreate_admin_username_text_error = $PALANG['pAdminCreate_admin_username_text_error1'];
}
if (empty ($fUsername) or admin_exist ($fUsername)) {
$error = 1;
$pAdminCreate_admin_username_text_error = $PALANG['pAdminCreate_admin_username_text_error2'];
}
$generated_password = 0;
if (empty ($fPassword) or empty ($fPassword2) or ($fPassword != $fPassword2)) {
if (empty ($fPassword) and empty ($fPassword2) and $CONF['generate_password'] == "YES" && $no_generate_password == 0) {
$fPassword = generate_password ();
$generated_password = 1;
} else {
$error = 1;
$pAdminCreate_admin_password_text_error = $PALANG['pAdminCreate_admin_password_text_error'];
}
}
$validpass = validate_password($fPassword);
if(count($validpass) > 0 && $generated_password == 0) { # skip this check for generated passwords
$pAdminCreate_admin_password_text_error = $validpass[0]; # TODO: honor all error messages, not only the first one
$error = 1;
}
if ($error != 1) {
$password = pacrypt($fPassword);
// $pAdminCreate_admin_username_text = $PALANG['pAdminCreate_admin_username_text'];
$db_values = array(
'username' => $fUsername,
'password' => $password,
);
$result = db_insert('admin', $db_values);
if ($result != 1) {
$pAdminCreate_admin_message = $PALANG['pAdminCreate_admin_result_error'] . "<br />($fUsername)<br />";
} else {
if (!empty ($fDomains[0])) {
for ($i = 0; $i < sizeof ($fDomains); $i++) {
$domain = $fDomains[$i];
$db_values = array(
'username' => $fUsername,
'domain' => $domain,
);
$result = db_insert('domain_admins', $db_values, array('created'));
}
}
$pAdminCreate_admin_message = $PALANG['pAdminCreate_admin_result_success'] . "<br />($fUsername";
if ($CONF['show_password'] == "YES" || $generated_password == 1) {
$pAdminCreate_admin_message .= " / $fPassword";
}
$pAdminCreate_admin_message .= ")</br />";
}
}
# TODO: should we log creation, editing and deletion of admins?
# Note: needs special handling in viewlog, because domain is empty
# db_log ('', 'create_admin', "$fUsername");
return array(
$error,
$pAdminCreate_admin_message,
$pAdminCreate_admin_username_text_error,
$pAdminCreate_admin_password_text_error
);
}
function getRemoteAddr() {
$REMOTE_ADDR = 'localhost';
if (isset($_SERVER['REMOTE_ADDR']))

4
model/AdminHandler.php
Unescape Escape View File

@ -206,6 +206,10 @@ class AdminHandler extends PFAHandler {
}
}
# TODO: generate password if $new, no password specified and $CONF['generate_password'] is set
# TODO: except if $this->admin_username == setup.php
/**
* compare password / password2 field
* error message will be displayed at the password2 field

57
setup.php
Unescape Escape View File

@ -340,10 +340,6 @@ else
}
if($error == 0 && $pw_check_result == 'pass_OK') {
$fUsername = safepost('fUsername');
$fPassword = safepost('fPassword');
$fPassword2 = safepost('fPassword2');
// XXX need to ensure domains table includes an 'ALL' entry.
$table_domain = table_by_key('domain');
$r = db_query("SELECT * FROM $table_domain WHERE domain = 'ALL'");
@ -351,9 +347,19 @@ else
db_insert('domain', array('domain' => 'ALL')); // all other fields should default through the schema.
}
list ($error, $setupMessage, $pAdminCreate_admin_username_text, $pAdminCreate_admin_password_text) = create_admin($fUsername, $fPassword, $fPassword2, array('ALL'), TRUE);
$values = array(
'username' => safepost('username'),
'password' => safepost('password'),
'password2' => safepost('password2'),
'superadmin' => 1,
'domains' => array(),
'active' => 1,
);
list ($error, $setupMessage, $errormsg) = create_admin($values);
if ($error != 0) {
$tUsername = htmlentities($fUsername);
$tUsername = htmlentities($values['username']);
}
}
}
@ -405,18 +411,18 @@ else
</tr>
<tr>
<td><?php print $PALANG['pAdminCreate_admin_username'] . ":"; ?></td>
<td><input class="flat" type="text" name="fUsername" value="<?php print $tUsername; ?>" /></td>
<td><?php print $pAdminCreate_admin_username_text; ?></td>
<td><input class="flat" type="text" name="username" value="<?php print $tUsername; ?>" /></td>
<td><?php if (isset($errormsg['username'])) print $errormsg['username']; ?></td>
</tr>
<tr>
<td><?php print $PALANG['pAdminCreate_admin_password'] . ":"; ?></td>
<td><input class="flat" type="password" name="fPassword" /></td>
<td><?php print $pAdminCreate_admin_password_text; ?></td>
<td><input class="flat" type="password" name="password" /></td>
<td><?php if (isset($errormsg['password'])) print $errormsg['password']; ?></td>
</tr>
<tr>
<td><?php print $PALANG['pAdminCreate_admin_password2'] . ":"; ?></td>
<td><input class="flat" type="password" name="fPassword2" /></td>
<td>&nbsp;</td>
<td><input class="flat" type="password" name="password2" /></td>
<td><?php if (isset($errormsg['password2'])) print $errormsg['password2']; ?></td>
</tr>
<tr>
<td colspan="3" class="hlp_center"><input class="button" type="submit" name="submit" value="<?php print $PALANG['pAdminCreate_admin_button']; ?>" /></td>
@ -487,5 +493,32 @@ function check_setup_password($password, $lostpw_mode = 0) {
return array ($error, $result);
}
function create_admin($values) {
DEFINE('POSTFIXADMIN_SETUP', 1); # avoids instant redirect to login.php after creating the admin
$handler = new AdminHandler(1, 'setup.php');
$formconf = $handler->webformConfig();
if (!$handler->init($values['username'])) {
return array(1, "", $handler->errormsg);
}
if (!$handler->set($values)) {
return array(1, "", $handler->errormsg);
}
if (!$handler->store()) {
return array(1, "", $handler->errormsg);
}
return array(
0,
Lang::read($formconf['successmessage']),
array(),
);
}
/* vim: set expandtab softtabstop=4 tabstop=4 shiftwidth=4: */
?>

Write Preview
Loading…
Cancel
Save