From 851e9c8736fff337d62eb7655ee1cf6464ca4587 Mon Sep 17 00:00:00 2001 From: andryyy Date: Mon, 2 Dec 2019 20:29:01 +0100 Subject: [PATCH] [Web] Fix some major errors in app passwds but disable app passwds due to a show stopper... todo: fix asap --- data/web/edit.php | 4 +- data/web/inc/functions.app_passwd.inc.php | 60 +++++++++++------------ data/web/modals/user.php | 4 +- data/web/user.php | 2 +- 4 files changed, 34 insertions(+), 36 deletions(-) diff --git a/data/web/edit.php b/data/web/edit.php index 4556917d..71cf24aa 100644 --- a/data/web/edit.php +++ b/data/web/edit.php @@ -1324,9 +1324,9 @@ if (isset($_SESSION['mailcow_cc_role'])) {
- +
- +
diff --git a/data/web/inc/functions.app_passwd.inc.php b/data/web/inc/functions.app_passwd.inc.php index 00fc78c1..5274dacd 100644 --- a/data/web/inc/functions.app_passwd.inc.php +++ b/data/web/inc/functions.app_passwd.inc.php @@ -21,9 +21,9 @@ function app_passwd($_action, $_data = null) { } switch ($_action) { case 'add': - $name = trim($_data['name']); - $password = $_data['password']; - $password2 = $_data['password2']; + $app_name = trim($_data['app_name']); + $password = $_data['app_passwd']; + $password2 = $_data['app_passwd2']; $active = intval($_data['active']); $domain = mailbox('get', 'mailbox_details', $username)['domain']; if (empty($domain)) { @@ -34,26 +34,24 @@ function app_passwd($_action, $_data = null) { ); return false; } - if (!empty($password) && !empty($password2)) { - if (!preg_match('/' . $GLOBALS['PASSWD_REGEP'] . '/', $password)) { - $_SESSION['return'][] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_data_log), - 'msg' => 'password_complexity' - ); - return false; - } - if ($password != $password2) { - $_SESSION['return'][] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_data_log), - 'msg' => 'password_mismatch' - ); - return false; - } - $password_hashed = hash_password($password); + if (!preg_match('/' . $GLOBALS['PASSWD_REGEP'] . '/', $password)) { + $_SESSION['return'][] = array( + 'type' => 'danger', + 'log' => array(__FUNCTION__, $_action, $_data_log), + 'msg' => 'password_complexity' + ); + return false; } - if (empty($name)) { + if ($password != $password2) { + $_SESSION['return'][] = array( + 'type' => 'danger', + 'log' => array(__FUNCTION__, $_action, $_data_log), + 'msg' => 'password_mismatch' + ); + return false; + } + $password_hashed = hash_password($password); + if (empty($app_name)) { $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), @@ -63,12 +61,12 @@ function app_passwd($_action, $_data = null) { } try { $stmt = $pdo->prepare("INSERT INTO `app_passwd` (`name`, `mailbox`, `domain`, `password`, `active`) - VALUES (:name, :mailbox, :domain, :password, :active)"); + VALUES (:app_name, :mailbox, :domain, :password, :active)"); $stmt->execute(array( - ':name' => $name, - ':mailbox' => $mailbox, + ':app_name' => $app_name, + ':mailbox' => $username, ':domain' => $domain, - ':password' => $password, + ':password' => $password_hashed, ':active' => $active )); } @@ -91,7 +89,7 @@ function app_passwd($_action, $_data = null) { foreach ($ids as $id) { $is_now = app_passwd('details', $id); if (!empty($is_now)) { - $name = (!empty($_data['name'])) ? $_data['name'] : $is_now['name']; + $app_name = (!empty($_data['app_name'])) ? $_data['app_name'] : $is_now['name']; $password = (!empty($_data['password'])) ? $_data['password'] : null; $password2 = (!empty($_data['password2'])) ? $_data['password2'] : null; $active = (isset($_data['active'])) ? intval($_data['active']) : $is_now['active_int']; @@ -100,11 +98,11 @@ function app_passwd($_action, $_data = null) { $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log), - 'msg' => array('settings_map_invalid', $id) + 'msg' => array('app_passwd_id_invalid', $id) ); continue; } - $name = trim($name); + $app_name = trim($app_name); if (!empty($password) && !empty($password2)) { if (!preg_match('/' . $GLOBALS['PASSWD_REGEP'] . '/', $password)) { $_SESSION['return'][] = array( @@ -134,12 +132,12 @@ function app_passwd($_action, $_data = null) { } try { $stmt = $pdo->prepare("UPDATE `app_passwd` SET - `name` = :name, + `name` = :app_name, `mailbox` = :username, `active` = :active WHERE `id` = :id"); $stmt->execute(array( - ':name' => $name, + ':app_name' => $app_name, ':username' => $username, ':active' => $active, ':id' => $id diff --git a/data/web/modals/user.php b/data/web/modals/user.php index 5dec66e5..12574864 100644 --- a/data/web/modals/user.php +++ b/data/web/modals/user.php @@ -171,7 +171,7 @@ if (!isset($_SESSION['mailcow_cc_role'])) {

- +
@@ -200,7 +200,7 @@ if (!isset($_SESSION['mailcow_cc_role'])) {
- +
diff --git a/data/web/user.php b/data/web/user.php index 991b75df..59d63fbb 100644 --- a/data/web/user.php +++ b/data/web/user.php @@ -100,7 +100,7 @@ elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == '
    • -
    • +