paxton
/
mailcow
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Web] Fix some major errors in app passwds but disable app passwds due to a show stopper... todo: fix asap

master
andryyy 2019-12-02 20:29:01 +01:00
parent ced6867a4e
commit 851e9c8736
No known key found for this signature in database
GPG Key ID: 8EC34FF2794E25EF
4 changed files with 34 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
data/web/edit.php
View File

@ -1324,9 +1324,9 @@ if (isset($_SESSION['mailcow_cc_role'])) {
<form class="form-horizontal" data-id="editapp" role="form" method="post"> <form class="form-horizontal" data-id="editapp" role="form" method="post">
<input type="hidden" value="0" name="active"> <input type="hidden" value="0" name="active">
<div class="form-group"> <div class="form-group">
<label class="control-label col-sm-2" for="name">App</label> <label class="control-label col-sm-2" for="app_name">App</label>
<div class="col-sm-10"> <div class="col-sm-10">
<input type="text" class="form-control" name="name" id="name" value="<?=htmlspecialchars($result['name'], ENT_QUOTES, 'UTF-8');?>" required maxlength="255"> <input type="text" class="form-control" name="app_name" id="app_name" value="<?=htmlspecialchars($result['name'], ENT_QUOTES, 'UTF-8');?>" required maxlength="255">
</div> </div>
</div> </div>
<div class="form-group"> <div class="form-group">

60
data/web/inc/functions.app_passwd.inc.php
View File

@ -21,9 +21,9 @@ function app_passwd($_action, $_data = null) {
} }
switch ($_action) { switch ($_action) {
case 'add': case 'add':
$name = trim($_data['name']); $app_name = trim($_data['app_name']);
$password = $_data['password']; $password = $_data['app_passwd'];
$password2 = $_data['password2']; $password2 = $_data['app_passwd2'];
$active = intval($_data['active']); $active = intval($_data['active']);
$domain = mailbox('get', 'mailbox_details', $username)['domain']; $domain = mailbox('get', 'mailbox_details', $username)['domain'];
if (empty($domain)) { if (empty($domain)) {
@ -34,26 +34,24 @@ function app_passwd($_action, $_data = null) {
); );
return false; return false;
} }
if (!empty($password) && !empty($password2)) { if (!preg_match('/' . $GLOBALS['PASSWD_REGEP'] . '/', $password)) {
if (!preg_match('/' . $GLOBALS['PASSWD_REGEP'] . '/', $password)) { $_SESSION['return'][] = array(
$_SESSION['return'][] = array( 'type' => 'danger',
'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_data_log),
'log' => array(__FUNCTION__, $_action, $_data_log), 'msg' => 'password_complexity'
'msg' => 'password_complexity' );
); return false;
return false;
}
if ($password != $password2) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => 'password_mismatch'
);
return false;
}
$password_hashed = hash_password($password);
} }
if (empty($name)) { if ($password != $password2) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => 'password_mismatch'
);
return false;
}
$password_hashed = hash_password($password);
if (empty($app_name)) {
$_SESSION['return'][] = array( $_SESSION['return'][] = array(
'type' => 'danger', 'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log), 'log' => array(__FUNCTION__, $_action, $_data_log),
@ -63,12 +61,12 @@ function app_passwd($_action, $_data = null) {
} }
try { try {
$stmt = $pdo->prepare("INSERT INTO `app_passwd` (`name`, `mailbox`, `domain`, `password`, `active`) $stmt = $pdo->prepare("INSERT INTO `app_passwd` (`name`, `mailbox`, `domain`, `password`, `active`)
VALUES (:name, :mailbox, :domain, :password, :active)"); VALUES (:app_name, :mailbox, :domain, :password, :active)");
$stmt->execute(array( $stmt->execute(array(
':name' => $name, ':app_name' => $app_name,
':mailbox' => $mailbox, ':mailbox' => $username,
':domain' => $domain, ':domain' => $domain,
':password' => $password, ':password' => $password_hashed,
':active' => $active ':active' => $active
)); ));
} }
@ -91,7 +89,7 @@ function app_passwd($_action, $_data = null) {
foreach ($ids as $id) { foreach ($ids as $id) {
$is_now = app_passwd('details', $id); $is_now = app_passwd('details', $id);
if (!empty($is_now)) { if (!empty($is_now)) {
$name = (!empty($_data['name'])) ? $_data['name'] : $is_now['name']; $app_name = (!empty($_data['app_name'])) ? $_data['app_name'] : $is_now['name'];
$password = (!empty($_data['password'])) ? $_data['password'] : null; $password = (!empty($_data['password'])) ? $_data['password'] : null;
$password2 = (!empty($_data['password2'])) ? $_data['password2'] : null; $password2 = (!empty($_data['password2'])) ? $_data['password2'] : null;
$active = (isset($_data['active'])) ? intval($_data['active']) : $is_now['active_int']; $active = (isset($_data['active'])) ? intval($_data['active']) : $is_now['active_int'];
@ -100,11 +98,11 @@ function app_passwd($_action, $_data = null) {
$_SESSION['return'][] = array( $_SESSION['return'][] = array(
'type' => 'danger', 'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log), 'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => array('settings_map_invalid', $id) 'msg' => array('app_passwd_id_invalid', $id)
); );
continue; continue;
} }
$name = trim($name); $app_name = trim($app_name);
if (!empty($password) && !empty($password2)) { if (!empty($password) && !empty($password2)) {
if (!preg_match('/' . $GLOBALS['PASSWD_REGEP'] . '/', $password)) { if (!preg_match('/' . $GLOBALS['PASSWD_REGEP'] . '/', $password)) {
$_SESSION['return'][] = array( $_SESSION['return'][] = array(
@ -134,12 +132,12 @@ function app_passwd($_action, $_data = null) {
} }
try { try {
$stmt = $pdo->prepare("UPDATE `app_passwd` SET $stmt = $pdo->prepare("UPDATE `app_passwd` SET
`name` = :name, `name` = :app_name,
`mailbox` = :username, `mailbox` = :username,
`active` = :active `active` = :active
WHERE `id` = :id"); WHERE `id` = :id");
$stmt->execute(array( $stmt->execute(array(
':name' => $name, ':app_name' => $app_name,
':username' => $username, ':username' => $username,
':active' => $active, ':active' => $active,
':id' => $id ':id' => $id

4
data/web/modals/user.php
View File

@ -171,7 +171,7 @@ if (!isset($_SESSION['mailcow_cc_role'])) {
<h3 class="modal-title"><?=$lang['add']['app_password'];?></h3> <h3 class="modal-title"><?=$lang['add']['app_password'];?></h3>
</div> </div>
<div class="modal-body"> <div class="modal-body">
<form class="form-horizontal" data-cached-form="true" role="form" data-id="add_syncjob"> <form class="form-horizontal" data-cached-form="true" role="form" data-id="add_apppasswd">
<div class="form-group"> <div class="form-group">
<label class="control-label col-sm-2" for="app_name"><?=$lang['add']['app_name'];?></label> <label class="control-label col-sm-2" for="app_name"><?=$lang['add']['app_name'];?></label>
<div class="col-sm-10"> <div class="col-sm-10">
@ -200,7 +200,7 @@ if (!isset($_SESSION['mailcow_cc_role'])) {
</div> </div>
<div class="form-group"> <div class="form-group">
<div class="col-sm-offset-2 col-sm-10"> <div class="col-sm-offset-2 col-sm-10">
<button class="btn btn-default" data-action="add_item" data-id="add_syncjob" data-api-url='add/syncjob' data-api-attr='{}' href="#"><?=$lang['admin']['add'];?></button> <button class="btn btn-default" data-action="add_item" data-id="add_apppasswd" data-api-url='add/app-passwd' data-api-attr='{}' href="#"><?=$lang['admin']['add'];?></button>
</div> </div>
</div> </div>
</form> </form>

2
data/web/user.php
View File

@ -100,7 +100,7 @@ elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == '
<li role="presentation"><a href="#SpamAliases" aria-controls="SpamAliases" role="tab" data-toggle="tab"><?=$lang['user']['spam_aliases'];?></a></li> <li role="presentation"><a href="#SpamAliases" aria-controls="SpamAliases" role="tab" data-toggle="tab"><?=$lang['user']['spam_aliases'];?></a></li>
<li role="presentation"><a href="#Spamfilter" aria-controls="Spamfilter" role="tab" data-toggle="tab"><?=$lang['user']['spamfilter'];?></a></li> <li role="presentation"><a href="#Spamfilter" aria-controls="Spamfilter" role="tab" data-toggle="tab"><?=$lang['user']['spamfilter'];?></a></li>
<li role="presentation"><a href="#Syncjobs" aria-controls="Syncjobs" role="tab" data-toggle="tab"><?=$lang['user']['sync_jobs'];?></a></li> <li role="presentation"><a href="#Syncjobs" aria-controls="Syncjobs" role="tab" data-toggle="tab"><?=$lang['user']['sync_jobs'];?></a></li>
<li role="presentation"><a href="#AppPasswds" aria-controls="AppPasswds" role="tab" data-toggle="tab"><?=$lang['user']['app_passwds'];?></a></li> <!-- <li role="presentation"><a href="#AppPasswds" aria-controls="AppPasswds" role="tab" data-toggle="tab"><?=$lang['user']['app_passwds'];?></a></li> -->
</ul> </ul>
<hr> <hr>