summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAleksander Machniak <alec@alec.pl>2014-06-10 15:22:38 +0200
committerAleksander Machniak <alec@alec.pl>2014-06-10 15:22:38 +0200
commit4520fa0f38e9744fa1541c2365000710f7763242 (patch)
tree6299a559285f85680a1ce231838cdf1b23a2fde0
parent1b988f9574c47fe110cc91364a58677f794b5b83 (diff)
Code cleanup and small fixes (after pull request merge)
-rw-r--r--plugins/password/package.xml271
-rw-r--r--plugins/password/password.php61
2 files changed, 32 insertions, 300 deletions
diff --git a/plugins/password/package.xml b/plugins/password/package.xml
index 16eda1ad0..4fa023c77 100644
--- a/plugins/password/package.xml
+++ b/plugins/password/package.xml
@@ -15,9 +15,9 @@
<email>alec@alec.pl</email>
<active>yes</active>
</lead>
- <date>2013-04-28</date>
+ <date>2014-06-10</date>
<version>
- <release>3.4</release>
+ <release>3.5</release>
<api>2.0</api>
</version>
<stability>
@@ -25,9 +25,6 @@
<api>stable</api>
</stability>
<license uri="http://www.gnu.org/licenses/gpl.html">GNU GPLv3+</license>
- <notes>
-Added password_force_save option
- </notes>
<contents>
<dir baseinstalldir="/" name="/">
<file name="password.php" role="php">
@@ -114,268 +111,4 @@ Added password_force_save option
</required>
</dependencies>
<phprelease/>
- <changelog>
- <release>
- <date>2010-04-29</date>
- <time>12:00:00</time>
- <version>
- <release>1.4</release>
- <api>1.4</api>
- </version>
- <stability>
- <release>stable</release>
- <api>stable</api>
- </stability>
- <license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license>
- <notes>
-- Use mail_domain value for domain variables when there is no domain in username:
- sql and ldap drivers (#1486694)
-- Created package.xml
- </notes>
- </release>
- <release>
- <date>2010-06-20</date>
- <time>12:00:00</time>
- <version>
- <release>1.5</release>
- <api>1.5</api>
- </version>
- <stability>
- <release>stable</release>
- <api>stable</api>
- </stability>
- <license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license>
- <notes>
-- Removed user_login/username_local/username_domain methods,
- use rcube_user::get_username instead (#1486707)
- </notes>
- </release>
- <release>
- <date>2010-08-01</date>
- <time>09:00:00</time>
- <version>
- <release>1.6</release>
- <api>1.5</api>
- </version>
- <stability>
- <release>stable</release>
- <api>stable</api>
- </stability>
- <license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license>
- <notes>
-- Added ldap_simple driver
- </notes>
- </release>
- <release>
- <date>2010-09-10</date>
- <time>09:00:00</time>
- <version>
- <release>1.7</release>
- <api>1.5</api>
- </version>
- <stability>
- <release>stable</release>
- <api>stable</api>
- </stability>
- <license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license>
- <notes>
-- Added XMail driver
-- Improve security of chpasswd driver using popen instead of exec+echo (#1486987)
-- Added chpass-wrapper.py script to improve security (#1486987)
- </notes>
- </release>
- <release>
- <date>2010-09-29</date>
- <time>19:00:00</time>
- <version>
- <release>1.8</release>
- <api>1.6</api>
- </version>
- <stability>
- <release>stable</release>
- <api>stable</api>
- </stability>
- <license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license>
- <notes>
-- Added possibility to display extended error messages (#1486704)
-- Added extended error messages in Poppassd driver (#1486704)
- </notes>
- </release>
- <release>
- <version>
- <release>1.9</release>
- <api>1.6</api>
- </version>
- <stability>
- <release>stable</release>
- <api>stable</api>
- </stability>
- <license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license>
- <notes>
-- Added password_ldap_lchattr option (#1486927)
- </notes>
- </release>
- <release>
- <date>2010-10-07</date>
- <time>09:00:00</time>
- <version>
- <release>2.0</release>
- <api>1.6</api>
- </version>
- <stability>
- <release>stable</release>
- <api>stable</api>
- </stability>
- <license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license>
- <notes>
-- Fixed SQL Injection in SQL driver when using %p or %o variables in query (#1487034)
- </notes>
- </release>
- <release>
- <date>2010-11-02</date>
- <time>09:00:00</time>
- <version>
- <release>2.1</release>
- <api>1.6</api>
- </version>
- <stability>
- <release>stable</release>
- <api>stable</api>
- </stability>
- <license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license>
- <notes>
-- hMail driver: Add possibility to connect to remote host
- </notes>
- </release>
- <release>
- <date>2011-02-15</date>
- <time>12:00</time>
- <version>
- <release>2.2</release>
- <api>1.6</api>
- </version>
- <stability>
- <release>stable</release>
- <api>stable</api>
- </stability>
- <license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license>
- <notes>
-- hMail driver: add username_domain detection (#1487100)
-- hMail driver: HTML tags in logged messages should be stripped off (#1487099)
-- Chpasswd driver: add newline at end of input to chpasswd binary (#1487141)
-- Fix usage of configured temp_dir instead of /tmp (#1487447)
-- ldap_simple driver: fix parse error
-- ldap/ldap_simple drivers: support %dc variable in config
-- ldap/ldap_simple drivers: support Samba password change
-- Fix extended error messages handling (#1487676)
-- Fix double request when clicking on Password tab in Firefox
-- Fix deprecated split() usage in xmail and directadmin drivers (#1487769)
-- Added option (password_log) for logging password changes
-- Virtualmin driver: Add option for setting username format (#1487781)
- </notes>
- </release>
- <release>
- <date>2011-10-26</date>
- <time>12:00</time>
- <version>
- <release>2.3</release>
- <api>1.6</api>
- </version>
- <stability>
- <release>stable</release>
- <api>stable</api>
- </stability>
- <license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license>
- <notes>
-- When old and new passwords are the same, do nothing, return success (#1487823)
-- Fixed Samba password hashing in 'ldap' driver
-- Added 'password_change' hook for plugin actions after successful password change
-- Fixed bug where 'doveadm pw' command was used as dovecotpw utility
-- Improve generated crypt() passwords (#1488136)
- </notes>
- </release>
- <release>
- <date>2011-11-23</date>
- <version>
- <release>2.4</release>
- <api>1.6</api>
- </version>
- <stability>
- <release>stable</release>
- <api>stable</api>
- </stability>
- <license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license>
- <notes>
-- Added option to use punycode or unicode for domain names (#1488103)
-- Save Samba password hashes in capital letters (#1488197)
- </notes>
- </release>
- <release>
- <date>2011-11-23</date>
- <version>
- <release>3.0</release>
- <api>2.0</api>
- </version>
- <stability>
- <release>stable</release>
- <api>stable</api>
- </stability>
- <license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license>
- <notes>
-- Fixed drivers namespace issues
- </notes>
- </release>
- <release>
- <date>2012-03-07</date>
- <version>
- <release>3.1</release>
- <api>2.0</api>
- </version>
- <stability>
- <release>stable</release>
- <api>stable</api>
- </stability>
- <license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license>
- <notes>
-- Added pw_usermod driver (#1487826)
-- Added option password_login_exceptions (#1487826)
-- Added domainfactory driver (#1487882)
-- Added DBMail driver (#1488281)
-- Helper files moved to helpers/ directory from drivers/
-- Added Expect driver (#1488363)
-- Added Samba password (#1488364)
- </notes>
- </release>
- <release>
- <date>2012-11-15</date>
- <version>
- <release>3.2</release>
- <api>2.0</api>
- </version>
- <stability>
- <release>stable</release>
- <api>stable</api>
- </stability>
- <license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license>
- <notes>
-- Fix wrong (non-specific) error message on crypt or connection error (#1488808)
-- Added option to define IMAP hosts that support password changes - password_hosts
- </notes>
- </release>
- <release>
- <date>2013-03-30</date>
- <version>
- <release>3.3</release>
- <api>2.0</api>
- </version>
- <stability>
- <release>stable</release>
- <api>stable</api>
- </stability>
- <license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license>
- <notes>
-Added new cPanel driver - fixes localization related issues (#1487015)
- </notes>
- </release>
- </changelog>
</package>
diff --git a/plugins/password/password.php b/plugins/password/password.php
index 7b6b80dc7..9bf020176 100644
--- a/plugins/password/password.php
+++ b/plugins/password/password.php
@@ -43,6 +43,7 @@ class password extends rcube_plugin
public $task = 'settings|login';
public $noframe = true;
public $noajax = true;
+
private $newuser = false;
function init()
@@ -51,22 +52,23 @@ class password extends rcube_plugin
$this->load_config();
- if($rcmail->task == 'settings' && !$this->check_host_login_exceptions()) {
- return;
- }
-
- $this->add_hook('settings_actions', array($this, 'settings_actions'));
- if($rcmail->config->get('password_force_new_user')) {
- $this->add_hook('user_create', array($this, 'user_create'));
- $this->add_hook('login_after', array($this, 'login_after'));
- }
+ if ($rcmail->task == 'settings') {
+ if (!$this->check_host_login_exceptions()) {
+ return;
+ }
- $this->register_action('plugin.password', array($this, 'password_init'));
- $this->register_action('plugin.password-save', array($this, 'password_save'));
+ $this->add_hook('settings_actions', array($this, 'settings_actions'));
+ $this->register_action('plugin.password', array($this, 'password_init'));
+ $this->register_action('plugin.password-save', array($this, 'password_save'));
- if (strpos($rcmail->action, 'plugin.password') === 0) {
- $this->include_script('password.js');
+ if (strpos($rcmail->action, 'plugin.password') === 0) {
+ $this->include_script('password.js');
+ }
+ }
+ else if ($rcmail->config->get('password_force_new_user')) {
+ $this->add_hook('user_create', array($this, 'user_create'));
+ $this->add_hook('login_after', array($this, 'login_after'));
}
}
@@ -84,24 +86,25 @@ class password extends rcube_plugin
$rcmail = rcmail::get_instance();
$rcmail->output->set_pagetitle($this->gettext('changepasswd'));
- $first = rcube_utils::get_input_value('_first', rcube_utils::INPUT_GET);
- if(isset($first) && $first == 'true') {
+
+ if (rcube_utils::get_input_value('_first', rcube_utils::INPUT_GET)) {
$rcmail->output->command('display_message', $this->gettext('firstloginchange'), 'notice');
}
+
$rcmail->output->send('plugin');
}
function password_save()
{
- $rcmail = rcmail::get_instance();
-
$this->add_texts('localization/');
$this->register_handler('plugin.body', array($this, 'password_form'));
+
+ $rcmail = rcmail::get_instance();
$rcmail->output->set_pagetitle($this->gettext('changepasswd'));
$confirm = $rcmail->config->get('password_confirm_current');
$required_length = intval($rcmail->config->get('password_minimum_length'));
- $check_strength = $rcmail->config->get('password_require_nonalpha');
+ $check_strength = $rcmail->config->get('password_require_nonalpha');
if (($confirm && !isset($_POST['_curpasswd'])) || !isset($_POST['_newpasswd'])) {
$rcmail->output->command('display_message', $this->gettext('nopassword'), 'error');
@@ -294,44 +297,39 @@ class password extends rcube_plugin
return $reason;
}
-
+
function user_create($args)
{
$this->newuser = true;
return $args;
}
-
+
function login_after($args)
{
- if(!$this->check_host_login_exceptions()) {
- return $args;
- }
- if($this->newuser)
- {
- $args['_task'] = 'settings';
+ if ($this->newuser && $this->check_host_login_exceptions()) {
+ $args['_task'] = 'settings';
$args['_action'] = 'plugin.password';
- $args['_first'] = 'true';
+ $args['_first'] = 'true';
}
+
return $args;
}
-
+
// Check if host and login is allowed to change the password, false = not allowed, true = not allowed
private function check_host_login_exceptions()
{
$rcmail = rcmail::get_instance();
+
// Host exceptions
$hosts = $rcmail->config->get('password_hosts');
- $this->allowed_hosts = $hosts;
if (!empty($hosts) && !in_array($_SESSION['storage_host'], $hosts)) {
return false;
}
-
// Login exceptions
if ($exceptions = $rcmail->config->get('password_login_exceptions')) {
$exceptions = array_map('trim', (array) $exceptions);
$exceptions = array_filter($exceptions);
- $this->login_exceptions = $exceptions;
$username = $_SESSION['username'];
foreach ($exceptions as $ec) {
@@ -340,6 +338,7 @@ class password extends rcube_plugin
}
}
}
+
return true;
}
}