diff options
| author | Aleksander Machniak <alec@alec.pl> | 2014-06-10 15:22:38 +0200 |
|---|---|---|
| committer | Aleksander Machniak <alec@alec.pl> | 2014-06-10 15:22:38 +0200 |
| commit | 4520fa0f38e9744fa1541c2365000710f7763242 (patch) | |
| tree | 6299a559285f85680a1ce231838cdf1b23a2fde0 /plugins/password | |
| parent | 1b988f9574c47fe110cc91364a58677f794b5b83 (diff) | |
Code cleanup and small fixes (after pull request merge)
Diffstat (limited to 'plugins/password')
| -rw-r--r-- | plugins/password/package.xml | 271 | ||||
| -rw-r--r-- | plugins/password/password.php | 61 |
2 files changed, 32 insertions, 300 deletions
diff --git a/plugins/password/package.xml b/plugins/password/package.xml index 16eda1ad0..4fa023c77 100644 --- a/plugins/password/package.xml +++ b/plugins/password/package.xml @@ -15,9 +15,9 @@ <email>alec@alec.pl</email> <active>yes</active> </lead> - <date>2013-04-28</date> + <date>2014-06-10</date> <version> - <release>3.4</release> + <release>3.5</release> <api>2.0</api> </version> <stability> @@ -25,9 +25,6 @@ <api>stable</api> </stability> <license uri="http://www.gnu.org/licenses/gpl.html">GNU GPLv3+</license> - <notes> -Added password_force_save option - </notes> <contents> <dir baseinstalldir="/" name="/"> <file name="password.php" role="php"> @@ -114,268 +111,4 @@ Added password_force_save option </required> </dependencies> <phprelease/> - <changelog> - <release> - <date>2010-04-29</date> - <time>12:00:00</time> - <version> - <release>1.4</release> - <api>1.4</api> - </version> - <stability> - <release>stable</release> - <api>stable</api> - </stability> - <license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license> - <notes> -- Use mail_domain value for domain variables when there is no domain in username: - sql and ldap drivers (#1486694) -- Created package.xml - </notes> - </release> - <release> - <date>2010-06-20</date> - <time>12:00:00</time> - <version> - <release>1.5</release> - <api>1.5</api> - </version> - <stability> - <release>stable</release> - <api>stable</api> - </stability> - <license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license> - <notes> -- Removed user_login/username_local/username_domain methods, - use rcube_user::get_username instead (#1486707) - </notes> - </release> - <release> - <date>2010-08-01</date> - <time>09:00:00</time> - <version> - <release>1.6</release> - <api>1.5</api> - </version> - <stability> - <release>stable</release> - <api>stable</api> - </stability> - <license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license> - <notes> -- Added ldap_simple driver - </notes> - </release> - <release> - <date>2010-09-10</date> - <time>09:00:00</time> - <version> - <release>1.7</release> - <api>1.5</api> - </version> - <stability> - <release>stable</release> - <api>stable</api> - </stability> - <license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license> - <notes> -- Added XMail driver -- Improve security of chpasswd driver using popen instead of exec+echo (#1486987) -- Added chpass-wrapper.py script to improve security (#1486987) - </notes> - </release> - <release> - <date>2010-09-29</date> - <time>19:00:00</time> - <version> - <release>1.8</release> - <api>1.6</api> - </version> - <stability> - <release>stable</release> - <api>stable</api> - </stability> - <license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license> - <notes> -- Added possibility to display extended error messages (#1486704) -- Added extended error messages in Poppassd driver (#1486704) - </notes> - </release> - <release> - <version> - <release>1.9</release> - <api>1.6</api> - </version> - <stability> - <release>stable</release> - <api>stable</api> - </stability> - <license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license> - <notes> -- Added password_ldap_lchattr option (#1486927) - </notes> - </release> - <release> - <date>2010-10-07</date> - <time>09:00:00</time> - <version> - <release>2.0</release> - <api>1.6</api> - </version> - <stability> - <release>stable</release> - <api>stable</api> - </stability> - <license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license> - <notes> -- Fixed SQL Injection in SQL driver when using %p or %o variables in query (#1487034) - </notes> - </release> - <release> - <date>2010-11-02</date> - <time>09:00:00</time> - <version> - <release>2.1</release> - <api>1.6</api> - </version> - <stability> - <release>stable</release> - <api>stable</api> - </stability> - <license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license> - <notes> -- hMail driver: Add possibility to connect to remote host - </notes> - </release> - <release> - <date>2011-02-15</date> - <time>12:00</time> - <version> - <release>2.2</release> - <api>1.6</api> - </version> - <stability> - <release>stable</release> - <api>stable</api> - </stability> - <license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license> - <notes> -- hMail driver: add username_domain detection (#1487100) -- hMail driver: HTML tags in logged messages should be stripped off (#1487099) -- Chpasswd driver: add newline at end of input to chpasswd binary (#1487141) -- Fix usage of configured temp_dir instead of /tmp (#1487447) -- ldap_simple driver: fix parse error -- ldap/ldap_simple drivers: support %dc variable in config -- ldap/ldap_simple drivers: support Samba password change -- Fix extended error messages handling (#1487676) -- Fix double request when clicking on Password tab in Firefox -- Fix deprecated split() usage in xmail and directadmin drivers (#1487769) -- Added option (password_log) for logging password changes -- Virtualmin driver: Add option for setting username format (#1487781) - </notes> - </release> - <release> - <date>2011-10-26</date> - <time>12:00</time> - <version> - <release>2.3</release> - <api>1.6</api> - </version> - <stability> - <release>stable</release> - <api>stable</api> - </stability> - <license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license> - <notes> -- When old and new passwords are the same, do nothing, return success (#1487823) -- Fixed Samba password hashing in 'ldap' driver -- Added 'password_change' hook for plugin actions after successful password change -- Fixed bug where 'doveadm pw' command was used as dovecotpw utility -- Improve generated crypt() passwords (#1488136) - </notes> - </release> - <release> - <date>2011-11-23</date> - <version> - <release>2.4</release> - <api>1.6</api> - </version> - <stability> - <release>stable</release> - <api>stable</api> - </stability> - <license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license> - <notes> -- Added option to use punycode or unicode for domain names (#1488103) -- Save Samba password hashes in capital letters (#1488197) - </notes> - </release> - <release> - <date>2011-11-23</date> - <version> - <release>3.0</release> - <api>2.0</api> - </version> - <stability> - <release>stable</release> - <api>stable</api> - </stability> - <license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license> - <notes> -- Fixed drivers namespace issues - </notes> - </release> - <release> - <date>2012-03-07</date> - <version> - <release>3.1</release> - <api>2.0</api> - </version> - <stability> - <release>stable</release> - <api>stable</api> - </stability> - <license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license> - <notes> -- Added pw_usermod driver (#1487826) -- Added option password_login_exceptions (#1487826) -- Added domainfactory driver (#1487882) -- Added DBMail driver (#1488281) -- Helper files moved to helpers/ directory from drivers/ -- Added Expect driver (#1488363) -- Added Samba password (#1488364) - </notes> - </release> - <release> - <date>2012-11-15</date> - <version> - <release>3.2</release> - <api>2.0</api> - </version> - <stability> - <release>stable</release> - <api>stable</api> - </stability> - <license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license> - <notes> -- Fix wrong (non-specific) error message on crypt or connection error (#1488808) -- Added option to define IMAP hosts that support password changes - password_hosts - </notes> - </release> - <release> - <date>2013-03-30</date> - <version> - <release>3.3</release> - <api>2.0</api> - </version> - <stability> - <release>stable</release> - <api>stable</api> - </stability> - <license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license> - <notes> -Added new cPanel driver - fixes localization related issues (#1487015) - </notes> - </release> - </changelog> </package> diff --git a/plugins/password/password.php b/plugins/password/password.php index 7b6b80dc7..9bf020176 100644 --- a/plugins/password/password.php +++ b/plugins/password/password.php @@ -43,6 +43,7 @@ class password extends rcube_plugin public $task = 'settings|login'; public $noframe = true; public $noajax = true; + private $newuser = false; function init() @@ -51,22 +52,23 @@ class password extends rcube_plugin $this->load_config(); - if($rcmail->task == 'settings' && !$this->check_host_login_exceptions()) { - return; - } - - $this->add_hook('settings_actions', array($this, 'settings_actions')); - if($rcmail->config->get('password_force_new_user')) { - $this->add_hook('user_create', array($this, 'user_create')); - $this->add_hook('login_after', array($this, 'login_after')); - } + if ($rcmail->task == 'settings') { + if (!$this->check_host_login_exceptions()) { + return; + } - $this->register_action('plugin.password', array($this, 'password_init')); - $this->register_action('plugin.password-save', array($this, 'password_save')); + $this->add_hook('settings_actions', array($this, 'settings_actions')); + $this->register_action('plugin.password', array($this, 'password_init')); + $this->register_action('plugin.password-save', array($this, 'password_save')); - if (strpos($rcmail->action, 'plugin.password') === 0) { - $this->include_script('password.js'); + if (strpos($rcmail->action, 'plugin.password') === 0) { + $this->include_script('password.js'); + } + } + else if ($rcmail->config->get('password_force_new_user')) { + $this->add_hook('user_create', array($this, 'user_create')); + $this->add_hook('login_after', array($this, 'login_after')); } } @@ -84,24 +86,25 @@ class password extends rcube_plugin $rcmail = rcmail::get_instance(); $rcmail->output->set_pagetitle($this->gettext('changepasswd')); - $first = rcube_utils::get_input_value('_first', rcube_utils::INPUT_GET); - if(isset($first) && $first == 'true') { + + if (rcube_utils::get_input_value('_first', rcube_utils::INPUT_GET)) { $rcmail->output->command('display_message', $this->gettext('firstloginchange'), 'notice'); } + $rcmail->output->send('plugin'); } function password_save() { - $rcmail = rcmail::get_instance(); - $this->add_texts('localization/'); $this->register_handler('plugin.body', array($this, 'password_form')); + + $rcmail = rcmail::get_instance(); $rcmail->output->set_pagetitle($this->gettext('changepasswd')); $confirm = $rcmail->config->get('password_confirm_current'); $required_length = intval($rcmail->config->get('password_minimum_length')); - $check_strength = $rcmail->config->get('password_require_nonalpha'); + $check_strength = $rcmail->config->get('password_require_nonalpha'); if (($confirm && !isset($_POST['_curpasswd'])) || !isset($_POST['_newpasswd'])) { $rcmail->output->command('display_message', $this->gettext('nopassword'), 'error'); @@ -294,44 +297,39 @@ class password extends rcube_plugin return $reason; } - + function user_create($args) { $this->newuser = true; return $args; } - + function login_after($args) { - if(!$this->check_host_login_exceptions()) { - return $args; - } - if($this->newuser) - { - $args['_task'] = 'settings'; + if ($this->newuser && $this->check_host_login_exceptions()) { + $args['_task'] = 'settings'; $args['_action'] = 'plugin.password'; - $args['_first'] = 'true'; + $args['_first'] = 'true'; } + return $args; } - + // Check if host and login is allowed to change the password, false = not allowed, true = not allowed private function check_host_login_exceptions() { $rcmail = rcmail::get_instance(); + // Host exceptions $hosts = $rcmail->config->get('password_hosts'); - $this->allowed_hosts = $hosts; if (!empty($hosts) && !in_array($_SESSION['storage_host'], $hosts)) { return false; } - // Login exceptions if ($exceptions = $rcmail->config->get('password_login_exceptions')) { $exceptions = array_map('trim', (array) $exceptions); $exceptions = array_filter($exceptions); - $this->login_exceptions = $exceptions; $username = $_SESSION['username']; foreach ($exceptions as $ec) { @@ -340,6 +338,7 @@ class password extends rcube_plugin } } } + return true; } } |