From 161a04cebb3045db9271167134e8fc226282212f Mon Sep 17 00:00:00 2001 From: Benjamin Sonntag Date: Mon, 30 Nov 2009 05:02:53 +0000 Subject: [PATCH] translating comments of m_hta.php to english + misc fopen() checks --- bureau/class/m_admin.php | 100 +++++++++++++++++++++++++++++++++-- bureau/class/m_ftp.php | 10 ++++ bureau/class/m_hta.php | 109 +++++++++++++++++++++++++-------------- bureau/class/m_mail.php | 8 +++ bureau/class/m_mem.php | 9 ++++ bureau/class/m_mysql.php | 12 +++++ 6 files changed, 203 insertions(+), 45 deletions(-) diff --git a/bureau/class/m_admin.php b/bureau/class/m_admin.php index 8868aa91..bb5c8361 100644 --- a/bureau/class/m_admin.php +++ b/bureau/class/m_admin.php @@ -190,7 +190,6 @@ class m_admin { * */ function get_list($all=0,$creator=0) { - // PATCHBEN pour ne voir que les comptes que l'on a créé (sauf admin) global $err,$mem,$cuid; $err->log("admin","get_list"); if (!$this->enabled) { @@ -259,7 +258,7 @@ class m_admin { */ function checkcreator($uid) { global $err,$mem,$db,$cuid; - // DONE PATCHBEN Check that the current user is editing one of it's own account ! + // Check that the current user is editing one of it's own account ! // but ADMIN (always uid 2000) is almighty if ($cuid==2000) { return true; @@ -342,9 +341,6 @@ class m_admin { $db->query("SELECT count(*) AS cnt FROM membres WHERE login='$login';"); $db->next_record(); if (!$db->f("cnt")) { - // [ML] ATTENTION: ce code recycle les uid de comptes supprimes - // ne cause pas vraiment de bug, mais c'est une mauvaise pratique, et - // risque que deux comptes aient le meme uid si crees exactement en meme temps $db->query("SELECT m.uid+1 as nextid FROM membres m LEFT JOIN membres n ON m.uid=n.uid-1 WHERE n.uid IS NULL ORDER BY 1 LIMIT 0,1"); if (!$db->next_record()) { $uid=2000; @@ -1019,6 +1015,100 @@ EOF; return $db->f("login"); } + + /* ----------------------------------------------------------------- */ + /** + * List the password policies currently installed in the policy table + * + * @return array an indexed array of associative array from the MySQL "policy" table + * + */ + function listPasswordPolicies() { + global $db,$classes; + $tmp1=array(); + $tmp2=array(); + $policies=array(); + $db->query("SELECT * FROM policy;"); + while ($db->next_record()) { + $tmp1[$db->Record["name"]]=$db->Record; + } + foreach($classes as $c) { + if (method_exists($GLOBALS[$c],"alternc_password_policy")) { + $res=$GLOBALS[$c]->alternc_password_policy(); // returns an array + foreach($res as $k=>$v) { + $tmp2[$k]=$v; + } + } + } + foreach($tmp2 as $k=>$v) { + if (!isset($tmp1[$k])) { + // Default policy : + $db->query("INSERT INTO policy SET name='".addslashes($k)."', minsize=0, maxsize=64, classcount=0, allowlogin=0;"); + $tmp1[$k]=array( + "minsize"=>0, "maxsize"=>64, "classcount"=>0, "allowlogin"=>0 + ); + } + $policies[$k]=$tmp1[$k]; + $policies[$k]["description"]=_($v); + unset($tmp1[$k]); + } + foreach ($tmp1 as $k=>$v) { + // Delete disabled modules : + $db->query("DELETE FROM policy WHERE name='".addslashes($k)."';"); + } + return $policies; + } + + + /* ----------------------------------------------------------------- */ + /** + * Change a password policy for one kind of password + * + * @param $policy string Name of the policy to edit + * @param $minsize integer Minimum Password size + * @param $maxsize integer Maximum Password size + * @param $classcount integer How many class of characters must this password have + * @param $allowlogin boolean Do we allow the password to be like the login ? + * @return boolean TRUE if the policy has been edited, or FALSE if an error occured. + * + */ + function editPolicy($policy,$minsize,$maxsize,$classcount,$allowlogin) { + global $db; + $minsize=intval($minsize); + $maxsize=intval($maxsize); + $classcount=intval($classcount); + $allowlogin=intval($allowlogin); + + $db->query("SELECT * FROM policy WHERE name='".addslashes($policy)."';"); + if (!$db->next_record()) { + return false; // Policy not found + } + if ($minsize<0 || $minsize>64 || $maxsize<0 || $maxsize>64 || $maxsize<$minsize || $classcount<0 || $classcount>4) { + return false; // Incorrect policy ... + } + $allowlogin=($allowlogin)?1:0; + $db->query("UPDATE policy SET minsize=$minsize, maxsize=$maxsize, classcount=$classcount, allowlogin=$allowlogin WHERE name='".addslashes($policy)."';"); + return true; + + } + + + /* ----------------------------------------------------------------- */ + /** + * Check a password and a login for a specific policy + * + * @param $policy string Name of the policy to check for + * @param $login The login that will be set + * @param $password The password we have to check + * @return boolean TRUE if the password if OK for this login and this policy, FALSE if it is not. + * + */ + function checkPolicy($policy,$login,$password) { + global $db; + + } + + } /* Classe ADMIN */ ?> diff --git a/bureau/class/m_ftp.php b/bureau/class/m_ftp.php index 1ef20464..a78db1d0 100644 --- a/bureau/class/m_ftp.php +++ b/bureau/class/m_ftp.php @@ -46,6 +46,16 @@ class m_ftp { return "ftp"; } + + /* ----------------------------------------------------------------- */ + /** + * Password kind used in this class (hook for admin class) + */ + function alternc_password_policy() { + return array("ftp"=>"FTP accounts"); + } + + /* ----------------------------------------------------------------- */ /** Retourne la liste des comptes FTP du compte hébergé * Retourne la liste des comptes FTP sous forme de tableau indexé de diff --git a/bureau/class/m_hta.php b/bureau/class/m_hta.php index cdcf82c5..90ca903a 100644 --- a/bureau/class/m_hta.php +++ b/bureau/class/m_hta.php @@ -27,30 +27,32 @@ Purpose of file: ---------------------------------------------------------------------- */ + /** -* Classe de gestion des dossiers protégés par .htaccess apache +* This class handle folder web restricted access through .htaccess/.htpassword +* files. * -* Cette classe permet de gérer les dossiers protégés par login/pass -* par le système .htaccess d'apache. * Copyleft {@link http://alternc.net/ AlternC Team} * -* @copyright AlternC-Team 2002-11-01 http://alternc.net/ +* @copyright AlternC-Team 2002-11-01 http://alternc.org/ * */ class m_hta { + /*---------------------------------------------------------------------------*/ /** - * Constructeur de la classe m_webaccess, initialise le membre + * Constructor */ function m_webaccess() { } + /*---------------------------------------------------------------------------*/ /** - * Crée un dossier à protéger (.htaccess et .htpasswd) - * @param string $dir Répertoire relatif au dossier de l'utilisateur - * @return boolean TRUE si le dossier a été protégé avec succès, FALSE sinon + * Create a protected folder (.htaccess et .htpasswd) + * @param string $dir Folder to protect (relative to user root) + * @return boolean TRUE if the folder has been protected, or FALSE if an error occurred */ function CreateDir($dir) { global $mem,$bro,$err; @@ -78,10 +80,11 @@ class m_hta { return true; } + /*---------------------------------------------------------------------------*/ /** - * Retourne la liste de tous les dossiers de l'utilisateur contenant un .htpasswd - * @return array Tableau contenant la liste des dossiers protégés de l'utilisateur + * Returns the list of all user folder currently protected by a .htpasswd file + * @return array Array containing user folder list */ function ListDir() { global $err,$mem; @@ -100,11 +103,12 @@ class m_hta { return $r; } + /*---------------------------------------------------------------------------*/ /** - * Retourne TRUE si le dossier paramètre est protégé. - * @param string $dir Dossier dont on souhaite vérifier la protection - * @return TRUE si le dossier est protégé, FALSE sinon + * Tells if a folder is protected. + * @param string $dir Folder to check + * @return TRUE if the folder is protected, or FALSE if it is not */ function is_protected($dir){ global $mem,$err; @@ -119,11 +123,12 @@ class m_hta { } } + /*---------------------------------------------------------------------------*/ /** - * Retourne la liste des utilisateurs autorisés dans le dossier - * @param string $dir Dossier dont on souhaite obtenir la liste des user/pass - * @return array Tableau contenant la liste des logins du .htpasswd ou FALSE. + * Returns the list of login for a protected folder. + * @param string $dir The folder to lookup (relative to user root) + * @return array An array containing the list of logins from the .htpasswd file, or FALSE */ function get_hta_detail($dir) { global $mem,$err; @@ -134,10 +139,12 @@ class m_hta { return false; } */ } - $file = fopen("$absolute/.htpasswd","r"); + $file = @fopen("$absolute/.htpasswd","r"); $i=0; $res=array(); - fseek($file,0); + if (!$file) { + return false; + } // TODO: Tester la validité du .htpasswd while (!feof($file)) { $s=fgets($file,1024); @@ -151,11 +158,12 @@ class m_hta { return $res; } + /*---------------------------------------------------------------------------*/ /** - * Déprotège un dossier - * @param string $dir Dossier à déprotéger - * @return boolean TRUE si le dossier a été déprotégé, FALSE sinon + * Unprotect a folder + * @param string $dir Folder to unprotect, relative to user root + * @return boolean TRUE if the folder has been unprotected, or FALSE if an error occurred */ function DelDir($dir) { global $mem,$bro,$err; @@ -176,13 +184,14 @@ class m_hta { return true; } + /*---------------------------------------------------------------------------*/ /** - * Ajoute un utilisateur à un dossier protégé. - * @param string $login Utilisateur à ajouter - * @param string $password Mot de passe à ajouter (en clair) - * @param string $dir Dossier concerné - * @return boolean TRUE si l'utilisateur a été ajouté avec succès, FALSE sinon + * Add a user to a protected folder + * @param string $login The user login to add + * @param string $password The password to add (cleartext) + * @param string $dir The folder we add it to (relative to user root). + * @return boolean TRUE if the user has been added, or FALSE if an error occurred */ function add_user($user,$password,$dir) { global $err, $bro; @@ -193,7 +202,11 @@ class m_hta { return false; } if (checkloginmail($user)){ - $file = fopen("$absolute/.htpasswd","a+"); + $file = @fopen("$absolute/.htpasswd","a+"); + if (!$file) { + $err->raise("hta",12); + return false; + } fseek($file,0); while (!feof($file)) { $s=fgets($file,1024); @@ -216,12 +229,13 @@ class m_hta { } } + /*---------------------------------------------------------------------------*/ /** - * Supprime un ou plusieurs utilisateurs d'un dossier protégé. - * @param array $lst Tableau des logins à supprimer. - * @param string $dir Dossier dans lequel on souhaite supprimer des utilisateurs - * @return boolean TRUE si les utilisateurs ont été supprimés avec succès, FALSE sinon + * Delete a user from a protected folder. + * @param array $lst An array with login to delete. + * @param string $dir The folder, relative to user root, where we want to delete users. + * @return boolean TRUE if users has been deleted, or FALSE if an error occurred. */ function del_user($lst,$dir) { global $bro,$err; @@ -234,6 +248,10 @@ class m_hta { touch("$absolute/.htpasswd.new"); $file = fopen("$absolute/.htpasswd","r"); $newf = fopen("$absolute/.htpasswd.new","a"); + if (!$file || !$newf) { + $err->raise("hta",12); + return false; + } reset($lst); fseek($file,0); while (!feof($file)) { @@ -251,13 +269,14 @@ class m_hta { return true; } + /*---------------------------------------------------------------------------*/ /** - * Change le mot de passe d'un utilisateur d'un dossier protégé. - * @param string $user Utilisateur dont on souhaite changer le mot de passe - * @param string $newpass Nouveau mot de passe de cet utilisateur - * @param string $dir Dossier protégé concerné - * @return boolean TRUE si le mot de passe a été changé avec succès, FALSE sinon + * Change the password of a user in a protected folder + * @param string $user The users whose password should be changed + * @param string $newpass The new password of this user + * @param string $dir The folder, relative to user root, in which we will change a password + * @return boolean TRUE if the password has been changed, or FALSE if an error occurred */ function change_pass($user,$newpass,$dir) { global $bro,$err; @@ -270,6 +289,10 @@ class m_hta { touch("$absolute/.htpasswd.new"); $file = fopen("$absolute/.htpasswd","r"); $newf = fopen("$absolute/.htpasswd.new","a"); + if (!$file || !$newf) { + $err->raise("hta",12); + return false; + } while (!feof($file)) { $s=fgets($file,1024); $t=explode(":",$s); @@ -285,11 +308,12 @@ class m_hta { return true; } + /*---------------------------------------------------------------------------*/ /** - * Vérifie la validité des lignes d'un .htaccess existant. - * @param string $absolute Dossier que l'on souhaite vérifier - * @return boolean TRUE si le dossier est correctement protégé par un .htaccess, FALSE sinon + * Check that a .htaccess file is valid (for authentication) + * @param string $absolute Folder we want to check (relative to user root) + * @return boolean TRUE is the .htaccess is protecting this folder, or FALSE else * @access private */ function _reading_htaccess($absolute) { @@ -298,6 +322,9 @@ class m_hta { $file = fopen("$absolute/.htaccess","r+"); $lignes=array(1,1,1); $errr=0; + if (!$file) { + return false; + } while (!feof($file) && !$errr) { $s=fgets($file,1024); if (substr($s,0,12)!="RewriteCond " && substr($s,0,14)!="ErrorDocument " && substr($s,0,12)!="RewriteRule " && substr($s,0,14)!="RewriteEngine " && trim($s)!="") { @@ -324,6 +351,8 @@ class m_hta { return true; } -} /* CLASS m_webaccess */ +} /* CLASS m_hta */ + + ?> \ No newline at end of file diff --git a/bureau/class/m_mail.php b/bureau/class/m_mail.php index d738d34f..fee61d07 100644 --- a/bureau/class/m_mail.php +++ b/bureau/class/m_mail.php @@ -55,6 +55,14 @@ class m_mail { } + /** + * Password kind used in this class (hook for admin class) + */ + function alternc_password_policy() { + return array("pop"=>"POP/IMAP account passwords"); + } + + /* ----------------------------------------------------------------- */ /** Returns the list of mail-hosted domains for a user * @return array indexed array of hosted domains diff --git a/bureau/class/m_mem.php b/bureau/class/m_mem.php index 5985214b..5d75627c 100644 --- a/bureau/class/m_mem.php +++ b/bureau/class/m_mem.php @@ -50,6 +50,15 @@ class m_mem { function m_mem() { } + /* ----------------------------------------------------------------- */ + /** + * Password kind used in this class (hook for admin class) + */ + function alternc_password_policy() { + return array("mem"=>"AlternC's account password"); + } + + /* ----------------------------------------------------------------- */ /** Check that the current user is an admnistrator. * @return boolean TRUE if we are super user, or FALSE if we are not. diff --git a/bureau/class/m_mysql.php b/bureau/class/m_mysql.php index 6cec85dc..1c9f0692 100644 --- a/bureau/class/m_mysql.php +++ b/bureau/class/m_mysql.php @@ -55,6 +55,18 @@ class m_mysql { return array("mysql","mysql_users"); } + + + /* ----------------------------------------------------------------- */ + /** + * Password kind used in this class (hook for admin class) + */ + function alternc_password_policy() { + return array("mysql_users"=>"MySQL users"); + } + + + /*---------------------------------------------------------------------------*/ /** Get the list of the database for the current user. * @return array returns an associative array as follow :