Fix #1426
This commit is contained in:
parent
5bd3c9cc9a
commit
c715cefa56
|
@ -69,7 +69,7 @@ if (!$r) {
|
||||||
include_once("ftp_edit.php");
|
include_once("ftp_edit.php");
|
||||||
exit();
|
exit();
|
||||||
} else {
|
} else {
|
||||||
$error=_("The ftp account has been successfully changed");
|
$error=_("The ftp account has been successfully saved");
|
||||||
include("ftp_list.php");
|
include("ftp_list.php");
|
||||||
exit();
|
exit();
|
||||||
}
|
}
|
||||||
|
|
|
@ -146,6 +146,28 @@ class m_ftp {
|
||||||
return $r;
|
return $r;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Check if the login is fine (syntax)
|
||||||
|
function check_login($l) {
|
||||||
|
global $err;
|
||||||
|
|
||||||
|
// special chars and the max numbers of them allowed
|
||||||
|
// to be able to give a specific error
|
||||||
|
$vv = array('_'=>'1', ' '=>0);
|
||||||
|
foreach ($vv as $k=>$n) {
|
||||||
|
if (substr_count($l, $k) > $n ) { // if there is more than $n $k
|
||||||
|
$err->raise('ftp', sprintf(_("FTP login is incorrect: too many '%s'"), $k));
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Explicitly look for only allowed chars
|
||||||
|
if ( ! preg_match("/^[A-Za-z0-9_\.\-]+$/", $l) ) {
|
||||||
|
$err->raise('ftp', _("FTP login is incorrect"));
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
/* ----------------------------------------------------------------- */
|
/* ----------------------------------------------------------------- */
|
||||||
/** Affiche (ECHO) la liste des prefixes disponibles sous forme de champs d'option
|
/** Affiche (ECHO) la liste des prefixes disponibles sous forme de champs d'option
|
||||||
* Les champs sont affichés sous la forme <option>prefixe</option>...
|
* Les champs sont affichés sous la forme <option>prefixe</option>...
|
||||||
|
@ -192,8 +214,10 @@ class m_ftp {
|
||||||
}
|
}
|
||||||
$lo=$mem->user["login"];
|
$lo=$mem->user["login"];
|
||||||
$l=substr($lo,0,1);
|
$l=substr($lo,0,1);
|
||||||
if ($login) $login="_".$login;
|
$full_login=$prefixe;
|
||||||
$db->query("SELECT COUNT(*) AS cnt FROM ftpusers WHERE id!='$id' AND name='$prefixe$login';");
|
if ($login) $full_login.="_".$login;
|
||||||
|
if (! $this->check_login($full_login) ) return false;
|
||||||
|
$db->query("SELECT COUNT(*) AS cnt FROM ftpusers WHERE id!='$id' AND name='$full_login';");
|
||||||
$db->next_record();
|
$db->next_record();
|
||||||
if ($db->f("cnt")) {
|
if ($db->f("cnt")) {
|
||||||
$err->raise("ftp",_("This FTP account already exists"));
|
$err->raise("ftp",_("This FTP account already exists"));
|
||||||
|
@ -216,9 +240,9 @@ class m_ftp {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
$encrypted_password = crypt($pass,strrev(microtime(true)));
|
$encrypted_password = crypt($pass,strrev(microtime(true)));
|
||||||
$db->query("UPDATE ftpusers SET name='".$prefixe.$login."', password='', encrypted_password='$encrypted_password', homedir='$absolute', uid='$cuid' WHERE id='$id';");
|
$db->query("UPDATE ftpusers SET name='".$full_login."', password='', encrypted_password='$encrypted_password', homedir='$absolute', uid='$cuid' WHERE id='$id';");
|
||||||
} else {
|
} else {
|
||||||
$db->query("UPDATE ftpusers SET name='".$prefixe.$login."', homedir='$absolute', uid='$cuid' WHERE id='$id';");
|
$db->query("UPDATE ftpusers SET name='".$full_login."', homedir='$absolute', uid='$cuid' WHERE id='$id';");
|
||||||
}
|
}
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
@ -264,8 +288,10 @@ class m_ftp {
|
||||||
$err->raise("ftp",_("The chosen prefix is not allowed"));
|
$err->raise("ftp",_("The chosen prefix is not allowed"));
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
if ($login) $login="_".$login;
|
$full_login=$prefixe;
|
||||||
$db->query("SELECT count(*) AS cnt FROM ftpusers WHERE name='".$prefixe.$login."'");
|
if ($login) $full_login.="_".$login;
|
||||||
|
if ( !$this->check_login($full_login) ) return false;
|
||||||
|
$db->query("SELECT count(*) AS cnt FROM ftpusers WHERE name='".$full_login."'");
|
||||||
$db->next_record();
|
$db->next_record();
|
||||||
if ($db->f("cnt")) {
|
if ($db->f("cnt")) {
|
||||||
$err->raise("ftp",_("This FTP account already exists"));
|
$err->raise("ftp",_("This FTP account already exists"));
|
||||||
|
@ -286,14 +312,14 @@ class m_ftp {
|
||||||
|
|
||||||
// Check this password against the password policy using common API :
|
// Check this password against the password policy using common API :
|
||||||
if (is_callable(array($admin,"checkPolicy"))) {
|
if (is_callable(array($admin,"checkPolicy"))) {
|
||||||
if (!$admin->checkPolicy("ftp",$prefixe.$login,$pass)) {
|
if (!$admin->checkPolicy("ftp",$full_login,$pass)) {
|
||||||
return false; // The error has been raised by checkPolicy()
|
return false; // The error has been raised by checkPolicy()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($quota->cancreate("ftp")) {
|
if ($quota->cancreate("ftp")) {
|
||||||
$encrypted_password = crypt($pass,strrev(microtime(true)));
|
$encrypted_password = crypt($pass,strrev(microtime(true)));
|
||||||
$db->query("INSERT INTO ftpusers (name,password, encrypted_password,homedir,uid) VALUES ('".$prefixe.$login."', '', '$encrypted_password', '$absolute', '$cuid')");
|
$db->query("INSERT INTO ftpusers (name,password, encrypted_password,homedir,uid) VALUES ('".$full_login."', '', '$encrypted_password', '$absolute', '$cuid')");
|
||||||
return true;
|
return true;
|
||||||
} else {
|
} else {
|
||||||
$err->raise("ftp",_("Your FTP account quota is over. You cannot create more ftp accounts"));
|
$err->raise("ftp",_("Your FTP account quota is over. You cannot create more ftp accounts"));
|
||||||
|
|
Loading…
Reference in New Issue