From 1ed92e187ae2dfb51f5f2d62c290a85f93b6dc21 Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Thu, 14 Aug 2014 13:54:00 -0400
Subject: [PATCH] - Added security check script. - Create md5 sums of all files at install and update.
---
interface/web/admin/form/users.tform.php | 353 ++++++++++++++++++++++++++++++----------------------------
1 files changed, 184 insertions(+), 169 deletions(-)
diff --git a/interface/web/admin/form/users.tform.php b/interface/web/admin/form/users.tform.php
index 06be9db..9ee2970 100644
--- a/interface/web/admin/form/users.tform.php
+++ b/interface/web/admin/form/users.tform.php
@@ -60,60 +60,62 @@
*/
-$form['title'] = 'Users';
-$form['description'] = 'Form to edit systemusers.';
-$form['name'] = 'users';
-$form['action'] = 'users_edit.php';
-$form['db_table'] = 'sys_user';
-$form['db_table_idx'] = 'userid';
-$form["db_history"] = "no";
-$form['tab_default'] = 'users';
-$form['list_default'] = 'users_list.php';
-$form['auth'] = 'yes';
+$form['title'] = 'Users';
+$form['description'] = 'Form to edit systemusers.';
+$form['name'] = 'users';
+$form['action'] = 'users_edit.php';
+$form['db_table'] = 'sys_user';
+$form['db_table_idx'] = 'userid';
+$form["db_history"] = "no";
+$form['tab_default'] = 'users';
+$form['list_default'] = 'users_list.php';
+$form['auth'] = 'yes';
//* 0 = id of the user, > 0 id must match with id of current user
-$form['auth_preset']['userid'] = 0;
+$form['auth_preset']['userid'] = 0;
//* 0 = default groupid of the user, > 0 id must match with groupid of current user
-$form['auth_preset']['groupid'] = 0;
+$form['auth_preset']['groupid'] = 0;
//** Permissions are: r = read, i = insert, u = update, d = delete
$form['auth_preset']['perm_user'] = 'riud';
$form['auth_preset']['perm_group'] = 'riud';
-$form['auth_preset']['perm_other'] = '';
+$form['auth_preset']['perm_other'] = '';
//* Pick out modules
$modules_list = array();
-$handle = @opendir(ISPC_WEB_PATH);
-while ($file = @readdir ($handle)) {
- if ($file != '.' && $file != '..') {
- if(@is_dir(ISPC_WEB_PATH."/$file")) {
- if(is_file(ISPC_WEB_PATH."/$file/lib/module.conf.php") and $file != 'login') {
+$handle = @opendir(ISPC_WEB_PATH);
+while ($file = @readdir($handle)) {
+ if ($file != '.' && $file != '..') {
+ if(@is_dir(ISPC_WEB_PATH."/$file")) {
+ if(is_file(ISPC_WEB_PATH."/$file/lib/module.conf.php") and $file != 'login' && $file != 'designer' && $file != 'mailuser') {
$modules_list[$file] = $file;
}
- }
+ }
}
}
//* Load themes
$themes_list = array();
-$handle = @opendir(ISPC_THEMES_PATH);
-while ($file = @readdir ($handle)) {
- if (substr($file, 0, 1) != '.') {
- if(@is_dir(ISPC_THEMES_PATH."/$file")) {
- $themes_list[$file] = $file;
- }
+$handle = @opendir(ISPC_THEMES_PATH);
+while ($file = @readdir($handle)) {
+ if (substr($file, 0, 1) != '.') {
+ if(@is_dir(ISPC_THEMES_PATH."/$file")) {
+ if(!file_exists(ISPC_THEMES_PATH."/$file/ispconfig_version") || (@file_exists(ISPC_THEMES_PATH."/$file/ispconfig_version") && trim(@file_get_contents(ISPC_THEMES_PATH."/$file/ispconfig_version")) == ISPC_APP_VERSION)) {
+ $themes_list[$file] = $file;
+ }
+ }
}
}
//* Languages
$language_list = array();
-$handle = @opendir(ISPC_ROOT_PATH.'/lib/lang');
-while ($file = @readdir ($handle)) {
- if ($file != '.' && $file != '..') {
- if(@is_file(ISPC_ROOT_PATH.'/lib/lang/'.$file) and substr($file,-4,4) == '.lng') {
+$handle = @opendir(ISPC_ROOT_PATH.'/lib/lang');
+while ($file = @readdir($handle)) {
+ if ($file != '.' && $file != '..') {
+ if(@is_file(ISPC_ROOT_PATH.'/lib/lang/'.$file) and substr($file, -4, 4) == '.lng') {
$tmp = substr($file, 0, 2);
$language_list[$tmp] = $tmp;
- }
+ }
}
}
@@ -127,128 +129,141 @@
}
$form['tabs']['users'] = array (
- 'title' => 'Users',
- 'width' => 80,
- 'template' => 'templates/users_user_edit.htm',
- 'fields' => array (
- ##################################
- # Beginn Datenbankfelder
- ##################################
+ 'title' => 'Users',
+ 'width' => 80,
+ 'template' => 'templates/users_user_edit.htm',
+ 'fields' => array (
+ //#################################
+ // Beginn Datenbankfelder
+ //#################################
'username' => array (
- 'datatype' => 'VARCHAR',
- 'formtype' => 'TEXT',
- 'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
- 'errmsg'=> 'username_empty'),
- 1 => array ( 'type' => 'UNIQUE',
- 'errmsg'=> 'username_unique'),
- 2 => array ( 'type' => 'REGEX',
- 'regex' => '/^[\w\.\-\_]{0,50}$/',
- 'errmsg'=> 'username_err'),
- ),
- 'regex' => '',
- 'errmsg' => '',
- 'default' => '',
- 'value' => '',
- 'separator' => '',
- 'width' => '15',
- 'maxlength' => '30',
- 'rows' => '',
- 'cols' => ''
+ 'datatype' => 'VARCHAR',
+ 'formtype' => 'TEXT',
+ 'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
+ 'errmsg'=> 'username_empty'),
+ 1 => array ( 'type' => 'UNIQUE',
+ 'errmsg'=> 'username_unique'),
+ 2 => array ( 'type' => 'REGEX',
+ 'regex' => '/^[\w\.\-\_]{0,64}$/',
+ 'errmsg'=> 'username_err'),
+ 3 => array ( 'type' => 'CUSTOM',
+ 'class' => 'validate_client',
+ 'function' => 'username_collision',
+ 'errmsg'=> 'username_error_collision'),
+ ),
+ 'regex' => '',
+ 'errmsg' => '',
+ 'default' => '',
+ 'value' => '',
+ 'separator' => '',
+ 'width' => '15',
+ 'maxlength' => '30',
+ 'rows' => '',
+ 'cols' => ''
),
'passwort' => array (
- 'datatype' => 'VARCHAR',
- 'formtype' => 'PASSWORD',
- 'regex' => '',
- 'errmsg' => '',
- 'default' => '',
- 'value' => '',
- 'separator' => '',
- 'width' => '15',
- 'maxlength' => '100',
- 'rows' => '',
- 'cols' => ''
+ 'datatype' => 'VARCHAR',
+ 'formtype' => 'PASSWORD',
+ 'validators' => array(
+ 0 => array(
+ 'type' => 'CUSTOM',
+ 'class' => 'validate_password',
+ 'function' => 'password_check',
+ 'errmsg' => 'weak_password_txt'
+ )
+ ),
+ 'encryption' => 'CRYPT',
+ 'regex' => '',
+ 'errmsg' => '',
+ 'default' => '',
+ 'value' => '',
+ 'separator' => '',
+ 'width' => '15',
+ 'maxlength' => '100',
+ 'rows' => '',
+ 'cols' => ''
),
'modules' => array (
- 'datatype' => 'VARCHAR',
- 'formtype' => 'CHECKBOXARRAY',
- 'regex' => '',
- 'errmsg' => '',
- 'default' => 'admin,forms',
- 'value' => $modules_list,
- 'separator' => ',',
- 'width' => '30',
- 'maxlength' => '255',
- 'rows' => '',
- 'cols' => ''
+ 'datatype' => 'VARCHAR',
+ 'formtype' => 'CHECKBOXARRAY',
+ 'regex' => '',
+ 'errmsg' => '',
+ 'default' => 'admin,forms',
+ 'value' => $modules_list,
+ 'separator' => ',',
+ 'width' => '30',
+ 'maxlength' => '255',
+ 'rows' => '',
+ 'cols' => ''
),
'startmodule' => array (
- 'datatype' => 'VARCHAR',
- 'formtype' => 'SELECT',
- 'regex' => '',
- 'errmsg' => '',
- 'default' => '',
- 'value' => $modules_list,
- 'separator' => '',
- 'width' => '30',
- 'maxlength' => '255',
- 'rows' => '',
- 'cols' => ''
+ 'datatype' => 'VARCHAR',
+ 'formtype' => 'SELECT',
+ 'regex' => '',
+ 'errmsg' => '',
+ 'default' => '',
+ 'value' => $modules_list,
+ 'separator' => '',
+ 'width' => '30',
+ 'maxlength' => '255',
+ 'rows' => '',
+ 'cols' => ''
),
'app_theme' => array (
- 'datatype' => 'VARCHAR',
- 'formtype' => 'RADIO',
- 'regex' => '',
- 'errmsg' => '',
- 'default' => 'default',
- 'value' => $themes_list,
- 'separator' => '',
- 'width' => '30',
- 'maxlength' => '255',
- 'rows' => '',
- 'cols' => ''
+ 'datatype' => 'VARCHAR',
+ 'formtype' => 'RADIO',
+ 'regex' => '',
+ 'errmsg' => '',
+ 'default' => 'default',
+ 'value' => $themes_list,
+ 'separator' => '',
+ 'width' => '30',
+ 'maxlength' => '255',
+ 'rows' => '',
+ 'cols' => ''
),
'typ' => array (
- 'datatype' => 'VARCHAR',
- 'formtype' => 'RADIO',
- 'regex' => '',
- 'errmsg' => '',
- 'default' => 'user',
- 'value' => array ('user' => 'user', 'admin' => 'admin'),
- 'separator' => '',
- 'width' => '30',
- 'maxlength' => '255',
- 'rows' => '',
- 'cols' => ''
+ 'datatype' => 'VARCHAR',
+ 'formtype' => 'RADIO',
+ 'regex' => '',
+ 'errmsg' => '',
+ 'default' => 'user',
+ 'value' => array ('user' => 'user', 'admin' => 'admin'),
+ 'separator' => '',
+ 'width' => '30',
+ 'maxlength' => '255',
+ 'rows' => '',
+ 'cols' => ''
),
'active' => array (
- 'datatype' => 'INTEGER',
- 'formtype' => 'CHECKBOX',
- 'regex' => '',
- 'errmsg' => '',
- 'default' => '',
- 'value' => array(0 => 0,1 => 1),
- 'separator' => '',
- 'width' => '30',
- 'maxlength' => '255',
- 'rows' => '',
- 'cols' => ''
+ 'datatype' => 'INTEGER',
+ 'formtype' => 'CHECKBOX',
+ 'regex' => '',
+ 'errmsg' => '',
+ 'default' => '',
+ 'value' => array(0 => 0, 1 => 1),
+ 'separator' => '',
+ 'width' => '30',
+ 'maxlength' => '255',
+ 'rows' => '',
+ 'cols' => ''
),
'language' => array (
- 'datatype' => 'VARCHAR',
- 'formtype' => 'SELECT',
- 'regex' => '',
- 'errmsg' => '',
- 'default' => '',
- 'value' => $language_list,
- 'separator' => '',
- 'width' => '30',
- 'maxlength' => '2',
- 'rows' => '',
- 'cols' => ''
+ 'datatype' => 'VARCHAR',
+ 'formtype' => 'SELECT',
+ 'regex' => '',
+ 'errmsg' => '',
+ 'default' => '',
+ 'value' => $language_list,
+ 'separator' => '',
+ 'width' => '30',
+ 'maxlength' => '2',
+ 'rows' => '',
+ 'cols' => ''
)
- ##################################
- # ENDE Datenbankfelder
- ##################################
+ //#################################
+ // ENDE Datenbankfelder
+ //#################################
)
);
/*
@@ -412,44 +427,44 @@
*/
$form['tabs']['groups'] = array (
- 'title' => 'Groups',
- 'width' => 80,
- 'template' => 'templates/users_groups_edit.htm',
- 'fields' => array (
- ##################################
- # Beginn Datenbankfelder
- ##################################
+ 'title' => 'Groups',
+ 'width' => 80,
+ 'template' => 'templates/users_groups_edit.htm',
+ 'fields' => array (
+ //#################################
+ // Beginn Datenbankfelder
+ //#################################
'default_group' => array (
- 'datatype' => 'VARCHAR',
- 'formtype' => 'SELECT',
- 'regex' => '',
- 'errmsg' => '',
- 'default' => '',
- 'value' => $groups_list,
- 'separator' => ',',
- 'width' => '30',
- 'maxlength' => '255',
- 'rows' => '',
- 'cols' => ''
+ 'datatype' => 'VARCHAR',
+ 'formtype' => 'SELECT',
+ 'regex' => '',
+ 'errmsg' => '',
+ 'default' => '',
+ 'value' => $groups_list,
+ 'separator' => ',',
+ 'width' => '30',
+ 'maxlength' => '255',
+ 'rows' => '',
+ 'cols' => ''
),
'groups' => array (
- 'datatype' => 'VARCHAR',
- 'formtype' => 'CHECKBOXARRAY',
- 'regex' => '',
- 'errmsg' => '',
- 'default' => '',
- 'value' => $groups_list,
- 'separator' => ',',
- 'width' => '30',
- 'maxlength' => '255',
- 'rows' => '',
- 'cols' => ''
+ 'datatype' => 'VARCHAR',
+ 'formtype' => 'CHECKBOXARRAY',
+ 'regex' => '',
+ 'errmsg' => '',
+ 'default' => '',
+ 'value' => $groups_list,
+ 'separator' => ',',
+ 'width' => '30',
+ 'maxlength' => '255',
+ 'rows' => '',
+ 'cols' => ''
)
- ##################################
- # ENDE Datenbankfelder
- ##################################
+ //#################################
+ // ENDE Datenbankfelder
+ //#################################
)
);
-?>
\ No newline at end of file
+?>
--
Gitblit v1.9.1