mirror of
https://git.code.sf.net/p/seeddms/code
synced 2026-02-02 06:31:56 +00:00
Merge branch 'seeddms-5.1.x' into seeddms-6.0.x
This commit is contained in:
Uwe Steinmann
commit
a48f9dbfe4
|
|
@ -367,6 +367,10 @@
|
|||
- fix utilities which require translations
|
||||
- fix potential XSS attack when deleting a folder/document
|
||||
- links to operations on folders/documents can be put into a dropdown menu
|
||||
- check for secure password when adding a new user
|
||||
- secure password check can be turned off for admins
|
||||
- simple password strength algorithmn takes length of password into account,
|
||||
if length is greater than 8
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
Changes in version 5.1.44
|
||||
|
|
|
|||
|
|
@ -54,6 +54,8 @@ class SeedDMS_EmailNotify extends SeedDMS_Notify {
|
|||
|
||||
protected $debug;
|
||||
|
||||
public $errmsg;
|
||||
|
||||
function __construct($dms, $translator, $from_address='', $smtp_server='', $smtp_port='', $smtp_username='', $smtp_password='', $lazy_ssl=true, $force_from=false) { /* {{{ */
|
||||
$this->_dms = $dms;
|
||||
$this->_translator = $translator;
|
||||
|
|
@ -65,6 +67,7 @@ class SeedDMS_EmailNotify extends SeedDMS_Notify {
|
|||
$this->lazy_ssl = $lazy_ssl;
|
||||
$this->force_from = $force_from;
|
||||
$this->debug = false;
|
||||
$this->errmsg = '';
|
||||
} /* }}} */
|
||||
|
||||
public function setDebug($debug=true) { /* {{{ */
|
||||
|
|
@ -250,6 +253,7 @@ class SeedDMS_EmailNotify extends SeedDMS_Notify {
|
|||
}
|
||||
$result = $mail->send($to, $hdrs, $message);
|
||||
if (PEAR::isError($result)) {
|
||||
$this->errmsg = $result->getMessage();
|
||||
if($this->debug)
|
||||
echo "\n".$result->getMessage();
|
||||
return false;
|
||||
|
|
|
|||
|
|
@ -63,7 +63,7 @@ class Password_Strength {
|
|||
$score += 25;
|
||||
if(preg_match('/[^0-9a-zA-Z]+/', $password))
|
||||
$score += 25;
|
||||
if($this->password_length < 8)
|
||||
// if($this->password_length < 8)
|
||||
$score *= ($this->password_length/8);
|
||||
|
||||
$this->password_info['total_score'] = $score;
|
||||
|
|
|
|||
|
|
@ -68,6 +68,8 @@ class Settings { /* {{{ */
|
|||
var $_passwordExpiration = 10;
|
||||
// Number of different passwords before a password can be reused
|
||||
var $_passwordHistory = 10;
|
||||
// Allow to set unsecure passwords by admin
|
||||
var $_allowUnsecurePassword = false;
|
||||
// Number of failed logins before account is disabled
|
||||
var $_loginFailure = 0;
|
||||
// User id that is automatically logged if nobody is logged in
|
||||
|
|
@ -742,6 +744,7 @@ class Settings { /* {{{ */
|
|||
$this->_passwordStrengthAlgorithm = strval($tab["passwordStrengthAlgorithm"]);
|
||||
$this->_passwordExpiration = intval($tab["passwordExpiration"]);
|
||||
$this->_passwordHistory = intval($tab["passwordHistory"]);
|
||||
$this->_allowUnsecurePassword = Settings::boolVal($tab["allowUnsecurePassword"]);
|
||||
$this->_loginFailure = intval($tab["loginFailure"]);
|
||||
$this->_autoLoginUser = intval($tab["autoLoginUser"]);
|
||||
$this->_quota = intval($tab["quota"]);
|
||||
|
|
@ -1166,6 +1169,7 @@ class Settings { /* {{{ */
|
|||
$this->setXMLAttributValue($node, "passwordStrengthAlgorithm", $this->_passwordStrengthAlgorithm);
|
||||
$this->setXMLAttributValue($node, "passwordExpiration", $this->_passwordExpiration);
|
||||
$this->setXMLAttributValue($node, "passwordHistory", $this->_passwordHistory);
|
||||
$this->setXMLAttributValue($node, "allowUnsecurePassword", $this->_allowUnsecurePassword);
|
||||
$this->setXMLAttributValue($node, "loginFailure", $this->_loginFailure);
|
||||
$this->setXMLAttributValue($node, "autoLoginUser", $this->_autoLoginUser);
|
||||
$this->setXMLAttributValue($node, "quota", $this->_quota);
|
||||
|
|
|
|||
|
|
@ -28,6 +28,7 @@ class_alias('Seeddms\Seeddms\ExtensionBase', 'SeedDMS_ExtBase');
|
|||
$extmgr = new ExtensionMgr($settings->_rootDir."/ext", $settings->_cacheDir, $settings->_repositoryUrl, $settings->_proxyUrl, $settings->_proxyUser, $settings->_proxyPassword);
|
||||
|
||||
foreach($extmgr->getExtensionConfiguration() as $extname=>$extconf) {
|
||||
/* Check if conf.php already disables the extension */
|
||||
if($extconf['disable']) {
|
||||
$settings->disableExtension($extname);
|
||||
continue;
|
||||
|
|
|
|||
|
|
@ -213,6 +213,7 @@ if ($action == "saveSettings")
|
|||
setStrValue("passwordStrengthAlgorithm");
|
||||
setIntValue("passwordExpiration");
|
||||
setIntValue("passwordHistory");
|
||||
setBoolValue("allowUnsecurePassword");
|
||||
setIntValue("loginFailure");
|
||||
setIntValue("autoLoginUser");
|
||||
setIntValue("quota");
|
||||
|
|
|
|||
|
|
@ -75,6 +75,20 @@ if ($action == "adduser") {
|
|||
$homefolder = (isset($_POST["homefolder"]) ? $_POST["homefolder"] : 0);
|
||||
$quota = (isset($_POST["quota"]) ? (int) $_POST["quota"] : 0);
|
||||
|
||||
if (isset($pwd) && ($pwd != "")) {
|
||||
if($settings->_passwordStrength && (!$user->isAdmin() || !$settings->_allowUnsecurePassword)) {
|
||||
$ps = new Password_Strength();
|
||||
$ps->set_password($pwd);
|
||||
if($settings->_passwordStrengthAlgorithm == 'simple')
|
||||
$ps->simple_calculate();
|
||||
else
|
||||
$ps->calculate();
|
||||
$score = $ps->get_score();
|
||||
if($score < $settings->_passwordStrength) {
|
||||
UI::exitError(getMLText("set_password"),getMLText("password_strength_insuffient"));
|
||||
}
|
||||
}
|
||||
}
|
||||
if (is_object($dms->getUserByLogin($login))) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("user_exists"));
|
||||
}
|
||||
|
|
@ -112,7 +126,7 @@ if ($action == "adduser") {
|
|||
}
|
||||
}
|
||||
}
|
||||
else UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
else UI::exitError(getMLText("admin_tools"),getMLText("error_occured"));
|
||||
|
||||
if(isset($_POST["workflows"]) && $_POST["workflows"]) {
|
||||
$workflows = array();
|
||||
|
|
@ -378,7 +392,7 @@ else if ($action == "edituser") {
|
|||
$quota = (isset($_POST["quota"]) ? (int) $_POST["quota"] : 0);
|
||||
|
||||
if (isset($pwd) && ($pwd != "")) {
|
||||
if($settings->_passwordStrength) {
|
||||
if($settings->_passwordStrength && (!$user->isAdmin() || !$settings->_allowUnsecurePassword)) {
|
||||
$ps = new Password_Strength();
|
||||
$ps->set_password($pwd);
|
||||
if($settings->_passwordStrengthAlgorithm == 'simple')
|
||||
|
|
|
|||
|
|
@ -782,6 +782,7 @@ if(($kkk = $this->callHook('getFullSearchEngine')) && is_array($kkk))
|
|||
<?php $this->showConfigOption('settings_passwordStrengthAlgorithm', 'passwordStrengthAlgorithm', array('simple'=>'settings_passwordStrengthAlgorithm_valsimple', 'advanced'=>'settings_passwordStrengthAlgorithm_valadvanced'), false, true); ?>
|
||||
<?php $this->showConfigText('settings_passwordExpiration', 'passwordExpiration'); ?>
|
||||
<?php $this->showConfigText('settings_passwordHistory', 'passwordHistory'); ?>
|
||||
<?php $this->showConfigCheckbox('settings_allowUnsecurePassword', 'allowUnsecurePassword'); ?>
|
||||
<?php $this->showConfigText('settings_loginFailure', 'loginFailure'); ?>
|
||||
<?php $this->showConfigUser('settings_autoLoginUser', 'autoLoginUser', true); ?>
|
||||
<?php $this->showConfigText('settings_quota', 'quota'); ?>
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user