Skip to content
Snippets Groups Projects
Commit 022dc6c8 authored by Bob Mottram's avatar Bob Mottram
Browse files

Don't need to test password

parent 75b0939a
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
webadmin/newuser.php
+ 1
1
View file @ 022dc6c8
...@@ -13,7 +13,7 @@ if (isset($_POST['submitnewuser'])) { ...@@ -13,7 +13,7 @@ if (isset($_POST['submitnewuser'])) {
else { else {
// Don't rely on php PRNG // Don't rely on php PRNG
$newpassword = exec("openssl rand -base64 32 | tr -dc A-Za-z0-9 | head -c 10 ; echo -n ''"); $newpassword = exec("openssl rand -base64 32 | tr -dc A-Za-z0-9 | head -c 10 ; echo -n ''");
if ((preg_match('/^[a-z\d_]$/i', $newpassword)) && (strlen($newpassword)>9)) { if (preg_match('/^[a-z\d_]{8,32}$/i', $newpassword)) {
$new_user_file = fopen(".new_user.txt", "w") or die("Unable to write to new_user file"); $new_user_file = fopen(".new_user.txt", "w") or die("Unable to write to new_user file");
fwrite($new_user_file, $username.",".$newpassword); fwrite($new_user_file, $username.",".$newpassword);
fclose($new_user_file); fclose($new_user_file);
......
webadmin/setupdomain.php
+ 1
1
View file @ 022dc6c8
...@@ -9,7 +9,7 @@ $output_filename = "index.html"; ...@@ -9,7 +9,7 @@ $output_filename = "index.html";
if (isset($_POST['setupdomain'])) { if (isset($_POST['setupdomain'])) {
$install_domain = htmlspecialchars($_POST['default_domain_name']); $install_domain = htmlspecialchars($_POST['default_domain_name']);
if ((preg_match('/[^a-z0-9\.]/', $install_domain)) && (strlen($install_domain)>4) && (strlen($install_domain)<128) { if (preg_match('/^[a-z\d_\.\-]{4,128}$/i', $install_domain)) {
$domain_file = fopen(".temp_domain.txt", "w") or die("Unable to write to domain file"); $domain_file = fopen(".temp_domain.txt", "w") or die("Unable to write to domain file");
fwrite($domain_file, $install_domain); fwrite($domain_file, $install_domain);
fclose($domain_file); fclose($domain_file);
......
webadmin/userprofile.php
+ 4
6
View file @ 022dc6c8
...@@ -25,13 +25,11 @@ if (isset($_POST['submitchangepassword'])) { ...@@ -25,13 +25,11 @@ if (isset($_POST['submitchangepassword'])) {
// Don't rely on php PRNG // Don't rely on php PRNG
$newpassword = exec("openssl rand -base64 32 | tr -dc A-Za-z0-9 | head -c 10 ; echo -n ''"); $newpassword = exec("openssl rand -base64 32 | tr -dc A-Za-z0-9 | head -c 10 ; echo -n ''");
if ((preg_match('/^[a-z\d_]$/i', $newpassword)) && (strlen($newpassword)>9)) { exec('cp password_confirm_template.html password_confirm.html');
exec('cp password_confirm_template.html password_confirm.html'); exec('sed -i "s|USERNAME|'.$username.'|g" password_confirm.html');
exec('sed -i "s|USERNAME|'.$username.'|g" password_confirm.html'); exec('sed -i "s|NEWPASSWORD|'.$newpassword.'|g" password_confirm.html');
exec('sed -i "s|NEWPASSWORD|'.$newpassword.'|g" password_confirm.html');
$output_filename = "password_confirm.html"; $output_filename = "password_confirm.html";
}
} }
$htmlfile = fopen("$output_filename", "r") or die("Unable to open $output_filename"); $htmlfile = fopen("$output_filename", "r") or die("Unable to open $output_filename");
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment