Revision bbc9fa5e
Von Moritz Bunkus vor mehr als 18 Jahren hinzugefügt
| bin/mozilla/admin.pl | ||
|---|---|---|
| 38 | 38 |
use SL::User; |
| 39 | 39 |
|
| 40 | 40 |
$form = new Form; |
| 41 |
$form->{"root"} = "root login";
|
|
| 41 | 42 |
|
| 42 | 43 |
$locale = new Locale $language, "admin"; |
| 43 | 44 |
|
| ... | ... | |
| 55 | 56 |
|
| 56 | 57 |
if ($form->{action}) {
|
| 57 | 58 |
|
| 59 |
|
|
| 58 | 60 |
$subroutine = $locale->findsub($form->{action});
|
| 59 | 61 |
|
| 60 | 62 |
if ($subroutine eq 'login') {
|
| ... | ... | |
| 123 | 125 |
. $locale->text('Login') . qq|"></td>
|
| 124 | 126 |
</tr> |
| 125 | 127 |
<input type=hidden name=action value=login> |
| 126 |
<input type=hidden name=root value="root login"> |
|
| 127 | 128 |
<input type=hidden name=path value=$form->{path}>
|
| 128 | 129 |
</table> |
| 129 | 130 |
|
| ... | ... | |
| 192 | 193 |
|
| 193 | 194 |
print qq| |
| 194 | 195 |
|
| 195 |
<input name=callback type=hidden value="$form->{script}?action=list_users&path=$form->{path}&root=$form->{root}&rpw=$form->{rpw}">
|
|
| 196 |
<input type=hidden name=root value="$form->{root}">
|
|
| 196 |
<input name=callback type=hidden value="$form->{script}?action=list_users&path=$form->{path}&rpw=$form->{rpw}">
|
|
| 197 | 197 |
<input type=hidden name=path value=$form->{path}>
|
| 198 | 198 |
<input type=hidden name=rpw value=$form->{rpw}>
|
| 199 | 199 |
|
| ... | ... | |
| 289 | 289 |
|
| 290 | 290 |
foreach $key (sort keys %member) {
|
| 291 | 291 |
$href = |
| 292 |
"$script?action=edit&login=$key&path=$form->{path}&root=$form->{root}&rpw=$form->{rpw}";
|
|
| 292 |
"$script?action=edit&login=$key&path=$form->{path}&rpw=$form->{rpw}";
|
|
| 293 | 293 |
$href =~ s/ /%20/g; |
| 294 | 294 |
|
| 295 | 295 |
$member{$key}{templates} =~ s/^$templates\///;
|
| ... | ... | |
| 328 | 328 |
|
| 329 | 329 |
<input type=hidden name=path value=$form->{path}>
|
| 330 | 330 |
<input type=hidden name=rpw value=$form->{rpw}>
|
| 331 |
<input type=hidden name=root value="$form->{root}">
|
|
| 332 | 331 |
|
| 333 | 332 |
<br><input type=submit class=submit name=action value="| |
| 334 | 333 |
. $locale->text('Add User') . qq|">
|
| ... | ... | |
| 1120 | 1119 |
. $locale->text('Password')
|
| 1121 | 1120 |
. qq|</b> <input type=password name=password size=8> |
| 1122 | 1121 |
|
| 1123 |
<input type=hidden name=root value="$form->{root}">
|
|
| 1124 | 1122 |
<input type=hidden name=path value=$form->{path}>
|
| 1125 | 1123 |
<input type=hidden name=rpw value=$form->{rpw}>
|
| 1126 | 1124 |
|
| ... | ... | |
| 1144 | 1142 |
$root->save_member($memberfile); |
| 1145 | 1143 |
|
| 1146 | 1144 |
$form->{callback} =
|
| 1147 |
"$form->{script}?action=list_users&path=$form->{path}&root=$form->{root}&rpw=$root->{password}";
|
|
| 1145 |
"$form->{script}?action=list_users&path=$form->{path}&rpw=$root->{password}";
|
|
| 1148 | 1146 |
|
| 1149 | 1147 |
$form->redirect($locale->text('Password changed!'));
|
| 1150 | 1148 |
|
| 1151 | 1149 |
} |
| 1152 | 1150 |
|
| 1153 | 1151 |
sub check_password {
|
| 1154 |
|
|
| 1155 | 1152 |
$root = new User "$memberfile", $form->{root};
|
| 1156 | 1153 |
|
| 1157 |
if ($root->{password}) {
|
|
| 1158 |
if ($root->{password} ne $form->{rpw}) {
|
|
| 1159 |
$form->error($locale->text('Incorrect Password!'));
|
|
| 1160 |
} |
|
| 1154 |
if (!$root->{password} || ($root->{password} ne $form->{rpw})) {
|
|
| 1155 |
$form->error($locale->text('Incorrect Password!'));
|
|
| 1161 | 1156 |
} |
| 1162 | 1157 |
|
| 1163 | 1158 |
} |
| ... | ... | |
| 1268 | 1263 |
</td></tr> |
| 1269 | 1264 |
</table> |
| 1270 | 1265 |
|
| 1271 |
<input name=callback type=hidden value="$form->{script}?action=list_users&path=$form->{path}&root=$form->{root}&rpw=$form->{rpw}">
|
|
| 1272 |
<input type=hidden name=root value="$form->{root}">
|
|
| 1266 |
<input name=callback type=hidden value="$form->{script}?action=list_users&path=$form->{path}&rpw=$form->{rpw}">
|
|
| 1273 | 1267 |
<input type=hidden name=path value=$form->{path}>
|
| 1274 | 1268 |
<input type=hidden name=rpw value=$form->{rpw}>
|
| 1275 | 1269 |
|
| ... | ... | |
| 1364 | 1358 |
|
| 1365 | 1359 |
<input name=dbupdate type=hidden value="$form->{dbupdate}">
|
| 1366 | 1360 |
|
| 1367 |
<input name=callback type=hidden value="$form->{script}?action=list_users&path=$form->{path}&root=$form->{root}&rpw=$form->{rpw}">
|
|
| 1361 |
<input name=callback type=hidden value="$form->{script}?action=list_users&path=$form->{path}&rpw=$form->{rpw}">
|
|
| 1368 | 1362 |
|
| 1369 |
<input type=hidden name=root value="$form->{root}">
|
|
| 1370 | 1363 |
<input type=hidden name=path value=$form->{path}>
|
| 1371 | 1364 |
<input type=hidden name=rpw value=$form->{rpw}>
|
| 1372 | 1365 |
|
| ... | ... | |
| 1497 | 1490 |
<input type=hidden name=dbpasswd value=$form->{dbpasswd}>
|
| 1498 | 1491 |
<input type=hidden name=dbdefault value=$form->{dbdefault}>
|
| 1499 | 1492 |
|
| 1500 |
<input name=callback type=hidden value="$form->{script}?action=list_users&path=$form->{path}&root=$form->{root}&rpw=$form->{rpw}">
|
|
| 1493 |
<input name=callback type=hidden value="$form->{script}?action=list_users&path=$form->{path}&rpw=$form->{rpw}">
|
|
| 1501 | 1494 |
|
| 1502 |
<input type=hidden name=root value="$form->{root}">
|
|
| 1503 | 1495 |
<input type=hidden name=path value=$form->{path}>
|
| 1504 | 1496 |
<input type=hidden name=rpw value=$form->{rpw}>
|
| 1505 | 1497 |
|
| ... | ... | |
| 1551 | 1543 |
|
| 1552 | 1544 |
. qq| |
| 1553 | 1545 |
|
| 1554 |
<input type=hidden name=root value="$form->{root}">
|
|
| 1555 | 1546 |
<input type=hidden name=path value="$form->{path}">
|
| 1556 | 1547 |
<input type=hidden name=rpw value="$form->{rpw}">
|
| 1557 | 1548 |
|
| ... | ... | |
| 1615 | 1606 |
<input type=hidden name=dbpasswd value=$form->{dbpasswd}>
|
| 1616 | 1607 |
<input type=hidden name=dbdefault value=$form->{dbdefault}>
|
| 1617 | 1608 |
|
| 1618 |
<input name=callback type=hidden value="$form->{script}?action=list_users&path=$form->{path}&root=$form->{root}&rpw=$form->{rpw}">
|
|
| 1609 |
<input name=callback type=hidden value="$form->{script}?action=list_users&path=$form->{path}&rpw=$form->{rpw}">
|
|
| 1619 | 1610 |
|
| 1620 |
<input type=hidden name=root value="$form->{root}">
|
|
| 1621 | 1611 |
<input type=hidden name=path value="$form->{path}">
|
| 1622 | 1612 |
<input type=hidden name=rpw value="$form->{rpw}">
|
| 1623 | 1613 |
|
| ... | ... | |
| 1668 | 1658 |
|
| 1669 | 1659 |
. qq| |
| 1670 | 1660 |
|
| 1671 |
<input type=hidden name=root value="$form->{root}">
|
|
| 1672 | 1661 |
<input type=hidden name=path value="$form->{path}">
|
| 1673 | 1662 |
<input type=hidden name=rpw value="$form->{rpw}">
|
| 1674 | 1663 |
|
| ... | ... | |
| 1690 | 1679 |
unlink "$userspath/nologin"; |
| 1691 | 1680 |
|
| 1692 | 1681 |
$form->{callback} =
|
| 1693 |
"$form->{script}?action=list_users&path=$form->{path}&root=$form->{root}&rpw=$root->{password}";
|
|
| 1682 |
"$form->{script}?action=list_users&path=$form->{path}&rpw=$root->{password}";
|
|
| 1694 | 1683 |
|
| 1695 | 1684 |
$form->redirect($locale->text('Lockfile removed!'));
|
| 1696 | 1685 |
|
| ... | ... | |
| 1703 | 1692 |
close(FH); |
| 1704 | 1693 |
|
| 1705 | 1694 |
$form->{callback} =
|
| 1706 |
"$form->{script}?action=list_users&path=$form->{path}&root=$form->{root}&rpw=$root->{password}";
|
|
| 1695 |
"$form->{script}?action=list_users&path=$form->{path}&rpw=$root->{password}";
|
|
| 1707 | 1696 |
|
| 1708 | 1697 |
$form->redirect($locale->text('Lockfile created!'));
|
| 1709 | 1698 |
|
Auch abrufbar als: Unified diff
Sicherheitsfix fuer die Umgehung der Anmeldung am Admin-Frotend unter Angabe von "action=" ohne Passwort.