diff options
author | Horst Knorr <gpgmailencrypt@gmx.de> | 2018-01-28 16:25:04 +0300 |
---|---|---|
committer | Horst Knorr <gpgmailencrypt@gmx.de> | 2018-01-28 16:25:04 +0300 |
commit | 2e1179e035acfbfc91c559d0964380752c8daee4 (patch) | |
tree | 7e7c26fa1a4fe600e071f7d141d7772a60cbf41e /templates | |
parent | 2797f4ba14a4e6792d658f90f479a36ba8978759 (diff) |
added:
* Nextcloud 12 & 13 support
* added SALT support for password algorithms "system" and "password_hash"
* added security fix for password length sniffing attacks
* moved files to be more on the standard places
* renamed some files to be more standard like
* source code changes to be more standard like (max 80 characters)
Diffstat (limited to 'templates')
-rw-r--r-- | templates/admin.php (renamed from templates/settings.php) | 69 |
1 files changed, 36 insertions, 33 deletions
diff --git a/templates/settings.php b/templates/admin.php index 7fbdba9..4d3b941 100644 --- a/templates/settings.php +++ b/templates/admin.php @@ -1,5 +1,7 @@ -<?php $ocVersion = $_['ocVersion']; -$cfgClass = $ocVersion >= 7 ? 'section' : 'personalblock'; +<?php +script('user_sql', 'settings'); +style('user_sql', 'settings'); +$cfgClass = 'section'; ?> <div class="<?php p($cfgClass); ?>"> @@ -28,7 +30,7 @@ $cfgClass = $ocVersion >= 7 ? 'section' : 'personalblock'; <p><label for="sql_driver"><?php p($l -> t('SQL Driver')); ?></label> <?php $db_driver = array('mysql' => 'MySQL', 'pgsql' => 'PostgreSQL'); ?> <select id="sql_driver" name="sql_driver"> - <?php + <?php foreach ($db_driver as $driver => $name): //echo $_['sql_driver']; if($_['sql_driver'] === $driver): ?> @@ -42,35 +44,36 @@ $cfgClass = $ocVersion >= 7 ? 'section' : 'personalblock'; </p> <p><label for="sql_hostname"><?php p($l -> t('Host')); ?></label><input type="text" id="sql_hostname" name="sql_hostname" value="<?php p($_['sql_hostname']); ?>"></p> - - <p><label for="sql_username"><?php p($l -> t('Username')); ?></label><input type="text" id="sql_username" name="sql_username" value="<?php p($_['sql_username']); ?>" /></p> - + <p><label for="sql_database"><?php p($l -> t('Database')); ?></label><input type="text" id="sql_database" name="sql_database" value="<?php p($_['sql_database']); ?>" /></p> - + + <p><label for="sql_username"><?php p($l -> t('Username')); ?></label><input type="text" id="sql_username" name="sql_username" value="<?php p($_['sql_username']); ?>" /></p> + <p><label for="sql_password"><?php p($l -> t('Password')); ?></label><input type="password" id="sql_password" name="sql_password" value="<?php p($_['sql_password']); ?>" /></p> - + <p><input type="submit" id="sqlVerify" value="<?php p($l -> t('Verify Settings')); ?>"></p> - + </fieldset> <fieldset id="sql-2"> <p><label for="sql_table"><?php p($l -> t('Table')); ?></label><input type="text" id="sql_table" name="sql_table" value="<?php p($_['sql_table']); ?>" /></p> - + <p><label for="col_username"><?php p($l -> t('Username Column')); ?></label><input type="text" id="col_username" name="col_username" value="<?php p($_['col_username']); ?>" /></p> - + <p><label for="col_password"><?php p($l -> t('Password Column')); ?></label><input type="text" id="col_password" name="col_password" value="<?php p($_['col_password']); ?>" /></p> - + <p><label for="set_allow_pwchange"><?php p($l -> t('Allow password changing (read README!)')); ?></label><input type="checkbox" id="set_allow_pwchange" name="set_allow_pwchange" value="1"<?php if($_['set_allow_pwchange']) p(' checked'); ?>><br> - <em><?php p($l -> t('Allow changing passwords. Imposes a security risk as password salts are not recreated')); ?></em></p> - + <em><?php p($l -> t('Allow changing passwords. Imposes a security risk if password salts are not recreated.')); ?></em></p> + <em><?php p($l -> t('Only the encryption types "System","password_hash" and "Joomla2" are safe.')); ?></em></p> + <p><label for="col_displayname"><?php p($l -> t('Real Name Column')); ?></label><input type="text" id="col_displayname" name="col_displayname" value="<?php p($_['col_displayname']); ?>" /></p> - + <p><label for="set_crypt_type"><?php p($l -> t('Encryption Type')); ?></label> - <?php $crypt_types = array('md5' => 'MD5', 'md5crypt' => 'MD5 Crypt', 'cleartext' => 'Cleartext', 'mysql_encrypt' => 'mySQL ENCRYPT()', 'system' => 'System (crypt)', 'mysql_password' => 'mySQL PASSWORD()', 'joomla' => 'Joomla MD5 Encryption', 'joomla2' => 'Joomla > 2.5.18 phpass', 'ssha256' => 'Salted SSHA256', 'redmine' => 'Redmine', 'sha1' => 'SHA1'); ?> + <?php $crypt_types = array('md5' => 'MD5', 'md5crypt' => 'MD5 Crypt', 'cleartext' => 'Cleartext', 'mysql_encrypt' => 'mySQL ENCRYPT()', 'system' => 'System (crypt)', 'password_hash' => 'password_hash','mysql_password' => 'mySQL PASSWORD()', 'joomla' => 'Joomla MD5 Encryption', 'joomla2' => 'Joomla > 2.5.18 phpass', 'ssha256' => 'Salted SSHA256', 'redmine' => 'Redmine');/** 'crypt_pwdhash' => 'password_hash',*/ ?> <select id="set_crypt_type" name="set_crypt_type"> - <?php + <?php foreach ($crypt_types as $driver => $name): //echo $_['set_crypt_type']; if($_['set_crypt_type'] === $driver): ?> @@ -82,9 +85,9 @@ $cfgClass = $ocVersion >= 7 ? 'section' : 'personalblock'; ?> </select> </p> - + <p><label for="col_active"><?php p($l -> t('User Active Column')); ?></label><input type="text" id="col_active" name="col_active" value="<?php p($_['col_active']); ?>" /></p> - + <p><label for="set_active_invert"><?php p($l -> t('Invert Active Value')); ?></label><input type="checkbox" id="set_active_invert" name="set_active_invert" value="1"<?php if($_['set_active_invert']) p(' checked'); @@ -92,11 +95,11 @@ $cfgClass = $ocVersion >= 7 ? 'section' : 'personalblock'; <em><?php p($l -> t("Invert the logic of the active column (for blocked users in the SQL DB)")); ?></em></p> </fieldset> - + <fieldset id="sql-3"> - + <p><label for="col_email"><?php p($l -> t('E-Mail Column')); ?></label><input type="text" id="col_email" name="col_email" value="<?php p($_['col_email']); ?>" /></p> - + <p><label for="set_mail_sync_mode"><?php p($l -> t('E-Mail address sync mode')); ?></label> <?php $mail_modes = array('none' => 'No Synchronisation', 'initial' => 'Synchronise only once', 'forceoc' => 'ownCloud always wins', 'forcesql' => 'SQL always wins'); ?> <select id="set_mail_sync_mode" name="set_mail_sync_mode"> @@ -112,29 +115,29 @@ $cfgClass = $ocVersion >= 7 ? 'section' : 'personalblock'; ?> </select> </p> - + </fieldset> - + <fieldset id="sql-4"> - + <p><label for="set_default_domain"><?php p($l -> t('Append Default Domain')); ?></label><input type="text" id="set_default_domain", name="set_default_domain" value="<?php p($_['set_default_domain']); ?>" /><br> <em><?php p($l -> t('Append this string, e.g. a domain name, to each user name. The @-sign is automatically inserted.')); ?></em> </p> - + <p><label for="set_strip_domain"><?php p($l -> t('Strip Domain Part from Username')); ?></label><input type="checkbox" id="set_strip_domain" name="set_strip_domain" value="1"<?php if($_['set_strip_domain']) p(' checked'); ?> /><br> - <em><?php p($l -> t("Strip Domain Part including @-sign from Username when logging in and retrieving username lists")); ?></em></p> - + <em><?php p($l -> t("Strip Domain Part including @-sign from Username when logging in and retrieving username lists")); ?></em></p> + </fieldset> - + <fieldset id="sql-5"> <p><label for="set_enable_gethome"><?php p($l -> t('Enable support for getHome()')); ?></label><input type="checkbox" id="set_enable_gethome", name="set_enable_gethome" value="1" <?php if($_['set_enable_gethome']) p(' checked'); ?>/></p> - + <p><label for="set_gethome_mode"><?php p($l -> t('Method for getHome')); ?></label> <?php $gethome_modes = array('query' => 'SQL Column', 'static' => 'Static (with Variables)'); ?> <select id="set_gethome_mode" name="set_gethome_mode"> @@ -150,12 +153,12 @@ $cfgClass = $ocVersion >= 7 ? 'section' : 'personalblock'; ?> </select> </p> - + <p><label for="col_gethome"><?php p($l -> t('Home Column')); ?></label><input type="text" id="col_gethome" name="col_gethome" value="<?php p($_['col_gethome']); ?>"></p> - + <p><label for="set_gethome"><?php p($l -> t('Home Dir')); ?></label><input type="text" id="set_gethome" name="set_gethome" value="<?php p($_['set_gethome']); ?>"><br> <em><?php p($l -> t('You can use the placeholders %%u to specify the user ID (before appending the default domain), %%ud to specify the user ID (after appending the default domain) and %%d to specify the default domain')); ?></em></p> - + </fieldset> <fieldset id="sql-6"> |