added:

* Nextcloud 12 & 13 support * added SALT support for password algorithms "system" and "password_hash" * added security fix for password length sniffing attacks * moved files to be more on the standard places * renamed some files to be more standard like * source code changes to be more standard like (max 80 characters)
author: Horst Knorr <gpgmailencrypt@gmx.de> 2018-01-28 16:25:04 +0300
committer: Horst Knorr <gpgmailencrypt@gmx.de> 2018-01-28 16:25:04 +0300
commit: 2e1179e035acfbfc91c559d0964380752c8daee4 (patch)
tree: 7e7c26fa1a4fe600e071f7d141d7772a60cbf41e /templates
parent: 2797f4ba14a4e6792d658f90f479a36ba8978759 (diff)
1 files changed, 36 insertions, 33 deletions
diff --git a/templates/settings.php b/templates/admin.php
index 7fbdba9..4d3b941 100644
--- a/templates/settings.php
+++ b/templates/admin.php
@@ -1,5 +1,7 @@
-<?php $ocVersion = $_['ocVersion'];
-$cfgClass = $ocVersion >= 7 ? 'section' : 'personalblock';
+<?php
+script('user_sql', 'settings');
+style('user_sql', 'settings');
+$cfgClass =  'section';
 ?>
 
 <div class="<?php p($cfgClass); ?>">
@@ -28,7 +30,7 @@ $cfgClass = $ocVersion >= 7 ? 'section' : 'personalblock';
            <p><label for="sql_driver"><?php p($l -> t('SQL Driver')); ?></label>
                 <?php $db_driver = array('mysql' => 'MySQL', 'pgsql' => 'PostgreSQL'); ?>
                 <select id="sql_driver" name="sql_driver">
-                    <?php 
+                    <?php
                         foreach ($db_driver as $driver => $name):
                             //echo $_['sql_driver'];
                             if($_['sql_driver'] === $driver): ?>
@@ -42,35 +44,36 @@ $cfgClass = $ocVersion >= 7 ? 'section' : 'personalblock';
             </p>
 
             <p><label for="sql_hostname"><?php p($l -> t('Host')); ?></label><input type="text" id="sql_hostname" name="sql_hostname" value="<?php p($_['sql_hostname']); ?>"></p>
-            
-            <p><label for="sql_username"><?php p($l -> t('Username')); ?></label><input type="text" id="sql_username" name="sql_username" value="<?php p($_['sql_username']); ?>" /></p>
-            
+
             <p><label for="sql_database"><?php p($l -> t('Database')); ?></label><input type="text" id="sql_database" name="sql_database" value="<?php p($_['sql_database']); ?>" /></p>
-            
+
+            <p><label for="sql_username"><?php p($l -> t('Username')); ?></label><input type="text" id="sql_username" name="sql_username" value="<?php p($_['sql_username']); ?>" /></p>
+
             <p><label for="sql_password"><?php p($l -> t('Password')); ?></label><input type="password" id="sql_password" name="sql_password" value="<?php p($_['sql_password']); ?>" /></p>
-            
+
             <p><input type="submit" id="sqlVerify" value="<?php p($l -> t('Verify Settings')); ?>"></p>
-            
+
         </fieldset>
         <fieldset id="sql-2">
             <p><label for="sql_table"><?php p($l -> t('Table')); ?></label><input type="text" id="sql_table" name="sql_table" value="<?php p($_['sql_table']); ?>" /></p>
-            
+
             <p><label for="col_username"><?php p($l -> t('Username Column')); ?></label><input type="text" id="col_username" name="col_username" value="<?php p($_['col_username']); ?>" /></p>
-            
+
             <p><label for="col_password"><?php p($l -> t('Password Column')); ?></label><input type="text" id="col_password" name="col_password" value="<?php p($_['col_password']); ?>" /></p>
-            
+
             <p><label for="set_allow_pwchange"><?php p($l -> t('Allow password changing (read README!)')); ?></label><input type="checkbox" id="set_allow_pwchange" name="set_allow_pwchange" value="1"<?php
             if($_['set_allow_pwchange'])
                 p(' checked');
  ?>><br>
- <em><?php p($l -> t('Allow changing passwords. Imposes a security risk as password salts are not recreated')); ?></em></p>
- 
+ <em><?php p($l -> t('Allow changing passwords. Imposes a security risk if password salts are not recreated.')); ?></em></p>
+ <em><?php p($l -> t('Only the encryption types "System","password_hash" and "Joomla2" are safe.')); ?></em></p>
+
             <p><label for="col_displayname"><?php p($l -> t('Real Name Column')); ?></label><input type="text" id="col_displayname" name="col_displayname" value="<?php p($_['col_displayname']); ?>" /></p>
-            
+
             <p><label for="set_crypt_type"><?php p($l -> t('Encryption Type')); ?></label>
-                <?php $crypt_types = array('md5' => 'MD5', 'md5crypt' => 'MD5 Crypt', 'cleartext' => 'Cleartext', 'mysql_encrypt' => 'mySQL ENCRYPT()', 'system' => 'System (crypt)', 'mysql_password' => 'mySQL PASSWORD()', 'joomla' => 'Joomla MD5 Encryption', 'joomla2' => 'Joomla > 2.5.18 phpass', 'ssha256' => 'Salted SSHA256', 'redmine' => 'Redmine', 'sha1' => 'SHA1'); ?>
+                <?php $crypt_types = array('md5' => 'MD5', 'md5crypt' => 'MD5 Crypt', 'cleartext' => 'Cleartext', 'mysql_encrypt' => 'mySQL ENCRYPT()', 'system' => 'System (crypt)', 'password_hash' => 'password_hash','mysql_password' => 'mySQL PASSWORD()', 'joomla' => 'Joomla MD5 Encryption', 'joomla2' => 'Joomla > 2.5.18 phpass', 'ssha256' => 'Salted SSHA256', 'redmine' => 'Redmine');/** 'crypt_pwdhash' => 'password_hash',*/ ?>
                 <select id="set_crypt_type" name="set_crypt_type">
-                    <?php 
+                    <?php
                         foreach ($crypt_types as $driver => $name):
                             //echo $_['set_crypt_type'];
                             if($_['set_crypt_type'] === $driver): ?>
@@ -82,9 +85,9 @@ $cfgClass = $ocVersion >= 7 ? 'section' : 'personalblock';
                     ?>
                 </select>
             </p>
-            
+
             <p><label for="col_active"><?php p($l -> t('User Active Column')); ?></label><input type="text" id="col_active" name="col_active" value="<?php p($_['col_active']); ?>" /></p>
-            
+
             <p><label for="set_active_invert"><?php p($l -> t('Invert Active Value')); ?></label><input type="checkbox" id="set_active_invert" name="set_active_invert" value="1"<?php
             if($_['set_active_invert'])
                 p(' checked');
@@ -92,11 +95,11 @@ $cfgClass = $ocVersion >= 7 ? 'section' : 'personalblock';
             <em><?php p($l -> t("Invert the logic of the active column (for blocked users in the SQL DB)")); ?></em></p>
 
         </fieldset>
-        
+
         <fieldset id="sql-3">
-            
+
            <p><label for="col_email"><?php p($l -> t('E-Mail Column')); ?></label><input type="text" id="col_email" name="col_email" value="<?php p($_['col_email']); ?>" /></p>
-            
+
             <p><label for="set_mail_sync_mode"><?php p($l -> t('E-Mail address sync mode')); ?></label>
                 <?php $mail_modes = array('none' => 'No Synchronisation', 'initial' => 'Synchronise only once', 'forceoc' => 'ownCloud always wins', 'forcesql' => 'SQL always wins'); ?>
                 <select id="set_mail_sync_mode" name="set_mail_sync_mode">
@@ -112,29 +115,29 @@ $cfgClass = $ocVersion >= 7 ? 'section' : 'personalblock';
                     ?>
                 </select>
             </p>
-            
+
         </fieldset>
-        
+
         <fieldset id="sql-4">
-            
+
             <p><label for="set_default_domain"><?php p($l -> t('Append Default Domain')); ?></label><input type="text" id="set_default_domain", name="set_default_domain" value="<?php p($_['set_default_domain']); ?>" /><br>
                 <em><?php p($l -> t('Append this string, e.g. a domain name, to each user name. The @-sign is automatically inserted.')); ?></em>
             </p>
-            
+
             <p><label for="set_strip_domain"><?php p($l -> t('Strip Domain Part from Username')); ?></label><input type="checkbox" id="set_strip_domain" name="set_strip_domain" value="1"<?php
             if($_['set_strip_domain'])
                 p(' checked');
             ?> /><br>
-            <em><?php p($l -> t("Strip Domain Part including @-sign from Username when logging in and retrieving username lists")); ?></em></p> 
-            
+            <em><?php p($l -> t("Strip Domain Part including @-sign from Username when logging in and retrieving username lists")); ?></em></p>
+
         </fieldset>
-        
+
         <fieldset id="sql-5">
            <p><label for="set_enable_gethome"><?php p($l -> t('Enable support for getHome()')); ?></label><input type="checkbox" id="set_enable_gethome", name="set_enable_gethome" value="1" <?php
             if($_['set_enable_gethome'])
                 p(' checked');
             ?>/></p>
-            
+
             <p><label for="set_gethome_mode"><?php p($l -> t('Method for getHome')); ?></label>
                 <?php $gethome_modes = array('query' => 'SQL Column', 'static' => 'Static (with Variables)'); ?>
                 <select id="set_gethome_mode" name="set_gethome_mode">
@@ -150,12 +153,12 @@ $cfgClass = $ocVersion >= 7 ? 'section' : 'personalblock';
                     ?>
                 </select>
             </p>
-            
+
             <p><label for="col_gethome"><?php p($l -> t('Home Column')); ?></label><input type="text" id="col_gethome" name="col_gethome" value="<?php p($_['col_gethome']); ?>"></p>
-            
+
             <p><label for="set_gethome"><?php p($l -> t('Home Dir')); ?></label><input type="text" id="set_gethome" name="set_gethome" value="<?php p($_['set_gethome']); ?>"><br>
             <em><?php p($l -> t('You can use the placeholders %%u to specify the user ID (before appending the default domain), %%ud to specify the user ID (after appending the default domain) and %%d to specify the default domain')); ?></em></p>
-            
+
         </fieldset>
 
         <fieldset id="sql-6">
author	Horst Knorr <gpgmailencrypt@gmx.de>	2018-01-28 16:25:04 +0300
committer	Horst Knorr <gpgmailencrypt@gmx.de>	2018-01-28 16:25:04 +0300
commit	2e1179e035acfbfc91c559d0964380752c8daee4 (patch)
tree	7e7c26fa1a4fe600e071f7d141d7772a60cbf41e /templates
parent	2797f4ba14a4e6792d658f90f479a36ba8978759 (diff)