From 6ec95525bbbfc0dfac4bc72f2d64ebd7edf00862 Mon Sep 17 00:00:00 2001 From: Christian Beer Date: Mon, 16 Mar 2015 00:48:16 +0100 Subject: [PATCH] Bugfixing of Release 2.1 - fixed bug that prevented creation of new users with the MySQL backend - deleted redundant README file - fixed config_example to use mysql by default - fixed footer information --- CHANGELOG | 2 + README | 131 ------------------------------------- README.md | 13 ++-- configs/config_example.php | 10 +-- includes/AdminClass.php | 11 ++-- includes/footer.php | 2 +- 6 files changed, 22 insertions(+), 147 deletions(-) delete mode 100644 README diff --git a/CHANGELOG b/CHANGELOG index ad83f98..7fc1653 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -18,6 +18,8 @@ Changes: * separation of editing and removal in different php files * fixed several bugs in the data model, e.g., updating a group's gid also updates the gids of the users +* support for sqlite3 database +* support for pbkdf2 hash algorithm Release: 2.0 Changes: diff --git a/README b/README deleted file mode 100644 index 57807fa..0000000 --- a/README +++ /dev/null @@ -1,131 +0,0 @@ -/** - * ProFTPd Admin - Readme - * - * Graphical User Interface for ProFTPd with MySQL support - * - * @license http://www.gnu.org/licenses/gpl-2.0.txt GNU General Public License v2 - * - * @copyright Ricardo Padilha - * @copyright Christian Beer - * @copyright Lex Brugman - */ - -This program is free software; you can redistribute it and/or modify -it under the terms of the GNU General Public License version 2, -as published by the Free Software Foundation. - -This program is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -GNU General Public License for more details. - -You should have received a copy of the GNU General Public License -along with this program; if not, download from http://www.gnu.org/licenses/gpl-2.0.txt - -Upgrade -------- -As the software has undergone a complete rewrite of the config file you -should not overwrite your old config.php and compare and change values manually. - -Installation ------------- - -# Using MySQL and SHA1: - -1. Install ProFTPd with MySQL support - - Debian: apt-get install proftpd-mysql - - Gentoo: USE="mysql" emerge proftpd - -2. Create a MySQL database (use something like phpMyAdmin for this), for example: "proftpd". - -3. Use tables.sql to populate the database (you can use phpMyAdmin for this). - -4. Add the following to your proftpd.conf (edit to your needs): - - AuthOrder mod_sql.c - SQLBackend mysql - SQLEngine on - SQLPasswordEngine on - SQLAuthenticate on - SQLAuthTypes SHA1 - - SQLConnectInfo database@localhost username password - SQLUserInfo users userid passwd uid gid homedir shell - SQLGroupInfo groups groupname gid members - SQLUserWhereClause "disabled != 1" - SQLLog PASS updatecount - SQLNamedQuery updatecount UPDATE "login_count=login_count+1, last_login=datetime() WHERE userid='%u'" users - - # Used to track xfer traffic per user (without invoking a quota) - SQLLog RETR bytes-out-count - SQLNamedQuery bytes-out-count UPDATE "bytes_out_used=bytes_out_used+%b WHERE userid='%u'" users - SQLLog RETR files-out-count - SQLNamedQuery files-out-count UPDATE "files_out_used=files_out_used+1 WHERE userid='%u'" users - - SQLLog STOR bytes-in-count - SQLNamedQuery bytes-in-count UPDATE "bytes_in_used=bytes_in_used+%b WHERE userid='%u'" users - SQLLog STOR files-in-count - SQLNamedQuery files-in-count UPDATE "files_in_used=files_in_used+1 WHERE userid='%u'" users - -5. Extract all files to your webspace (into a subdirectory like "proftpdadmin"). - -6. Secure access to this directory (for example: create a .htaccess file if using apache) - -7. Edit the configs/config_example.php file to your needs and rename it to config.php. - -8. Start ProFTPd. - -9. Go to http://yourwebspace/proftpdadmin/ and start using it! - -# Using sqlite3 and pbkdf2: - -1. Install ProFTPd with sqlite3 support - -2. Use tables-sqlite3.sql to create an sqlite3 database: - $ sqlite3 auth.sqlite3 < tables-sqlite3.sql - -3. Add the following to your proftpd.conf (edit to your needs): - - AuthOrder mod_sql.c - SQLBackend sqlite3 - SQLEngine on - SQLPasswordEngine on - SQLAuthenticate on - SQLAuthTypes pbkdf2 - SQLPasswordPBKDF2 sha1 5000 20 - SQLPasswordUserSalt name Prepend - SQLPasswordEncoding hex - - SQLConnectInfo /path/to/auth.sqlite3 - SQLUserInfo users userid passwd uid gid homedir shell - SQLGroupInfo groups groupname gid members - SQLUserWhereClause "disabled != 1" - SQLLog PASS updatecount - SQLNamedQuery updatecount UPDATE "login_count=login_count+1, last_login=datetime() WHERE userid='%u'" users - - # Used to track xfer traffic per user (without invoking a quota) - SQLLog RETR bytes-out-count - SQLNamedQuery bytes-out-count UPDATE "bytes_out_used=bytes_out_used+%b WHERE userid='%u'" users - SQLLog RETR files-out-count - SQLNamedQuery files-out-count UPDATE "files_out_used=files_out_used+1 WHERE userid='%u'" users - - SQLLog STOR bytes-in-count - SQLNamedQuery bytes-in-count UPDATE "bytes_in_used=bytes_in_used+%b WHERE userid='%u'" users - SQLLog STOR files-in-count - SQLNamedQuery files-in-count UPDATE "files_in_used=files_in_used+1 WHERE userid='%u'" users - -5. Extract all files to your webspace (into a subdirectory like "proftpdadmin"). - -6. Secure access to this directory (for example: create a .htaccess file if using apache) - -7. Edit the configs/config_example.php file to your needs and rename it to config.php. - -8. Start ProFTPd. - -9. Go to http://yourwebspace/proftpdadmin/ and start using it! - -Thanks / Links --------------- - -Lex Brugman for initiating this project -Justin Vincent for the ezSQL library \ No newline at end of file diff --git a/README.md b/README.md index 7588f1b..11fa6cf 100644 --- a/README.md +++ b/README.md @@ -2,8 +2,8 @@ Graphical User Interface for ProFTPd with MySQL and sqlite3 support -© 2004 The Netherlands, Lex Brugman -© 2012 Christian Beer +© 2004 The Netherlands, Lex Brugman +© 2012 Christian Beer © 2015 Ricardo Padilha Published under the GPLv2 License (see LICENSE for details) @@ -26,7 +26,7 @@ This GUI for ProFTPd was written to support a basic user management feature when There is no build-in security, so you have to protect the directory with something else, like Apache Basic Authentication. -This software will be rewritten over time and will be object-oriented and equipped with unit tests at the end. +It's possible to use either of SHA1 and pbkdf2 with either of MySQL/MariaDB and sqlite3. pbkdf2 is supported since ProFTPd 1.3.5. ## To-Do @@ -34,7 +34,7 @@ A lot ;) so help is very much appreciated ## Upgrade -As the software has undergone a complete rewrite of the config file you should not overwrite your old config.php and compare and change values manually. +As the software has undergone a complete rewrite of the config file you should not overwrite your old config.php and compare and change values manually. If you want to upgrade the hashing algorithm you have to change all passwords after changing the configs (both ProFTPd and ProFTPd Admin). ## Installation @@ -125,5 +125,6 @@ SQLNamedQuery files-in-count UPDATE "files_in_used=files_in_used+1 WHE ## Thanks / Links -Lex Brugman for initiating this project -Justin Vincent for the ezSQL library \ No newline at end of file +Lex Brugman for initiating this project +Justin Vincent for the ezSQL library +Ricardo Padilha for implementing sqlite3, pbkdf2 and bootstrap support diff --git a/configs/config_example.php b/configs/config_example.php index e4dd5b5..182a7a1 100644 --- a/configs/config_example.php +++ b/configs/config_example.php @@ -43,7 +43,7 @@ $cfg['default_homedir'] = "/srv/ftp"; // Use either SHA1 or MD5 or any other supported by your MySQL-Server and ProFTPd // "pbkdf2" is supported if you are using ProFTPd 1.3.5. -$cfg['passwd_encryption'] = "SHA1"; +$cfg['passwd_encryption'] = "SHA1"; $cfg['min_passwd_length'] = "6"; $cfg['max_userid_length'] = "20"; $cfg['max_groupname_length'] = "20"; @@ -62,7 +62,7 @@ $cfg['db_pass'] = "password"; // use this block for an sqlite3 backend -$cfg['db_type'] = "sqlite3"; -$cfg['db_path'] = "configs/"; -$cfg['db_name'] = "auth.sqlite3"; -?> \ No newline at end of file +//$cfg['db_type'] = "sqlite3"; +//$cfg['db_path'] = "configs/"; +//$cfg['db_name'] = "auth.sqlite3"; +?> diff --git a/includes/AdminClass.php b/includes/AdminClass.php index ac31493..2bd4efe 100644 --- a/includes/AdminClass.php +++ b/includes/AdminClass.php @@ -288,10 +288,11 @@ function add_user($userdata) { $passwd_encryption = $this->config['passwd_encryption']; if ($passwd_encryption == 'pbkdf2') { $passwd = hash_pbkdf2("sha1", $userdata[$field_passwd], $userdata[$field_userid], 5000, 40); + $passwd = '"'.$passwd.'"'; } else { $passwd = $passwd_encryption.'("'.$userdata[$field_passwd].'")'; } - $format = 'INSERT INTO %s (%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s) VALUES ("%s","%s","%s","%s","%s","%s","%s","%s","%s","%s","%s","%s","%s")'; + $format = 'INSERT INTO %s (%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s) VALUES ("%s","%s","%s",%s,"%s","%s","%s","%s","%s","%s","%s","%s","%s")'; $query = sprintf($format, $this->config['table_users'], $field_userid, $field_uid, @@ -557,11 +558,13 @@ function update_user($userdata) { $passwd_query = ''; if (strlen($userdata[$field_passwd]) > 0) { - $passwd_format = ' %s="%s", '; + $passwd_format = ''; if ($passwd_encryption == 'pbkdf2') { $passwd = hash_pbkdf2("sha1", $userdata[$field_passwd], $userdata[$field_userid], 5000, 40); + $passwd_format = ' %s="%s", '; } else { $passwd = $passwd_encryption.'("'.$userdata[$field_passwd].'")'; + $passwd_format = ' %s=%s, '; } $passwd_query = sprintf($passwd_format, $field_passwd, $passwd); } @@ -615,7 +618,7 @@ function generate_random_string($length = 6) { } /** - * check the validity of the id + * check the validity of the id * @param Integer $id * @return Boolean true if the given id is a positive integer */ @@ -623,4 +626,4 @@ function is_valid_id($id) { return is_numeric($id) && (int)$id > 0 && $id == round($id); } } -?> \ No newline at end of file +?> diff --git a/includes/footer.php b/includes/footer.php index aa033b4..1ae9fd6 100644 --- a/includes/footer.php +++ b/includes/footer.php @@ -2,7 +2,7 @@