Comment 2 by Guillermo Marco, Apr 14, 2011
When user logs into userView and chooses to change password. He gets the message that the password has been changed but indeed password remains the same. So the password doesn't get updated.
Comment 3 by Dennis Pielken, Apr 25, 2011
About your first post: Problem 1: Have you edited the configuration.xml so that it looks like: <language>english</language> Please report back, if yes, I'll look into the problem Problem 2: With the standard config, NO. But you can use a protpd directive to do that: http://www.proftpd.org/docs/howto/CreateHome.html or you can use one of the proftpd administrator hooks. You can specify scripts in the configuration.xml which are run when a user or group is created: <createuser_command>SCRIPT</createuser_command> <creategroup_command>SCRIPT</creategroup_command> About your 1. comment: When a user is created the default quota is applied to the user and can be changed after creation. About your 2. comment: I need to look into this deeper. Are you runnign 1.4.0 Beta? - Dennis
Status: Started
Comment 4 by Guillermo Marco, Apr 25, 2011
I've managed to run proftpadmin with 1.4 beta version :) I'll read the doc about CreateHome thanks man! And yes issue with password is in 1.4.. I never managed to make proftpdamin work with 1.3.
Comment 5 by Dennis Pielken, Apr 25, 2011
Hi, I'll look into the password problem today and report back! What about the language problem? Does it still exist?
Labels: Priority:High, -Priority:Medium
Comment 6 by Guillermo Marco, Apr 25, 2011
Yeah language problem is gone ! If i can make you some suggestion, it would be nice to add another info field for users. Like telephone for e.g. I've tried editing the php code and the database but i don't have enough php knowledge to make it work. It would be nice also to be able to notify via e-mail (using a local or remote smtp server) when a user account quota is gone or when their account has expired. I know its a lot of work but if keep developing this wonderful tool it would be awesome to add this features. :D
Comment 7 by Dennis Pielken, Apr 25, 2011
I am always interested in new ideas! You can open a issue which type is Enhancement for any ideas! I'll really like the idea about the e-mail notification. I'll look into that and add it for 1.4.0, you can describe your idea in depth in an issue ticket (please). This would help me, to keep track of all the new features. Please, add one feature per issue / ticket! And adding additional meta data to an account is easy. So I'll add it, too. About you password change problem. I'll look into that tonight, haven't found the time yet (it's eastern ;)
Comment 8 by Dennis Pielken, Apr 25, 2011
regarding the password change problem: I am sorry, but I could not reproduce the error with the current master tree of proftpd administrator. To make sure that not a minor change (applied to master) has already fixed this issues, can you please replace your current userView/index.php with the following file (but backup the file before replacing it): http://batland.de/subdomains/codes/index.php/p/proftpdadmin/source/tr ee/master/userinterface/index.php You need to change line 11 to 18 to fit your setup (just use the once from the olf index.php file!!) If the error still exists, can you please explain in a step by step guide what you did to produce the error (e.g. you setup the user (is allowed to change is own password?), first login into userView ...) I would really appreciate your help!
Comment 9 by Dennis Pielken, Apr 26, 2011
I'll push a new userview tonight into the public repository which supports localization. The current userView is german only, sorry for the mistake! But have you given it a try already? If so, does it work?
Comment 11 by Dennis Pielken, Apr 26, 2011
Okay, I just uploaded a version of userview which supports localization. To get it to work you also need to replace admininterface/language_* with the new files from the master branch. Additionally, please verify if this bug only occurs when: - your logged into the admin interface - create the account - stay logged in the admin interface - open a new tab in your browser with userview - and log in using the newly created account In that case, does the password change not work?
Comment 12 by Guillermo Marco, Apr 27, 2011
Ok i'll give a shot those days, i'll post you reply as soon as i can.
Comment 13 by Guillermo Marco, May 5, 2011
To get the new meta data field for users i just need to config the new userinterface/index.php ? I don't need to touch nothing in database?
Comment 14 by Dennis Pielken, May 5, 2011
There are currently no additonal meta fields implemented. The changes to the userview are: - support for localization. You can include the language file in line 18. - fixes: user can't change his / her password To get this userview to work you only need to: - replace your current userView/index.php with the following file (but backup the file before replacing it): http://batland.de/subdomains/codes/index.php/p/proftpdadmin/source/tr ee/master/userinterface/index.php - change line 11 to 18 to fit your setup (just use the once from the olf index.php file!!) It would be kind of oyu if you could test the new userview.php - Dennis
Comment 16 by Thomas Barth, Aug 3, 2011
Hello everbody! First of all sorry for my bad english :) I have the same problem with the user-managment. When i create a new user with quota and login per userView/index.php i have to change the password of the user. But the user-password wasn´t changed... The password is the old password.... And i found another bug. I made the choise that the user can´t change his password. But the user can change the password via userView/index.php. I use the 1.4.0 Beta form the web-site and made a update from the index.php and the language-files from the master-tree. But nothing changes.... I add a ZIP-File with screenshots. At the screenshot after_pw_change you can see that the user has the button "change password", but the user is not allow to change it by hisself (screenshot: user_details.png). At least is have to say: great work! I got some problem install the interface. Perl-modules installation was some kind of tricky :) I fixed that problems after serveral hours ^^
Comment 17 by Thomas Barth, Aug 3, 2011
Me again :) I forgot to add the screenshots.....
- screenshots.zip - 222.78 kB
Comment 19 by Dennis Pielken, Aug 9, 2011
Hi Thomas, I am still working on it in my free time. Cause some other stuff dominated my life, I'll lost a little bit track on this project especially cause I am planning a complete rewrite. But concerning your reported defect: Does it always happen? Cause I could only randomly reproduce this defect. I am currently setting up a new development box so that I' do a fresh install tomorrow and look into this. Could you please provider your PHP and OS version! - Dennis
Comment 20 by Thomas Barth, Aug 10, 2011
Hi Dennis! Thx for your reply. Ok... no stress ;) When are you planing to rewrite or relaunch the project? If you need some help i can try to find the bug. Because i´m doing also php and mysql in an project. But when you are planing a relaunch in the near future it is not nessecary to fix that bug ;) If it is useful i can send you per e-mail the web-adresse and login-information to my ProFTPdAdmin. I use the following software: PHP: 5.3.2-1ubuntu4.9 MySQL: 5.1.41-3ubuntu12.10 OS: Ubuntu 10.04 LTS - Thomas
Comment 21 by Dennis Pielken, Aug 10, 2011
Hi, I finally fixed the damn bug. It was kind of a stupid thing, cause it didn't happen on my old development box which had a different configuration. So how do you fix it? Replace the fowlling files with the new verion from the source tree: userinterface/index.php admininterface/language_english.php admininterface/language_german.php Now edit userinterface/index.php 12-18 to fit your configuration but notice that you've to add the password of the mysql user "proftpd" which is in your conifguration.xml !!! It will/should work now. Please(!) report if the bug was fixed! Basically it was only a permission error. Thanks for all the error reportin! Dennis
Status: Fixed
Owner: dennis
Owner: dennis
Comment 22 by Thomas Barth, Aug 10, 2011
Hi Dennis! Ok with that configuration the problem is solved. But there is a BIG security-problem in that solution! The user "proftpd" has full access to the tables for the proftpd. And the password for that user is now avaiable for everyone. When i make "wget http://www.example.com/userView/index.php" i download the index.php from the server and so i get the readable password for the user proftpd! It should be made like in the index.php from the admininterface. There is a file "include_prepare.php" and "include_rootpath.php" so the password can be read out of the configuration.xml-file. So the issue is fixed, but is opens a BIG security-hole. Regards Thomas
Comment 23 by Dennis Pielken, Aug 10, 2011
Hi Thomas, normally the index.php of userView should not be downloadable as a txt file. Normally the php interpret should execute the script and only the output should be send to the client. Is your webserver mis-configured? Reagrding the security problem that the userview script has full access to the auth table: In Version 1.3 the userview db-user had select right on the full usertable so that in case of an sql injection an attacker may be able to dump the usertable. Your solution may be perfect, but then I need to add the configuration parsing stuff into the userview module. I need to think about that. - Dennis
Comment 24 by Thomas Barth, Aug 11, 2011
Hi Dennsi, your right! When i try to download the index.php with "wget" i only get the html-code not the source-code of the php-file. Sorry... my fault. I thought it is possible to download the source-code from the php-file. So this solution is ok. Regards Thomas PS.: Why didn´t you add the parsing stuff into the userview?
Comment 25 by Dennis Pielken, Aug 12, 2011
Hi Thomas, I wanted to keep the userview as small as possible. On my setups the admininterface is not accessible for everyone whereas userview is. So a security bug in userview is much more critical for me than in admininterface. That's why I didn't add it. Dennis
Status: Verified
Comment 26 by Dennis Pielken, Aug 14, 2011
@ Thomas: Regarding the rewrite of proftpd administrator, I've written a blog post here ( http://batland.de/subdomains/nucleus/Batland.php?itemid=209). I'll would be glad to get get som esupport ;) I am currently fixing the last bugs and adding some features before the RC of 1.4 is going to be published. After that I'll start to work on 2.0 which's design is already finished! - Dennis
Sign in to reply to this comment.
Reported by Guillermo Marco, Apr 14, 2011