Commit fb9dad6b authored by Ted Trask's avatar Ted Trask

Added validation for group creation

parent 5d25b383
......@@ -322,6 +322,20 @@ local delete_user = function(username)
return true
end
local validateentry = function(entry)
local success = true
-- Validate the settings
if entry.value["vm-password"] and not string.match(entry.value["vm-password"].value, "^%d%d%d+$") then
success = false
entry.value["vm-password"].errtxt = "Passwords must be all numbers and at least three digits"
end
if entry.value["vm-password"] and entry.value["vm-password-confirm"] and entry.value["vm-password"].value ~= entry.value["vm-password-confirm"].value then
success = false
entry.value["vm-password-confirm"].errtxt = "Password does not match"
end
return success
end
-- ################################################################################
-- PUBLIC FUNCTIONS
......@@ -707,32 +721,54 @@ mymodule.set_bunchsettings = function (self, bunchdata)
local sql = "BEGIN TRANSACTION"
vmaildb.runsqlcommand(sql)
for line in string.gmatch(bunchdata.value.bunch.value, "[^\n]+") do
local username, firstname, lastname, password = string.match(line, "(%w+):(%w+):(%w+):(%w+)")
if username then
sql = "INSERT INTO voicemail_users VALUES(null, '"..vmaildb.escape(username).."')"
vmaildb.runsqlcommand(sql)
sql = "SELECT uid FROM voicemail_users where username ='"..vmaildb.escape(username).."'";
uid = vmaildb.getselectresponse(sql)
sql = "INSERT INTO voicemail_values VALUES('"..uid[1].uid.."', '2', '"..vmaildb.escape(tostring(firstname)).."')"
vmaildb.runsqlcommand(sql)
sql = "INSERT INTO voicemail_values VALUES('"..uid[1].uid.."', '3', '"..vmaildb.escape(tostring(lastname)).."')"
vmaildb.runsqlcommand(sql)
sql = "INSERT INTO voicemail_prefs (username, domain, password) VALUES ('"..vmaildb.escape(username).."', '"..config.domain.."', '"..vmaildb.escape(password).."')"
vmaildb.runsqlcommand(sql)
else
bunchdata.value.bunch.errtxt = "Invalid syntax"
bunchdata.errtxt = "Failed to create users"
vmaildb.runsqlcommand("ROLLBACK")
break
for i,line in ipairs(format.string_to_table(format.dostounix(bunchdata.value.bunch.value), '\n')) do
if string.find(line, "%S") then
local username, firstname, lastname, password = string.match(line, "(%w+):(%w+):(%w+):(%w+)")
if not username then
bunchdata.value.bunch.errtxt = "Invalid syntax on line "..i
bunchdata.errtxt = "Failed to create users"
vmaildb.runsqlcommand("ROLLBACK")
break
elseif validuser(username) then
bunchdata.value.bunch.errtxt = "Username already exists on line "..i
bunchdata.errtxt = "Failed to create users"
vmaildb.runsqlcommand("ROLLBACK")
break
else
local entry = cfe({value={}})
entry.value.username = cfe({value=username})
entry.value.firstname = cfe({value=firstname})
entry.value.lastname = cfe({value=lastname})
entry.value["vm-password"] = cfe({value=password})
if validateentry(entry) then
sql = "INSERT INTO voicemail_users VALUES(null, '"..vmaildb.escape(username).."')"
vmaildb.runsqlcommand(sql)
sql = "SELECT uid FROM voicemail_users where username ='"..vmaildb.escape(username).."'";
uid = vmaildb.getselectresponse(sql)
sql = "INSERT INTO voicemail_values VALUES('"..uid[1].uid.."', '2', '"..vmaildb.escape(tostring(firstname)).."')"
vmaildb.runsqlcommand(sql)
sql = "INSERT INTO voicemail_values VALUES('"..uid[1].uid.."', '3', '"..vmaildb.escape(tostring(lastname)).."')"
vmaildb.runsqlcommand(sql)
sql = "INSERT INTO voicemail_prefs (username, domain, password) VALUES ('"..vmaildb.escape(username).."', '"..config.domain.."', '"..vmaildb.escape(password).."')"
vmaildb.runsqlcommand(sql)
else
bunchdata.value.bunch.errtxt = {"Error on line "..i}
for n,v in pairs(entry.value) do
bunchdata.value.bunch.errtxt[#bunchdata.value.bunch.errtxt+1] = v.errtxt
end
bunchdata.value.bunch.errtxt = table.concat(bunchdata.value.bunch.errtxt, '\n')
bunchdata.errtxt = "Failed to create users"
vmaildb.runsqlcommand("ROLLBACK")
break
end
end
end
end
vmaildb.runsqlcommand("COMMIT")
if not bunchdata.errtxt then
vmaildb.runsqlcommand("COMMIT")
end
if connected then vmaildb.databasedisconnect() end
end)
......@@ -764,17 +800,8 @@ mymodule.create_usersettings = function(self, usersettings, action)
end
mymodule.update_usersettings = function(self, usersettings, action, create)
local success = true
local errtxt
-- Validate the settings
if usersettings.value["vm-password"] and not string.match(usersettings.value["vm-password"].value, "^%d%d%d+$") then
success = false
usersettings.value["vm-password"].errtxt = "Passwords must be all numbers and at least three digits"
end
if usersettings.value["vm-password"] and usersettings.value["vm-password-confirm"] and usersettings.value["vm-password"].value ~= usersettings.value["vm-password-confirm"].value then
success = false
usersettings.value["vm-password-confirm"].errtxt = "Password does not match"
end
local success = validateentry(usersettings)
if success then
local res, err = pcall(function()
local connected = vmaildb.databaseconnect()
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment