[Web] Fix some major errors in app passwds but disable app passwds due to a show stopper... todo: fix asap

data/web/edit.php

@@ -1324,9 +1324,9 @@ if (isset($_SESSION['mailcow_cc_role'])) {
           <form class="form-horizontal" data-id="editapp" role="form" method="post">
             <input type="hidden" value="0" name="active">
             <div class="form-group">
-              <label class="control-label col-sm-2" for="name">App</label>
+              <label class="control-label col-sm-2" for="app_name">App</label>
               <div class="col-sm-10">
-              <input type="text" class="form-control" name="name" id="name" value="<?=htmlspecialchars($result['name'], ENT_QUOTES, 'UTF-8');?>" required maxlength="255">
+              <input type="text" class="form-control" name="app_name" id="app_name" value="<?=htmlspecialchars($result['name'], ENT_QUOTES, 'UTF-8');?>" required maxlength="255">
               </div>
             </div>
             <div class="form-group">

data/web/inc/functions.app_passwd.inc.php

@@ -21,9 +21,9 @@ function app_passwd($_action, $_data = null) {
   }
   switch ($_action) {
     case 'add':
-      $name = trim($_data['name']);
-      $password     = $_data['password'];
-      $password2    = $_data['password2'];
+      $app_name = trim($_data['app_name']);
+      $password     = $_data['app_passwd'];
+      $password2    = $_data['app_passwd2'];
       $active = intval($_data['active']);
       $domain = mailbox('get', 'mailbox_details', $username)['domain'];
       if (empty($domain)) {
@@ -34,26 +34,24 @@ function app_passwd($_action, $_data = null) {
         );
         return false;
       }
-      if (!empty($password) && !empty($password2)) {
-        if (!preg_match('/' . $GLOBALS['PASSWD_REGEP'] . '/', $password)) {
-          $_SESSION['return'][] = array(
-            'type' => 'danger',
-            'log' => array(__FUNCTION__, $_action, $_data_log),
-            'msg' => 'password_complexity'
-          );
-          return false;
-        }
-        if ($password != $password2) {
-          $_SESSION['return'][] = array(
-            'type' => 'danger',
-            'log' => array(__FUNCTION__, $_action, $_data_log),
-            'msg' => 'password_mismatch'
-          );
-          return false;
-        }
-        $password_hashed = hash_password($password);
+      if (!preg_match('/' . $GLOBALS['PASSWD_REGEP'] . '/', $password)) {
+        $_SESSION['return'][] = array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $_action, $_data_log),
+          'msg' => 'password_complexity'
+        );
+        return false;
+      }
+      if ($password != $password2) {
+        $_SESSION['return'][] = array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $_action, $_data_log),
+          'msg' => 'password_mismatch'
+        );
+        return false;
       }
-      if (empty($name)) {
+      $password_hashed = hash_password($password);
+      if (empty($app_name)) {
         $_SESSION['return'][] = array(
           'type' => 'danger',
           'log' => array(__FUNCTION__, $_action, $_data_log),
@@ -63,12 +61,12 @@ function app_passwd($_action, $_data = null) {
       }
       try {
         $stmt = $pdo->prepare("INSERT INTO `app_passwd` (`name`, `mailbox`, `domain`, `password`, `active`)
-          VALUES (:name, :mailbox, :domain, :password, :active)");
+          VALUES (:app_name, :mailbox, :domain, :password, :active)");
         $stmt->execute(array(
-          ':name' => $name,
-          ':mailbox' => $mailbox,
+          ':app_name' => $app_name,
+          ':mailbox' => $username,
           ':domain' => $domain,
-          ':password' => $password,
+          ':password' => $password_hashed,
           ':active' => $active
         ));
       }
@@ -91,7 +89,7 @@ function app_passwd($_action, $_data = null) {
       foreach ($ids as $id) {
         $is_now = app_passwd('details', $id);
         if (!empty($is_now)) {
-          $name = (!empty($_data['name'])) ? $_data['name'] : $is_now['name'];
+          $app_name = (!empty($_data['app_name'])) ? $_data['app_name'] : $is_now['name'];
           $password = (!empty($_data['password'])) ? $_data['password'] : null;
           $password2 = (!empty($_data['password2'])) ? $_data['password2'] : null;
           $active = (isset($_data['active'])) ? intval($_data['active']) : $is_now['active_int'];
@@ -100,11 +98,11 @@ function app_passwd($_action, $_data = null) {
           $_SESSION['return'][] = array(
             'type' => 'danger',
             'log' => array(__FUNCTION__, $_action, $_data_log),
-            'msg' => array('settings_map_invalid', $id)
+            'msg' => array('app_passwd_id_invalid', $id)
           );
           continue;
         }
-        $name = trim($name);
+        $app_name = trim($app_name);
         if (!empty($password) && !empty($password2)) {
           if (!preg_match('/' . $GLOBALS['PASSWD_REGEP'] . '/', $password)) {
             $_SESSION['return'][] = array(
@@ -134,12 +132,12 @@ function app_passwd($_action, $_data = null) {
         }
         try {
           $stmt = $pdo->prepare("UPDATE `app_passwd` SET
-            `name` = :name,
+            `name` = :app_name,
             `mailbox` = :username,
             `active` = :active
               WHERE `id` = :id");
           $stmt->execute(array(
-            ':name' => $name,
+            ':app_name' => $app_name,
             ':username' => $username,
             ':active' => $active,
             ':id' => $id

data/web/modals/user.php

@@ -171,7 +171,7 @@ if (!isset($_SESSION['mailcow_cc_role'])) {
         <h3 class="modal-title"><?=$lang['add']['app_password'];?></h3>
       </div>
       <div class="modal-body">
-				<form class="form-horizontal" data-cached-form="true" role="form" data-id="add_syncjob">
+				<form class="form-horizontal" data-cached-form="true" role="form" data-id="add_apppasswd">
 					<div class="form-group">
 						<label class="control-label col-sm-2" for="app_name"><?=$lang['add']['app_name'];?></label>
 						<div class="col-sm-10">
@@ -200,7 +200,7 @@ if (!isset($_SESSION['mailcow_cc_role'])) {
 					</div>
 					<div class="form-group">
 						<div class="col-sm-offset-2 col-sm-10">
-              <button class="btn btn-default" data-action="add_item" data-id="add_syncjob" data-api-url='add/syncjob' data-api-attr='{}' href="#"><?=$lang['admin']['add'];?></button>
+              <button class="btn btn-default" data-action="add_item" data-id="add_apppasswd" data-api-url='add/app-passwd' data-api-attr='{}' href="#"><?=$lang['admin']['add'];?></button>
 						</div>
 					</div>
 				</form>

data/web/user.php

@@ -100,7 +100,7 @@ elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == '
     <li role="presentation"><a href="#SpamAliases" aria-controls="SpamAliases" role="tab" data-toggle="tab"><?=$lang['user']['spam_aliases'];?></a></li>
     <li role="presentation"><a href="#Spamfilter" aria-controls="Spamfilter" role="tab" data-toggle="tab"><?=$lang['user']['spamfilter'];?></a></li>
     <li role="presentation"><a href="#Syncjobs" aria-controls="Syncjobs" role="tab" data-toggle="tab"><?=$lang['user']['sync_jobs'];?></a></li>
-    <li role="presentation"><a href="#AppPasswds" aria-controls="AppPasswds" role="tab" data-toggle="tab"><?=$lang['user']['app_passwds'];?></a></li>
+    <!-- <li role="presentation"><a href="#AppPasswds" aria-controls="AppPasswds" role="tab" data-toggle="tab"><?=$lang['user']['app_passwds'];?></a></li> -->
   </ul>
   <hr>