gosa-core/plugins/personal/password/class_password.inc

   1 <?php
   2 /*
   3  * This code is part of GOsa (http://www.gosa-project.org)
   4  * Copyright (C) 2003-2008 GONICUS GmbH
   5  *
   6  * ID: $$Id$$
   7  *
   8  * This program is free software; you can redistribute it and/or modify
   9  * it under the terms of the GNU General Public License as published by
  10  * the Free Software Foundation; either version 2 of the License, or
  11  * (at your option) any later version.
  12  *
  13  * This program is distributed in the hope that it will be useful,
  14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16  * GNU General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU General Public License
  19  * along with this program; if not, write to the Free Software
  20  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  21  */
  22
  23 class password extends plugin
  24 {
  25     /* Definitions */
  26     var $plHeadline     = "Change password";
  27     var $plDescription  = "Change user password";
  28
  29     var $proposal = "";
  30     var $proposalEnabled = FALSE;
  31     var $proposalSelected = FALSE;
  32
  33     var $forcedHash = NULL;
  34
  35     function password(&$config, $dn= NULL, $parent= NULL)
  36     {
  37         plugin::plugin($config, $dn, $parent);
  38
  39         // Try to generate a password proposal, if this is successfull
  40         //  then preselect the proposal usage.
  41         $this->refreshProposal();
  42         if($this->proposal != ""){
  43             $this->proposalSelected = TRUE;
  44         }
  45     }
  46
  47
  48     function forceHash($hash)
  49     {
  50         $this->forcedHash = $hash;
  51     }
  52
  53
  54     function refreshProposal()
  55     {
  56         $this->proposal = passwordMethod::getPasswordProposal($this->config);
  57         $this->proposalEnabled = (!empty($this->proposal));
  58     }
  59
  60
  61     function execute()
  62     {
  63         plugin::execute();
  64         $smarty = get_smarty();
  65         $ui = get_userinfo();
  66
  67         /* Get acls */
  68         $password_ACLS = $ui->get_permissions($ui->dn,"users/password");
  69         $smarty->assign("ChangeACL" ,  $password_ACLS);
  70         $smarty->assign("NotAllowed" , !preg_match("/w/i",$password_ACLS));
  71
  72         /* Display expiration template */
  73         $smarty->assign("passwordExpired", FALSE);
  74         if ($this->config->get_cfg_value("core","handleExpiredAccounts") == "true"){
  75             $expired= ldap_expired_account($this->config, $ui->dn, $ui->username);
  76             $smarty->assign("passwordExpired", $expired & POSIX_FORCE_PASSWORD_CHANGE);
  77             if($expired == POSIX_DISALLOW_PASSWORD_CHANGE){
  78                 return($smarty->fetch(get_template_path("nochange.tpl", TRUE)));
  79             }
  80         }
  81
  82         // Refresh proposal if requested
  83         if(isset($_POST['refreshProposal'])) $this->refreshProposal();
  84         $smarty->assign("proposal" , $this->proposal);
  85         $smarty->assign("proposalEnabled" , $this->proposalEnabled);
  86         $smarty->assign("proposalSelected" , $this->proposalSelected);
  87
  88         if(isset($_POST['proposalSelected'])) $this->proposalSelected = get_post('proposalSelected') == 1;
  89
  90         /* Pwd change requested */
  91         if (isset($_POST['password_finish'])){
  92
  93             if($this->proposalSelected){
  94                 $current_password = get_post('current_password');
  95                 $new_password = $this->proposal;
  96                 $repeated_password = $this->proposal;
  97             }else{
  98                 $current_password = get_post('current_password');
  99                 $new_password = get_post('new_password');
 100                 $repeated_password = get_post('repeated_password');
 101             }
 102
 103
 104             /* Should we check different characters in new password */
 105             $check_differ = $this->config->get_cfg_value("core","passwordMinDiffer") != "";
 106             $differ       = $this->config->get_cfg_value("core","passwordMinDiffer");
 107
 108             /* Enable length check ? */
 109             $check_length = $this->config->get_cfg_value("core","passwordMinLength") != "";
 110             $length       = $this->config->get_cfg_value("core","passwordMinLength");
 111
 112             /* Call external password quality hook ?*/
 113             $check_hook   = $this->config->get_cfg_value("core","passwordHook") != "";
 114             $hook         = $this->config->get_cfg_value("core","passwordHook")." ".
 115                         $ui->username." ".$current_password." ".$new_password;
 116
 117             if($check_hook){
 118                 exec($hook,$resarr);
 119                 $check_hook_output = "";
 120                 if(count($resarr) > 0) {
 121                     $check_hook_output= join('\n', $resarr);
 122                 }
 123             }
 124
 125             /* Check given values */
 126             if(empty($current_password)){
 127                 msg_dialog::display(_("Password change"),
 128                         _("You need to specify your current password in order to proceed."),WARNING_DIALOG);
 129             }elseif ($new_password  != $repeated_password){
 130                 msg_dialog::display(_("Password change"),
 131                         _("The passwords you've entered as 'New password' and 'Repeated new password' do not match."),WARNING_DIALOG);
 132             } elseif ($new_password == ""){
 133                 msg_dialog::display(_("Password change"),
 134                         _("The password you've entered as 'New password' is empty."),WARNING_DIALOG);
 135             }elseif($check_differ && (substr($current_password, 0, $differ) == substr($new_password, 0, $differ))){
 136                 msg_dialog::display(_("Password change"),
 137                         _("The password used as new and current are too similar."),WARNING_DIALOG);
 138             }elseif($check_length && (strlen($new_password) < $length)){
 139                 msg_dialog::display(_("Password change"),
 140                         _("The password used as new is to short."),WARNING_DIALOG);
 141             }elseif(!passwordMethod::is_harmless($new_password)){
 142                 msg_dialog::display(_("Password change"),
 143                         _("The password contains possibly problematic unicode characters!"),WARNING_DIALOG);
 144             }elseif($check_hook && $check_hook_output != ""){
 145                 msg_dialog::display(_("Password change"),
 146                         sprintf(_("External password changer reported a problem: %s."),$check_hook_output),WARNING_DIALOG);
 147             }else{
 148
 149                 /* Try to connect via current password */
 150                 $tldap = new LDAP(
 151                         $ui->dn,
 152                         $current_password,
 153                         $this->config->current['SERVER'],
 154                         $this->config->get_cfg_value("core","ldapFollowReferrals") == "true",
 155                         $this->config->get_cfg_value("core","ldapTLS") == "true");
 156
 157                 /* connection Successfull ? */
 158                 if (!$tldap->success()){
 159                     msg_dialog::display(_("Password change"),
 160                             _("The password you've entered as your current password doesn't match the real one."),WARNING_DIALOG);
 161                 }else{
 162
 163                     /* Check GOsa permissions */
 164                     if (!preg_match("/w/i",$password_ACLS)){
 165                         msg_dialog::display(_("Password change"),
 166                                 _("You have no permission to change your password."),WARNING_DIALOG);
 167                     }else{
 168                         $this->change_password($ui->dn, $new_password, $this->forcedHash);
 169                         gosa_log ("User/password has been changed");
 170                         $ui->password= $new_password;
 171                         session::set('ui',$ui);
 172 #$this->handle_post_events("modify",array("userPassword" => $new_password));
 173                         return($smarty->fetch(get_template_path("changed.tpl", TRUE)));
 174                     }
 175                 }
 176             }
 177         }
 178         return($smarty->fetch(get_template_path("password.tpl", TRUE)));
 179     }
 180
 181     function change_password($dn, $pwd, $hash)
 182     {
 183         if(!$hash){
 184             change_password ($dn, $pwd);
 185         }else{
 186             change_password ($dn, $pwd,0, $hash);
 187         }
 188     }
 189
 190     function remove_from_parent()
 191     {
 192         $this->handle_post_events("remove");
 193     }
 194
 195     function save()
 196     {
 197     }
 198
 199     static function plInfo()
 200     {
 201         return (array(
 202                     "plDescription"     => _("User password"),
 203                     "plSelfModify"      => TRUE,
 204                     "plDepends"         => array("user"),
 205                     "plPriority"        => 10,
 206                     "plSection"     => array("personal" => _("My account")),
 207                     "plCategory"    => array("users"),
 208                     "plOptions"         => array(),
 209
 210                     "plProvidedAcls"  => array())
 211                );
 212     }
 213
 214 }
 215 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
 216 ?>