gosa-core/plugins/personal/password/class_password.inc

   1 <?php
   2 /*
   3  * This code is part of GOsa (http://www.gosa-project.org)
   4  * Copyright (C) 2003-2008 GONICUS GmbH
   5  *
   6  * ID: $$Id$$
   7  *
   8  * This program is free software; you can redistribute it and/or modify
   9  * it under the terms of the GNU General Public License as published by
  10  * the Free Software Foundation; either version 2 of the License, or
  11  * (at your option) any later version.
  12  *
  13  * This program is distributed in the hope that it will be useful,
  14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16  * GNU General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU General Public License
  19  * along with this program; if not, write to the Free Software
  20  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  21  */
  22
  23 class password extends plugin
  24 {
  25     /* Definitions */
  26     var $plHeadline     = "Change password";
  27     var $plDescription  = "Change user password";
  28
  29     var $proposal = "";
  30     var $proposalEnabled = FALSE;
  31     var $proposalSelected = FALSE;
  32
  33     var $forcedHash = NULL;
  34
  35     function password(&$config, $dn= NULL, $parent= NULL)
  36     {
  37         plugin::plugin($config, $dn, $parent);
  38
  39         // Try to generate a password proposal, if this is successfull
  40         //  then preselect the proposal usage.
  41         $this->refreshProposal();
  42         if($this->proposal != ""){
  43             $this->proposalSelected = TRUE;
  44         }
  45     }
  46
  47
  48     function forceHash($hash)
  49     {
  50         $this->forcedHash = $hash;
  51     }
  52
  53
  54     function refreshProposal()
  55     {
  56         $this->proposal = passwordMethod::getPasswordProposal($this->config);
  57         $this->proposalEnabled = (!empty($this->proposal));
  58     }
  59
  60
  61     function execute()
  62     {
  63         plugin::execute();
  64         $smarty = get_smarty();
  65         $ui = get_userinfo();
  66
  67         /* Get acls */
  68         $password_ACLS = $ui->get_permissions($ui->dn,"users/password");
  69         $smarty->assign("ChangeACL" ,  $password_ACLS);
  70         $smarty->assign("NotAllowed" , !preg_match("/w/i",$password_ACLS));
  71
  72         /* Display expiration template */
  73         $smarty->assign("passwordExpired", FALSE);
  74         if ($this->config->boolValueIsTrue("core","handleExpiredAccounts")){
  75             $expired= ldap_expired_account($this->config, $ui->dn, $ui->username);
  76             $smarty->assign("passwordExpired", $expired & POSIX_FORCE_PASSWORD_CHANGE);
  77             if($expired == POSIX_DISALLOW_PASSWORD_CHANGE){
  78                 return($smarty->fetch(get_template_path("nochange.tpl", TRUE)));
  79             }
  80         }
  81
  82         // Refresh proposal if requested
  83         if(isset($_POST['refreshProposal'])) $this->refreshProposal();
  84         if(isset($_POST['proposalSelected'])) $this->proposalSelected = get_post('proposalSelected') == 1;
  85         $smarty->assign("proposal" , set_post($this->proposal));
  86         $smarty->assign("proposalEnabled" , $this->proposalEnabled);
  87         $smarty->assign("proposalSelected" , $this->proposalSelected);
  88
  89         /* Pwd change requested */
  90         if (isset($_POST['password_finish'])){
  91
  92             if($this->proposalSelected){
  93                 $current_password = get_post('current_password');
  94                 $new_password = $this->proposal;
  95                 $repeated_password = $this->proposal;
  96             }else{
  97                 $current_password = get_post('current_password');
  98                 $new_password = get_post('new_password');
  99                 $repeated_password = get_post('repeated_password');
 100             }
 101
 102
 103             /* Should we check different characters in new password */
 104             $check_differ = $this->config->get_cfg_value("core","passwordMinDiffer") != "";
 105             $differ       = $this->config->get_cfg_value("core","passwordMinDiffer");
 106
 107             /* Enable length check ? */
 108             $check_length = $this->config->get_cfg_value("core","passwordMinLength") != "";
 109             $length       = $this->config->get_cfg_value("core","passwordMinLength");
 110
 111             /* Call external password quality hook ?*/
 112             $check_hook   = $this->config->get_cfg_value("core","passwordHook") != "";
 113             $hook         = $this->config->get_cfg_value("core","passwordHook")." ".
 114                         $ui->username." ".$current_password." ".$new_password;
 115
 116             if($check_hook){
 117                 exec($hook,$resarr);
 118                 $check_hook_output = "";
 119                 if(count($resarr) > 0) {
 120                     $check_hook_output= join('\n', $resarr);
 121                 }
 122             }
 123
 124             /* Check given values */
 125             if(empty($current_password)){
 126                 msg_dialog::display(_("Password change"),
 127                         _("You need to specify your current password in order to proceed."),WARNING_DIALOG);
 128             }elseif ($new_password  != $repeated_password){
 129                 msg_dialog::display(_("Password change"),
 130                         _("The passwords you've entered as 'New password' and 'Repeated new password' do not match."),WARNING_DIALOG);
 131             } elseif ($new_password == ""){
 132                 msg_dialog::display(_("Password change"),
 133                         _("The password you've entered as 'New password' is empty."),WARNING_DIALOG);
 134             }elseif($check_differ && (substr($current_password, 0, $differ) == substr($new_password, 0, $differ))){
 135                 msg_dialog::display(_("Password change"),
 136                         _("The password used as new and current are too similar."),WARNING_DIALOG);
 137             }elseif($check_length && (strlen($new_password) < $length)){
 138                 msg_dialog::display(_("Password change"),
 139                         _("The password used as new is to short."),WARNING_DIALOG);
 140             }elseif(!passwordMethod::is_harmless($new_password)){
 141                 msg_dialog::display(_("Password change"),
 142                         _("The password contains possibly problematic unicode characters!"),WARNING_DIALOG);
 143             }elseif($check_hook && $check_hook_output != ""){
 144                 msg_dialog::display(_("Password change"),
 145                         sprintf(_("External password changer reported a problem: %s."),$check_hook_output),WARNING_DIALOG);
 146             }else{
 147
 148                 /* Try to connect via current password */
 149                 $tldap = new LDAP(
 150                         $ui->dn,
 151                         $current_password,
 152                         $this->config->current['SERVER'],
 153                         $this->config->get_cfg_value("core","ldapFollowReferrals") == "true",
 154                         $this->config->get_cfg_value("core","ldapTLS") == "true");
 155
 156                 /* connection Successfull ? */
 157                 if (!$tldap->success()){
 158                     msg_dialog::display(_("Password change"),
 159                             _("The password you've entered as your current password doesn't match the real one."),WARNING_DIALOG);
 160                 }else{
 161
 162                     /* Check GOsa permissions */
 163                     if (!preg_match("/w/i",$password_ACLS)){
 164                         msg_dialog::display(_("Password change"),
 165                                 _("You have no permission to change your password."),WARNING_DIALOG);
 166                     }else{
 167                         $this->change_password($ui->dn, $new_password, $this->forcedHash);
 168                         gosa_log ("User/password has been changed");
 169                         $ui->password= $new_password;
 170                         session::set('ui',$ui);
 171 #$this->handle_post_events("modify",array("userPassword" => $new_password));
 172                         return($smarty->fetch(get_template_path("changed.tpl", TRUE)));
 173                     }
 174                 }
 175             }
 176         }
 177         return($smarty->fetch(get_template_path("password.tpl", TRUE)));
 178     }
 179
 180     function change_password($dn, $pwd, $hash)
 181     {
 182         if(!$hash){
 183             change_password ($dn, $pwd);
 184         }else{
 185             change_password ($dn, $pwd,0, $hash);
 186         }
 187     }
 188
 189     function remove_from_parent()
 190     {
 191         $this->handle_post_events("remove");
 192     }
 193
 194     function save()
 195     {
 196     }
 197
 198     static function plInfo()
 199     {
 200         return (array(
 201                     "plDescription"     => _("User password"),
 202                     "plSelfModify"      => TRUE,
 203                     "plDepends"         => array("user"),
 204                     "plPriority"        => 10,
 205                     "plSection"     => array("personal" => _("My account")),
 206                     "plCategory"    => array("users"),
 207                     "plOptions"         => array(),
 208
 209                     "plProvidedAcls"  => array())
 210                );
 211     }
 212
 213 }
 214 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
 215 ?>