index 99a5d49cb8b96d866fc2c1d594aa92ecce6ff82d..0b93bf955c7b0ee690a05157dc36d29cca23c8d6 100644 (file)
$uid= validate($_GET['uid']);
$smarty->assign('display_username', false);
} elseif (isset($_POST['uid'])) {
$uid= validate($_GET['uid']);
$smarty->assign('display_username', false);
} elseif (isset($_POST['uid'])) {
- $uid= validate($_POST['uid']);
+ $uid= get_post('uid');
$smarty->assign('display_username', true);
} else {
$uid= "";
$smarty->assign('display_username', true);
} else {
$uid= "";
session::global_set('_LAST_PAGE_REQUEST', time());
}
session::global_set('_LAST_PAGE_REQUEST', time());
}
- $message= array();
- $current_password= $_POST['current_password'];
+ // Get posted values
+ $current_password = get_post('current_password');
+ $new_password = get_post('new_password');
+ $repeated_password = get_post('new_password_repeated');
- /* Do new and repeated password fields match? */
- $new_password= $_POST['new_password'];
- if ($_POST['new_password'] != $_POST['new_password_repeated']) {
- $message[]= _("The values for 'New password' and 'Repeated new password' differ!");
- } else {
- if ($_POST['new_password'] == "") {
- $message[]= msgPool::required(_("New password"));
- }
- }
- /* Password policy fulfilled? */
- if ($config->get_cfg_value("core","passwordMinDiffer") != "") {
- $l= $config->get_cfg_value("core","passwordMinDiffer");
- if (substr($_POST['current_password'], 0, $l) ==
- substr($_POST['new_password'], 0, $l)) {
- $message[]= _("The password used as new and current are too similar!");
- }
- }
- if ($config->get_cfg_value("core","passwordMinLength") != "") {
- if (strlen($_POST['new_password']) <
- $config->get_cfg_value("core","passwordMinLength")) {
- $message[]= _("The password used as new is to short!");
- }
- }
- if(!passwordMethod::is_harmless($_POST['new_password'])){
- $message[]= _("The password contains possibly problematic unicode characters!");
- }
+ // Get configuration flags for further input checks.
+ $check_differ = $config->get_cfg_value("core","passwordMinDiffer") != "";
+ $differ = $config->get_cfg_value("core","passwordMinDiffer");
+ $check_length = $config->get_cfg_value("core","passwordMinLength") != "";
+ $length = $config->get_cfg_value("core","passwordMinLength");
+
+ // Once an error has occured it is stored here.
+ $message = array();
- /* Validate */
- if (!tests::is_uid($uid)) {
+ // Perform GOsa password policy checks
+ if(!tests::is_uid($uid)) {
$message[]= msgPool::invalid(_("Login"));
$message[]= msgPool::invalid(_("Login"));
- } elseif (mb_strlen($_POST["current_password"], 'UTF-8') == 0) {
- $message[]= msgPool::required(_("Current password"));
- } else {
+ }elseif(empty($current_password)){
+ $message[] = _("You need to specify your current password in order to proceed.");
+ }elseif($new_password != $repeated_password){
+ $message[] = _("The passwords you've entered as 'New password' and 'Repeated new password' do not match.");
+ }elseif($new_password == ""){
+ $message[] = _("The password you've entered as 'New password' is empty.");
+ }elseif($check_differ && (substr($current_password, 0, $differ) == substr($new_password, 0, $differ))){
+ $message[] = _("The password used as new and current are too similar.");
+ }elseif($check_length && (strlen($new_password) < $length)){
+ $message[] = _("The password used as new is to short.");
+ }elseif(!passwordMethod::is_harmless($new_password)){
+ $message[] = _("The password contains possibly problematic Unicode characters!");
+ }
- /* Do we have the selected user somewhere? */
+ // Connect as the given user and load its ACLs
+ if(!count($message)){
$ui= ldap_login_user($uid, $current_password);
$ui= ldap_login_user($uid, $current_password);
-
- /* Load ocMapping into userinfo */
- $tmp= new acl($config, NULL, $ui->dn);
- $ui->ocMapping= $tmp->ocMapping;
-
-
- $ui->loadACL();
-
if ($ui === NULL) {
$message[]= _("Please check the username/password combination!");
} else {
if ($ui === NULL) {
$message[]= _("Please check the username/password combination!");
} else {
+ $tmp= new acl($config, NULL, $ui->dn);
+ $ui->ocMapping= $tmp->ocMapping;
+ $ui->loadACL();
$acls = $ui->get_permissions($ui->dn, "users/password");
if (!preg_match("/w/i", $acls)) {
$message[]= _("You have no permissions to change your password!");
$acls = $ui->get_permissions($ui->dn, "users/password");
if (!preg_match("/w/i", $acls)) {
$message[]= _("You have no permissions to change your password!");
}
}
}
}
- /* Do we need to show error messages? */
+ // Call external check hook to validate the password change
+ if(!count($message)){
+ $attrs = array();
+ $attrs['current_password'] = ($current_password);
+ $attrs['new_password'] = ($new_password);
+ $checkRes = password::callCheckHook($config,$ui->dn,$attrs);
+ if(count($checkRes)){
+ $message[] = sprintf(_("Check-hook reported a problem: %s. Password change canceled!"),implode($checkRes));
+ }
+ }
+
+ // Display error messages
if (count($message) != 0) {
if (count($message) != 0) {
- /* Show error message and continue editing */
msg_dialog::displayChecks($message);
msg_dialog::displayChecks($message);
- } else {
-
- /* Passed quality check, just try to change the password now */
- $output= "";
- if ($config->get_cfg_value("core","passwordHook") != "") {
- exec(
- $config->get_cfg_value("core","passwordHook")." ".$ui->username." ".
- $_POST['current_password']." ".$_POST['new_password'],
- $resarr
- );
- if (count($resarr) > 0) {
- $output= join('\n', $resarr);
- }
- }
- if ($output != "") {
- $message[]= sprintf(
- _("External password changer reported a problem: %s"),
- $output
- );
- msg_dialog::displayChecks($message);
+ } else
+
+ // Try to change the password
+ if(!change_password($ui->dn, $_POST['new_password'], FALSE, $method,get_post('current_password'),$msg)){
+ msg_dialog::displayChecks(array($msg));
} else {
} else {
- if ($method != "") {
- change_password($ui->dn, $_POST['new_password'], 0, $method);
- } else {
- change_password($ui->dn, $_POST['new_password']);
- }
gosa_log("User/password has been changed");
$smarty->assign("changed", true);
}
gosa_log("User/password has been changed");
$smarty->assign("changed", true);
}
- }
-
-
}
/* Parameter fill up */
}
/* Parameter fill up */