![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
index 93fbadb96bff6bf786bd57d0bd86623b160833a2..0b93bf955c7b0ee690a05157dc36d29cca23c8d6 100644 (file)
{
global $smarty;
+ $smarty->assign ("logo", image(get_template_path("images/logo.png")));
+ $smarty->assign ("date", date("l, dS F Y H:i:s O"));
$smarty->display(get_template_path('password.tpl'));
exit();
}
/* Parse configuration file */
$config= new config(CONFIG_DIR."/".CONFIG_FILE, $BASE_DIR);
-session::global_set('debugLevel', $config->get_cfg_value("debugLevel"));
+
+/* Generate server list */
+$servers= array();
+foreach ($config->data['LOCATIONS'] as $key => $ignored) {
+ $servers[$key]= $key;
+}
+
+if (isset($_POST['server'])) {
+ $directory= get_post('server');
+}elseif (isset($_GET['directory'])) {
+ $directory= $_GET['directory'];
+} else {
+ $directory= $config->data['MAIN']['DEFAULT'];
+ if (!isset($servers[$directory])) {
+ $directory = key($servers);
+ }
+
+}
+
+// Set location and reload the configRegistry - we've now access to the ldap.
+if(isset($servers[$directory])){
+ $config->set_current($directory);
+ $config->check_and_reload();
+ $config->configRegistry->reload(TRUE);
+}
+session::global_set('plist', new pluglist($config, $ui));
+
+session::global_set('debugLevel', $config->get_cfg_value("core","debugLevel"));
if ($_SERVER["REQUEST_METHOD"] != "POST") {
@DEBUG(
DEBUG_CONFIG, __LINE__, __FUNCTION__, __FILE__, $config->data, "config"
}
/* Set template compile directory */
-$smarty->compile_dir= $config->get_cfg_value(
- "templateCompileDirectory", '/var/spool/gosa'
-);
+$smarty->compile_dir= $config->get_cfg_value("core", "templateCompileDirectory");
/* Check for compile directory */
if (!(is_dir($smarty->compile_dir) && is_writable($smarty->compile_dir))) {
clean_smarty_compile_dir($smarty->compile_dir);
/* Language setup */
-if ($config->get_cfg_value("language") == "") {
+if ($config->get_cfg_value("core","language") == "") {
$lang= get_browser_language();
} else {
- $lang= $config->get_cfg_value("language");
+ $lang= $config->get_cfg_value("core","language");
}
$lang.=".UTF-8";
putenv("LANGUAGE=");
bindtextdomain($domain, LOCALE_DIR);
textdomain($domain);
-/* Generate server list */
-$servers= array();
-foreach ($config->data['LOCATIONS'] as $key => $ignored) {
- $servers[$key]= $key;
-}
-if (isset($_POST['server'])) {
- $directory= validate($_POST['server']);
-} else {
- $directory= $config->data['MAIN']['DEFAULT'];
-
- if (!isset($servers[$directory])) {
- $directory = key($servers);
- }
-}
$smarty->assign ("title","GOsa");
if (isset($_GET['directory']) && isset($servers[$_GET['directory']])) {
$smarty->assign("show_directory_chooser", false);
}
/* If SSL is forced, just forward to the SSL enabled site */
-if ($config->get_cfg_value("forceSSL") == 'true' && $ssl != '') {
+if ($config->get_cfg_value("core","forceSSL") == 'true' && $ssl != '') {
header("Location: $ssl");
exit;
}
/* Check for selected password method */
-$method= $config->get_cfg_value("passwordDefaultHash", "crypt/md5");
+$method= $config->get_cfg_value("core","passwordDefaultHash");
if (isset($_GET['method'])) {
$method= validate($_GET['method']);
- $tmp = new passwordMethod($config);
+ $tmp = new passwordMethod($config, "dummy");
$available = $tmp->get_available_methods();
if (!isset($available[$method])) {
msg_dialog::display(
$uid= validate($_GET['uid']);
$smarty->assign('display_username', false);
} elseif (isset($_POST['uid'])) {
- $uid= validate($_POST['uid']);
+ $uid= get_post('uid');
$smarty->assign('display_username', true);
} else {
$uid= "";
session::global_set('_LAST_PAGE_REQUEST', time());
}
- $message= array();
- $current_password= $_POST['current_password'];
+ // Get posted values
+ $current_password = get_post('current_password');
+ $new_password = get_post('new_password');
+ $repeated_password = get_post('new_password_repeated');
- /* Do new and repeated password fields match? */
- $new_password= $_POST['new_password'];
- if ($_POST['new_password'] != $_POST['new_password_repeated']) {
- $message[]= _("The values for 'New password' and 'Repeated new password' differ!");
- } else {
- if ($_POST['new_password'] == "") {
- $message[]= msgPool::required(_("New password"));
- }
- }
- /* Password policy fulfilled? */
- if ($config->get_cfg_value("passwordMinDiffer") != "") {
- $l= $config->get_cfg_value("passwordMinDiffer");
- if (substr($_POST['current_password'], 0, $l) ==
- substr($_POST['new_password'], 0, $l)) {
- $message[]= _("The password used as new and current are too similar!");
- }
- }
- if ($config->get_cfg_value("passwordMinLength") != "") {
- if (strlen($_POST['new_password']) <
- $config->get_cfg_value("passwordMinLength")) {
- $message[]= _("The password used as new is to short!");
- }
- }
- if(!passwordMethod::is_harmless($_POST['new_password'])){
- $message[]= _("The password contains possibly problematic unicode characters!");
- }
+ // Get configuration flags for further input checks.
+ $check_differ = $config->get_cfg_value("core","passwordMinDiffer") != "";
+ $differ = $config->get_cfg_value("core","passwordMinDiffer");
+ $check_length = $config->get_cfg_value("core","passwordMinLength") != "";
+ $length = $config->get_cfg_value("core","passwordMinLength");
+
+ // Once an error has occured it is stored here.
+ $message = array();
- /* Validate */
- if (!tests::is_uid($uid)) {
+ // Perform GOsa password policy checks
+ if(!tests::is_uid($uid)) {
$message[]= msgPool::invalid(_("Login"));
- } elseif (mb_strlen($_POST["current_password"], 'UTF-8') == 0) {
- $message[]= msgPool::required(_("Current password"));
- } else {
+ }elseif(empty($current_password)){
+ $message[] = _("You need to specify your current password in order to proceed.");
+ }elseif($new_password != $repeated_password){
+ $message[] = _("The passwords you've entered as 'New password' and 'Repeated new password' do not match.");
+ }elseif($new_password == ""){
+ $message[] = _("The password you've entered as 'New password' is empty.");
+ }elseif($check_differ && (substr($current_password, 0, $differ) == substr($new_password, 0, $differ))){
+ $message[] = _("The password used as new and current are too similar.");
+ }elseif($check_length && (strlen($new_password) < $length)){
+ $message[] = _("The password used as new is to short.");
+ }elseif(!passwordMethod::is_harmless($new_password)){
+ $message[] = _("The password contains possibly problematic Unicode characters!");
+ }
- /* Do we have the selected user somewhere? */
+ // Connect as the given user and load its ACLs
+ if(!count($message)){
$ui= ldap_login_user($uid, $current_password);
-
if ($ui === NULL) {
$message[]= _("Please check the username/password combination!");
} else {
+ $tmp= new acl($config, NULL, $ui->dn);
+ $ui->ocMapping= $tmp->ocMapping;
+ $ui->loadACL();
$acls = $ui->get_permissions($ui->dn, "users/password");
if (!preg_match("/w/i", $acls)) {
$message[]= _("You have no permissions to change your password!");
}
}
- /* Do we need to show error messages? */
+ // Call external check hook to validate the password change
+ if(!count($message)){
+ $attrs = array();
+ $attrs['current_password'] = ($current_password);
+ $attrs['new_password'] = ($new_password);
+ $checkRes = password::callCheckHook($config,$ui->dn,$attrs);
+ if(count($checkRes)){
+ $message[] = sprintf(_("Check-hook reported a problem: %s. Password change canceled!"),implode($checkRes));
+ }
+ }
+
+ // Display error messages
if (count($message) != 0) {
- /* Show error message and continue editing */
msg_dialog::displayChecks($message);
- } else {
-
- /* Passed quality check, just try to change the password now */
- $output= "";
- if ($config->get_cfg_value("passwordHook") != "") {
- exec(
- $config->get_cfg_value("passwordHook")." ".$ui->username." ".
- $_POST['current_password']." ".$_POST['new_password'],
- $resarr
- );
- if (count($resarr) > 0) {
- $output= join('\n', $resarr);
- }
- }
- if ($output != "") {
- $message[]= sprintf(
- _("External password changer reported a problem: %s"),
- $output
- );
- msg_dialog::displayChecks($message);
+ } else
+
+ // Try to change the password
+ if(!change_password($ui->dn, $_POST['new_password'], FALSE, $method,get_post('current_password'),$msg)){
+ msg_dialog::displayChecks(array($msg));
} else {
- if ($method != "") {
- change_password($ui->dn, $_POST['new_password'], 0, $method);
- } else {
- change_password($ui->dn, $_POST['new_password']);
- }
gosa_log("User/password has been changed");
$smarty->assign("changed", true);
}
- }
-
-
}
/* Parameter fill up */
$smarty->assign('password_img', get_template_path('images/password.png'));
/* Displasy SSL mode warning? */
-if ($ssl != "" && $config->get_cfg_value("warnSSL") == 'true') {
+if ($ssl != "" && $config->get_cfg_value("core","warnSSL") == 'true') {
$smarty->assign(
"ssl",
"<b>"._("Warning").":</b> "._("Session will not be encrypted.").