X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=gosa-core%2Fhtml%2Fpassword.php;h=0b93bf955c7b0ee690a05157dc36d29cca23c8d6;hb=90747e5966f031a8ab2ac19256c26cc037c838c2;hp=93fbadb96bff6bf786bd57d0bd86623b160833a2;hpb=353d148c27f41e155dd4e2e7cb29c12205046988;p=gosa.git diff --git a/gosa-core/html/password.php b/gosa-core/html/password.php index 93fbadb96..0b93bf955 100644 --- a/gosa-core/html/password.php +++ b/gosa-core/html/password.php @@ -24,6 +24,8 @@ function displayPWchanger() { global $smarty; + $smarty->assign ("logo", image(get_template_path("images/logo.png"))); + $smarty->assign ("date", date("l, dS F Y H:i:s O")); $smarty->display(get_template_path('password.tpl')); exit(); } @@ -68,7 +70,34 @@ if (!is_readable(CONFIG_DIR."/".CONFIG_FILE)) { /* Parse configuration file */ $config= new config(CONFIG_DIR."/".CONFIG_FILE, $BASE_DIR); -session::global_set('debugLevel', $config->get_cfg_value("debugLevel")); + +/* Generate server list */ +$servers= array(); +foreach ($config->data['LOCATIONS'] as $key => $ignored) { + $servers[$key]= $key; +} + +if (isset($_POST['server'])) { + $directory= get_post('server'); +}elseif (isset($_GET['directory'])) { + $directory= $_GET['directory']; +} else { + $directory= $config->data['MAIN']['DEFAULT']; + if (!isset($servers[$directory])) { + $directory = key($servers); + } + +} + +// Set location and reload the configRegistry - we've now access to the ldap. +if(isset($servers[$directory])){ + $config->set_current($directory); + $config->check_and_reload(); + $config->configRegistry->reload(TRUE); +} +session::global_set('plist', new pluglist($config, $ui)); + +session::global_set('debugLevel', $config->get_cfg_value("core","debugLevel")); if ($_SERVER["REQUEST_METHOD"] != "POST") { @DEBUG( DEBUG_CONFIG, __LINE__, __FUNCTION__, __FILE__, $config->data, "config" @@ -76,9 +105,7 @@ if ($_SERVER["REQUEST_METHOD"] != "POST") { } /* Set template compile directory */ -$smarty->compile_dir= $config->get_cfg_value( - "templateCompileDirectory", '/var/spool/gosa' -); +$smarty->compile_dir= $config->get_cfg_value("core", "templateCompileDirectory"); /* Check for compile directory */ if (!(is_dir($smarty->compile_dir) && is_writable($smarty->compile_dir))) { @@ -97,10 +124,10 @@ if (!(is_dir($smarty->compile_dir) && is_writable($smarty->compile_dir))) { clean_smarty_compile_dir($smarty->compile_dir); /* Language setup */ -if ($config->get_cfg_value("language") == "") { +if ($config->get_cfg_value("core","language") == "") { $lang= get_browser_language(); } else { - $lang= $config->get_cfg_value("language"); + $lang= $config->get_cfg_value("core","language"); } $lang.=".UTF-8"; putenv("LANGUAGE="); @@ -114,20 +141,6 @@ $domain = 'messages'; bindtextdomain($domain, LOCALE_DIR); textdomain($domain); -/* Generate server list */ -$servers= array(); -foreach ($config->data['LOCATIONS'] as $key => $ignored) { - $servers[$key]= $key; -} -if (isset($_POST['server'])) { - $directory= validate($_POST['server']); -} else { - $directory= $config->data['MAIN']['DEFAULT']; - - if (!isset($servers[$directory])) { - $directory = key($servers); - } -} $smarty->assign ("title","GOsa"); if (isset($_GET['directory']) && isset($servers[$_GET['directory']])) { $smarty->assign("show_directory_chooser", false); @@ -165,16 +178,16 @@ if (!isset($_SERVER['HTTPS']) || } /* If SSL is forced, just forward to the SSL enabled site */ -if ($config->get_cfg_value("forceSSL") == 'true' && $ssl != '') { +if ($config->get_cfg_value("core","forceSSL") == 'true' && $ssl != '') { header("Location: $ssl"); exit; } /* Check for selected password method */ -$method= $config->get_cfg_value("passwordDefaultHash", "crypt/md5"); +$method= $config->get_cfg_value("core","passwordDefaultHash"); if (isset($_GET['method'])) { $method= validate($_GET['method']); - $tmp = new passwordMethod($config); + $tmp = new passwordMethod($config, "dummy"); $available = $tmp->get_available_methods(); if (!isset($available[$method])) { msg_dialog::display( @@ -192,7 +205,7 @@ if (isset($_GET['uid']) && $_GET['uid'] != "") { $uid= validate($_GET['uid']); $smarty->assign('display_username', false); } elseif (isset($_POST['uid'])) { - $uid= validate($_POST['uid']); + $uid= get_post('uid'); $smarty->assign('display_username', true); } else { $uid= ""; @@ -209,50 +222,47 @@ if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['apply'])) { session::global_set('_LAST_PAGE_REQUEST', time()); } - $message= array(); - $current_password= $_POST['current_password']; + // Get posted values + $current_password = get_post('current_password'); + $new_password = get_post('new_password'); + $repeated_password = get_post('new_password_repeated'); - /* Do new and repeated password fields match? */ - $new_password= $_POST['new_password']; - if ($_POST['new_password'] != $_POST['new_password_repeated']) { - $message[]= _("The values for 'New password' and 'Repeated new password' differ!"); - } else { - if ($_POST['new_password'] == "") { - $message[]= msgPool::required(_("New password")); - } - } - /* Password policy fulfilled? */ - if ($config->get_cfg_value("passwordMinDiffer") != "") { - $l= $config->get_cfg_value("passwordMinDiffer"); - if (substr($_POST['current_password'], 0, $l) == - substr($_POST['new_password'], 0, $l)) { - $message[]= _("The password used as new and current are too similar!"); - } - } - if ($config->get_cfg_value("passwordMinLength") != "") { - if (strlen($_POST['new_password']) < - $config->get_cfg_value("passwordMinLength")) { - $message[]= _("The password used as new is to short!"); - } - } - if(!passwordMethod::is_harmless($_POST['new_password'])){ - $message[]= _("The password contains possibly problematic unicode characters!"); - } + // Get configuration flags for further input checks. + $check_differ = $config->get_cfg_value("core","passwordMinDiffer") != ""; + $differ = $config->get_cfg_value("core","passwordMinDiffer"); + $check_length = $config->get_cfg_value("core","passwordMinLength") != ""; + $length = $config->get_cfg_value("core","passwordMinLength"); + + // Once an error has occured it is stored here. + $message = array(); - /* Validate */ - if (!tests::is_uid($uid)) { + // Perform GOsa password policy checks + if(!tests::is_uid($uid)) { $message[]= msgPool::invalid(_("Login")); - } elseif (mb_strlen($_POST["current_password"], 'UTF-8') == 0) { - $message[]= msgPool::required(_("Current password")); - } else { + }elseif(empty($current_password)){ + $message[] = _("You need to specify your current password in order to proceed."); + }elseif($new_password != $repeated_password){ + $message[] = _("The passwords you've entered as 'New password' and 'Repeated new password' do not match."); + }elseif($new_password == ""){ + $message[] = _("The password you've entered as 'New password' is empty."); + }elseif($check_differ && (substr($current_password, 0, $differ) == substr($new_password, 0, $differ))){ + $message[] = _("The password used as new and current are too similar."); + }elseif($check_length && (strlen($new_password) < $length)){ + $message[] = _("The password used as new is to short."); + }elseif(!passwordMethod::is_harmless($new_password)){ + $message[] = _("The password contains possibly problematic Unicode characters!"); + } - /* Do we have the selected user somewhere? */ + // Connect as the given user and load its ACLs + if(!count($message)){ $ui= ldap_login_user($uid, $current_password); - if ($ui === NULL) { $message[]= _("Please check the username/password combination!"); } else { + $tmp= new acl($config, NULL, $ui->dn); + $ui->ocMapping= $tmp->ocMapping; + $ui->loadACL(); $acls = $ui->get_permissions($ui->dn, "users/password"); if (!preg_match("/w/i", $acls)) { $message[]= _("You have no permissions to change your password!"); @@ -260,42 +270,29 @@ if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['apply'])) { } } - /* Do we need to show error messages? */ + // Call external check hook to validate the password change + if(!count($message)){ + $attrs = array(); + $attrs['current_password'] = ($current_password); + $attrs['new_password'] = ($new_password); + $checkRes = password::callCheckHook($config,$ui->dn,$attrs); + if(count($checkRes)){ + $message[] = sprintf(_("Check-hook reported a problem: %s. Password change canceled!"),implode($checkRes)); + } + } + + // Display error messages if (count($message) != 0) { - /* Show error message and continue editing */ msg_dialog::displayChecks($message); - } else { - - /* Passed quality check, just try to change the password now */ - $output= ""; - if ($config->get_cfg_value("passwordHook") != "") { - exec( - $config->get_cfg_value("passwordHook")." ".$ui->username." ". - $_POST['current_password']." ".$_POST['new_password'], - $resarr - ); - if (count($resarr) > 0) { - $output= join('\n', $resarr); - } - } - if ($output != "") { - $message[]= sprintf( - _("External password changer reported a problem: %s"), - $output - ); - msg_dialog::displayChecks($message); + } else + + // Try to change the password + if(!change_password($ui->dn, $_POST['new_password'], FALSE, $method,get_post('current_password'),$msg)){ + msg_dialog::displayChecks(array($msg)); } else { - if ($method != "") { - change_password($ui->dn, $_POST['new_password'], 0, $method); - } else { - change_password($ui->dn, $_POST['new_password']); - } gosa_log("User/password has been changed"); $smarty->assign("changed", true); } - } - - } /* Parameter fill up */ @@ -312,7 +309,7 @@ $smarty->assign('uid', $uid); $smarty->assign('password_img', get_template_path('images/password.png')); /* Displasy SSL mode warning? */ -if ($ssl != "" && $config->get_cfg_value("warnSSL") == 'true') { +if ($ssl != "" && $config->get_cfg_value("core","warnSSL") == 'true') { $smarty->assign( "ssl", ""._("Warning").": "._("Session will not be encrypted.").