Ported external password changer from stable.

Added style and template file.

git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@6854 594d385d-05f5-0310-b6e9-bd551577e9d8

diff --git a/html/password.php b/html/password.php
new file mode 100644 (file)
index 0000000..5348a45
--- /dev/null
+++ b/html/password.php
@@ -0,0 +1,300 @@
+<?php
+/*
+   This code is part of GOsa (https://gosa.gonicus.de)
+   Copyright (C) 2003-2007  Cajus Pollmeier
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+function displayPWchanger()
+{
+  global $smarty;
+
+  $smarty->display(get_template_path('password.tpl'));
+  exit();
+}
+
+/* Load required includes */
+require_once ("../include/php_setup.inc");
+require_once ("functions.inc");
+
+if(!class_exists("log")){
+  require_once("class_log.inc");
+}
+
+header("Content-type: text/html; charset=UTF-8");
+
+session_start();
+
+/* Destroy old session if exists.
+    Else you will get your old session back, if you not logged out correctly. */
+if(is_array($_SESSION) && count($_SESSION)){
+  session_destroy();
+  session_start();
+}
+
+/* Reset errors */
+$_SESSION['js']                 = true;
+$_SESSION['errors']             = "";
+$_SESSION['errorsAlreadyPosted']= array();
+$_SESSION['LastError']          = "";
+
+/* Check if CONFIG_FILE is accessible */
+if (!is_readable(CONFIG_DIR."/".CONFIG_FILE)){
+  echo sprintf(_("GOsa configuration %s/%s is not readable. Aborted."), CONFIG_DIR,CONFIG_FILE);
+  exit();
+}
+
+/* Parse configuration file */
+$config= new config(CONFIG_DIR."/".CONFIG_FILE, $BASE_DIR);
+$_SESSION['DEBUGLEVEL']= $config->data['MAIN']['DEBUGLEVEL'];
+if ($_SERVER["REQUEST_METHOD"] != "POST"){
+  @DEBUG (DEBUG_CONFIG, __LINE__, __FUNCTION__, __FILE__, $config->data, "config");
+}
+
+/* Set template compile directory */
+if (isset ($config->data['MAIN']['COMPILE'])){
+  $smarty->compile_dir= $config->data['MAIN']['COMPILE'];
+} else {
+  $smarty->compile_dir= '/var/spool/gosa';
+}
+
+/* Check for compile directory */
+if (!(is_dir($smarty->compile_dir) && is_writable($smarty->compile_dir))){
+  echo sprintf(_("Directory '%s' specified as compile directory is not accessible!"),
+        $smarty->compile_dir);
+  exit();
+}
+
+/* Check for old files in compile directory */
+clean_smarty_compile_dir($smarty->compile_dir);
+
+/* Language setup */
+if ($config->data['MAIN']['LANG'] == ""){
+  $lang= get_browser_language();
+} else {
+  $lang= $config->data['MAIN']['LANG'];
+}
+$lang.=".UTF-8";
+putenv("LANGUAGE=");
+putenv("LANG=$lang");
+setlocale(LC_ALL, $lang);
+$GLOBALS['t_language']= $lang;
+$GLOBALS['t_gettext_message_dir'] = $BASE_DIR.'/locale/';
+
+/* Set the text domain as 'messages' */
+$domain = 'messages';
+bindtextdomain($domain, "$BASE_DIR/locale");
+textdomain($domain);
+
+/* Generate server list */
+$servers= array();
+if (isset($_POST['server'])){
+       $directory= validate($_POST['server']);
+} else {
+       $directory= $config->data['MAIN']['DEFAULT'];
+}
+foreach ($config->data['LOCATIONS'] as $key => $ignored){
+       $servers[$key]= $key;
+}
+if (isset($_GET['directory']) && isset($servers[$_GET['directory']])){
+       $smarty->assign ("show_directory_chooser", false);
+       $directory= validate($_GET['directory']);
+} else {
+       $smarty->assign ("server_options", $servers);
+       $smarty->assign ("server_id", $directory);
+       $smarty->assign ("show_directory_chooser", true);
+}
+
+/* Set config to selected one */
+$config->set_current($directory);
+$_SESSION['config']= $config;
+
+if ($_SERVER["REQUEST_METHOD"] != "POST"){
+  @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, $lang, "Setting language to");
+}
+
+
+/* Check for SSL connection */
+$ssl= "";
+if (!isset($_SERVER['HTTPS']) ||
+    !stristr($_SERVER['HTTPS'], "on")) {
+
+  if (empty($_SERVER['REQUEST_URI'])) {
+    $ssl= "https://".$_SERVER['HTTP_HOST'].
+      $_SERVER['PATH_INFO'];
+  } else {
+    $ssl= "https://".$_SERVER['HTTP_HOST'].
+      $_SERVER['REQUEST_URI'];
+  }
+}
+
+/* If SSL is forced, just forward to the SSL enabled site */
+if ($config->data['MAIN']['FORCESSL'] == 'true' && $ssl != ''){
+  header ("Location: $ssl");
+  exit;
+}
+
+/* Check for selected password method */
+$method= $config->current['HASH'];
+if (isset($_GET['method'])){
+       $method= validate($_GET['method']);
+       $tmp = new passwordMethod($config);
+       $available = $tmp->get_available_methods_if_not_loaded();
+       if (!isset($available[$method])){
+               echo _("Error: Password method not available!");
+               exit;
+       }
+}
+
+
+/* Check for selected user... */
+if (isset($_GET['uid']) && $_GET['uid'] != ""){
+       $uid= validate($_GET['uid']);
+       $smarty->assign('display_username', false);
+} elseif (isset($_POST['uid'])){
+       $uid= validate($_POST['uid']);
+       $smarty->assign('display_username', true);
+} else {
+       $uid= "";
+       $smarty->assign('display_username', true);
+}
+$current_password= "";
+$smarty->assign("changed", false);
+
+/* Got a formular answer, validate and try to log in */
+if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['apply'])){
+
+  /* Destroy old sessions, they cause a successfull login to relog again ...*/
+  if(isset($_SESSION['_LAST_PAGE_REQUEST'])){
+    $_SESSION['_LAST_PAGE_REQUEST'] = time();
+  }
+
+  $message= array();
+  $current_password= $_POST['current_password'];
+
+  /* Do new and repeated password fields match? */
+  $new_password= $_POST['new_password'];
+  if ($_POST['new_password'] != $_POST['new_password_repeated']){
+         $message[]= _("The passwords you've entered as 'New password' and 'Repeated new password' do not match.");
+  } else {
+         if ($_POST['new_password'] == ""){
+                 $message[]= _("The password you've entered as 'New password' is empty.");
+         }
+  }
+
+  /* Password policy fulfilled? */
+  if (isset($config->data['MAIN']['PWDIFFER'])){
+         $l= $config->data['MAIN']['PWDIFFER'];
+         if (substr($_POST['current_password'], 0, $l) == substr($_POST['new_password'], 0, $l)){
+                 $message[]= _("The password used as new and current are too similar.");
+         }
+  }
+  if (isset($config->data['MAIN']['PWMINLEN'])){
+         if (strlen($_POST['new_password']) < $config->data['MAIN']['PWMINLEN']){
+                 $message[]= _("The password used as new is to short.");
+         }
+  }
+
+  /* Validate */
+  if (!ereg("^[A-Za-z0-9_.-]+$", $uid)){
+         $message[]= _("Please specify a valid username!");
+  } elseif (mb_strlen($_POST["current_password"], 'UTF-8') == 0){
+    $message[]= _("Please specify your password!");
+  } else {
+
+    /* Do we have the selected user somewhere? */
+    $ui= ldap_login_user ($uid, $current_password);
+
+    if ($ui == NULL){
+      $message[]= _("Please check the username/password combination.");
+    } else {
+      $acls = $ui->get_permissions($ui->dn,"users/password");
+      if(!preg_match("/w/i",$acls)){
+        $message[]= _("You have no permissions to change your password.");
+      }
+    }
+  }
+
+  /* Do we need to show error messages? */
+  if (count ($message) != 0){
+         /* Show error message and continue editing */
+         show_errors($message);
+  } else {
+
+         /* Passed quality check, just try to change the password now */
+         $output= "";
+         if (isset($config->data['MAIN']['EXTERNALPWDHOOK'])){
+                 exec($config->data['MAIN']['EXTERNALPWDHOOK']." ".$ui->username." ".
+                                 $_POST['current_password']." ".$_POST['new_password'], $resarr);
+                 if(count($resarr) > 0) {
+                         $output= join('\n', $resarr);
+                 }
+         }
+         if ($output != ""){
+                 $message[]= _("External password changer reported a problem: ".$output);
+                 show_errors($message);
+         } else {
+                 if ($method != ""){
+                         change_password ($ui->dn, $_POST['new_password'], 0, $method);
+                 } else {
+                         change_password ($ui->dn, $_POST['new_password']);
+                 }
+                 gosa_log ("User/password has been changed");
+                 $smarty->assign("changed", true);
+         }
+  }
+
+
+}
+
+/* Parameter fill up */
+$params= "";
+foreach (array('uid', 'method', 'directory') as $index){
+       $params.= "&amp;$index=".urlencode($$index);
+}
+$params= preg_replace('/^&amp;/', '?', $params);
+$smarty->assign('params', $params);
+
+/* Fill template with required values */
+$smarty->assign ('date', gmdate("D, d M Y H:i:s"));
+$smarty->assign ('uid', $uid);
+$smarty->assign ('password_img', get_template_path('images/password.png'));
+
+/* Displasy SSL mode warning? */
+if ($ssl != "" && $config->data['MAIN']['WARNSSL'] == 'true'){
+  $smarty->assign ("ssl", "<b>"._("Warning").":</b> "._("Session will not be encrypted.")." <a style=\"color:red;\" href=\"".htmlentities($ssl)."\"><b>"._("Enter SSL session")."</b></a>!");
+} else {
+  $smarty->assign ("ssl", "");
+}
+
+/* show login screen */
+$smarty->assign ("PHPSESSID", session_id());
+if (isset($_SESSION['errors'])){
+  $smarty->assign("errors", $_SESSION['errors']);
+}
+if ($error_collector != ""){
+  $smarty->assign("php_errors", $error_collector."</div>");
+} else {
+  $smarty->assign("php_errors", "");
+}
+
+displayPWchanger();
+
+?>
+
+</body>
+</html>
+// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:

diff --git a/html/themes/default/password-style.css b/html/themes/default/password-style.css
new file mode 100644 (file)
index 0000000..90e33f2
--- /dev/null
+++ b/html/themes/default/password-style.css
@@ -0,0 +1,56 @@
+body {
+        margin-left:0px;
+        margin-right:0px;
+        margin-top:0px;
+        margin-bottom:0px;
+        background-color:white;
+        color:#00008F;
+        font-family:arial,helvetica,sans-serif;
+       font-size:12px;
+}
+
+h1 {
+       margin:0px;
+       background-color:#A9FBA6;
+       border-bottom:1px solid #AAA;
+       padding-top:0.2em;
+       padding-bottom:0.2em;
+}
+
+img.center {
+        text-align:center;
+        vertical-align:middle;
+}
+
+h1.headline {
+       font-size:2em;
+}
+
+div.success {
+       padding:1em;
+}
+
+p.infotext {
+       padding:0.5em;
+}
+
+table {
+       border-spacing:0.5em;
+}
+
+div.change {
+       margin-right:0.5em;
+       text-align:right;
+}
+
+div.ruler {
+       border-top:1px solid #AAA;
+       width:100%;
+       height:1px;
+       margin-top:0.5em;
+       margin-bottom:0.5em;
+}
+
+table.iesucks {
+       width:60%;
+}

diff --git a/ihtml/themes/default/password.tpl b/ihtml/themes/default/password.tpl
new file mode 100644 (file)
index 0000000..1553ead
--- /dev/null
+++ b/ihtml/themes/default/password.tpl
@@ -0,0 +1,122 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
+       "http://www.w3.org/TR/html4/transitional.dtd">
+<html>
+
+<head>
+  <title>GOsa - {t}Change your password{/t}</title>
+
+  <meta name="generator" content="my hands">
+  <meta name="description" content="GOsa - Password changer">
+  <meta name="author" lang="de" content="Cajus Pollmeier">
+
+  <meta http-equiv="Expires" content="Mon, 26 Jul 1997 05:00:00 GMT">
+  <meta http-equiv="Last-Modified" content="{$date} GMT">
+  <meta http-equiv="Cache-Control" content="no-cache">
+  <meta http-equiv="Pragma" content="no-cache">
+  <meta http-equiv="Cache-Control" content="post-check=0, pre-check=0">
+  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+
+  <style type="text/css">@import url('themes/default/password-style.css');</style>
+  <link rel="shortcut icon" href="favicon.ico">
+
+  {if isset($ieworkaround)}<script language="javascript"src="include/png.js" type="text/javascript"></script>{/if}
+  <script language="javascript"src="include/focus.js" type="text/javascript"></script>
+  <script language="javascript"src="include/warning.js" type="text/javascript"></script>
+</head>
+
+<body style='height:100%; width:100%;'>
+{* GOsa login - smarty template *}
+{$php_errors}
+
+{if $changed}
+<div class='success'">
+<img class='center' src='images/true.png' alt='{t}Success{/t}' title='{t}Success{/t}'>&nbsp;<b>{t}Your password has been changed successfully.{/t}</b>
+</div>
+{else}
+<form action='password.php{$params}' method='post' name='mainform' onSubmit='js_check(this);return true;'>
+    <h1 class='headline'>
+    <img class='center' src='{$password_img}' alt='{t}Password{/t}' title='{t}Password{/t}'>
+    {t}Password change{/t}
+    </h1>
+
+    <!-- Display SSL warning message on demand -->
+    <p class='warning'> {$ssl} </p>
+    <input type='hidden' name='javascript' value='false'/>             
+
+    <!-- Display error message on demand -->
+    <p class='warning'> {$message} </p>
+
+
+    <p class="infotext">
+       {t}This dialog provides a simple way to change your password. Enter the current password and the new password (twice) in the fields below and press the 'Change' button.{/t}
+    </p>
+
+    <div class="ruler"></div>
+    <table>
+      {if $show_directory_chooser}
+      <tr>
+       <td>{t}Directory{/t}</td>
+       <td>
+          <select name='server'  title='{t}Directory{/t}'>
+            {html_options options=$server_options selected=$server_id}
+          </select>
+       </td>
+      </tr>
+      {/if}
+      <tr>
+       <td>{t}Username{/t}</td>
+       <td>{if $display_username}
+           <input type='text' name='uid' maxlength='25' value='{$uid}' title='{t}Username{/t}' onFocus="nextfield= 'current_password';">
+           {else}
+           <i>{$uid}</i>
+           {/if}
+       </td>
+      </tr>
+      <tr>
+       <td>{t}Current password{/t}</td>
+       <td><input type='password' name='current_password' maxlength='25' value='' title='{t}Current password{/t}' onFocus="nextfield= 'new_password';"></td>
+      </tr>
+      <tr>
+       <td>{t}New password{/t}</td>
+       <td><input type='password' name='new_password' maxlength='25' value='' title='{t}New password{/t}' onFocus="nextfield= 'new_password_repeated';"></td>
+      </tr>
+      <tr>
+       <td>{t}New password{/t} ({t}again{/t})</td>
+       <td><input type='password' name='new_password_repeated' maxlength='25' value='' title='{t}New password repeated{/t}' onFocus="nextfield= 'apply';"></td>
+      </tr>
+    </table>
+
+    <div class="ruler"></div>
+
+    <div class="change">
+    <input type='submit' name='apply' value='{t}Change{/t}'
+                 title='{t}Click here to change your password{/t}'>
+    </div>
+    <!-- check, if cookies are enabled -->
+    <p class='warning'>
+     <script language="JavaScript" type="text/javascript">
+        <!--
+            document.cookie = "gosatest=empty;path=/";
+            if (document.cookie.indexOf( "gosatest=") > -1 )
+                document.cookie = "gosatest=empty;path=/;expires=Thu, 01-Jan-1970 00:00:01 GMT";
+            else
+                document.write("{$cookies}");
+        -->
+     </script>
+    </p>
+
+</form>
+
+{/if}
+
+<table class='iesucks'><tr><td>{$errors}</td></tr></table>
+
+<!-- Place cursor in username field -->
+<script language="JavaScript" type="text/javascript">
+  <!-- // First input field on page
+  focus_field('error_accept','uid','directory', 'username', 'current_password');
+  -->
+</script>
+
+</body>
+</html>