first part of the account expiration code

next part later today

git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@3519 594d385d-05f5-0310-b6e9-bd551577e9d8

diff --git a/html/main.php b/html/main.php
index 660cd712b111e5ca6406d1b42604cca797fb492c..35295c0cbed87bd585c7f8dcf4798ca2efbf2741 100644 (file)
--- a/html/main.php
+++ b/html/main.php
@@ -342,6 +342,18 @@ if (is_file("$plugin_dir/main.inc")){
 
 /* Close div/tables */
 
+  /* check if we are using account expiration */
+
+  if((isset($config->data['MAIN']['ACCOUNTEXPIRED'])) && $config->data['MAIN']['ACCOUNTEXPIRED'] == "1"){
+    
+      $expired= ldap_expired_account($config, $ui->dn, $ui->username);
+
+      if ($expired == 2){
+        gosa_log ("password for user \"$ui->username\" is about to expire");
+        print_red(_("Your password is about to expire, please change your password"));
+      }
+  }
+  
 /* Print_out last ErrorMessage repeated string.
  */
 print_red(NULL);
@@ -377,6 +389,7 @@ echo $display;
 $_SESSION['plist']= $plist;
 $_SESSION['config']= $config;
 
+
 /* Echo compilation time * /
 $r = split(" ",$start);
 $ms = $r[0];

diff --git a/include/functions.inc b/include/functions.inc
index fda4672ef5937a3495d71aaf474856750fb53c9f..8588391b83b68c7e2b80a306088d13ff051f69d2 100644 (file)
--- a/include/functions.inc
+++ b/include/functions.inc
@@ -367,6 +367,100 @@ function ldap_login_user ($username, $password)
 }
 
 
+function ldap_expired_account($config, $userdn, $username)
+{
+    $this->config= $config;
+    $ldap= $this->config->get_ldap_link();
+    $ldap->cat($userdn);
+    $attrs= $ldap->fetch();
+    
+    /* default value no errors */
+    $expired = 0;
+    
+    $sExpire = 0;
+    $sLastChange = 0;
+    $sMax = 0;
+    $sMin = 0;
+    $sInactive = 0;
+    $sWarning = 0;
+    
+    $current= date("U");
+    
+    $current= floor($current /60 /60 /24);
+    
+    /* special case of the admin, should never been locked */
+    /* FIXME should allow any name as user admin */
+    if($username != "admin")
+    {
+
+      if(isset($attrs['shadowExpire'][0])){
+        $sExpire= $attrs['shadowExpire'][0];
+      } else {
+        $sExpire = 0;
+      }
+      
+      if(isset($attrs['shadowLastChange'][0])){
+        $sLastChange= $attrs['shadowLastChange'][0];
+      } else {
+        $sLastChange = 0;
+      }
+      
+      if(isset($attrs['shadowMax'][0])){
+        $sMax= $attrs['shadowMax'][0];
+      } else {
+        $smax = 0;
+      }
+
+      if(isset($attrs['shadowMin'][0])){
+        $sMin= $attrs['shadowMin'][0];
+      } else {
+        $sMin = 0;
+      }
+      
+      if(isset($attrs['shadowInactive'][0])){
+        $sInactive= $attrs['shadowInactive'][0];
+      } else {
+        $sInactive = 0;
+      }
+      
+      if(isset($attrs['shadowWarning'][0])){
+        $sWarning= $attrs['shadowWarning'][0];
+      } else {
+        $sWarning = 0;
+      }
+      
+      /* is the account locked */
+      /* shadowExpire + shadowInactive (option) */
+      if($sExpire >0){
+        if($current >= ($sExpire+$sInactive)){
+          return(1);
+        }
+      }
+    
+      /* the user should be warned to change is password */
+      if((($sExpire >0) && ($sWarning >0)) && ($sExpire >= $current)){
+        if (($sExpire - $current) < $sWarning){
+          return(2);
+        }
+      }
+      
+      /* force user to change password */
+      if(($sLastChange >0) && ($sMax) >0){
+        if($current >= ($sLastChange+$sMax)){
+          return(3);
+        }
+      }
+      
+      /* the user should not be able to change is password */
+      if(($sLastChange >0) && ($sMin >0)){
+        if (($sLastChange + $sMin) >= $current){
+          return(4);
+        }
+      }
+    }
+   return($expired);
+}
+
 function add_lock ($object, $user)
 {
   global $config;