![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 38ce537)
raw | patch | inline | side by side (parent: 38ce537)
| author | hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8> | |
| Mon, 13 Sep 2010 08:22:08 +0000 (08:22 +0000) | ||
| committer | hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8> | |
| Mon, 13 Sep 2010 08:22:08 +0000 (08:22 +0000) |
-Migrating password changes accidentally made in tags/2.6 instead of branch/2.6 failed.
-Applied patch maunally
git-svn-id: https://oss.gonicus.de/repositories/gosa/branches/2.6@19613 594d385d-05f5-0310-b6e9-bd551577e9d8
-Applied patch maunally
git-svn-id: https://oss.gonicus.de/repositories/gosa/branches/2.6@19613 594d385d-05f5-0310-b6e9-bd551577e9d8
| gosa-core/plugins/personal/password/class_password.inc | patch | blob | history |
diff --git a/gosa-core/plugins/personal/password/class_password.inc b/gosa-core/plugins/personal/password/class_password.inc
index aa18925bca9001e2c8b475d6c7394a81b7441cb5..e3df757b5df83eef27c151c47844acdad4d75396 100644 (file)
class password extends plugin
{
- /* Definitions */
- var $plHeadline = "Password";
- var $plDescription = "Change user password";
-
- function password(&$config, $dn= NULL, $parent= NULL)
- {
- plugin::plugin($config, $dn, $parent);
+ /* Definitions */
+ var $plHeadline = "Password";
+ var $plDescription = "Change user password";
+
+ var $proposal = "";
+ var $proposalEnabled = FALSE;
+ var $proposalSelected = FALSE;
+
+ var $forcedHash = NULL;
+
+
+ function password(&$config, $dn= NULL, $parent= NULL)
+ {
+ plugin::plugin($config, $dn, $parent);
+
+ // Try to generate a password proposal, if this is successfull
+ // then preselect the proposal usage.
+ $this->refreshProposal();
+ if($this->proposal != ""){
+ $this->proposalSelected = TRUE;
+ }
+ }
+
+ function forceHash($hash)
+ {
+ $this->forcedHash = $hash;
+ }
+
+ function refreshProposal()
+ {
+ $this->proposal = passwordMethod::getPasswordProposal($this->config);
+ $this->proposalEnabled = (!empty($this->proposal));
+ }
+
+ function execute()
+ {
+ plugin::execute();
+ $smarty = get_smarty();
+ $smarty->assign("usePrototype", "true");
+ $ui = get_userinfo();
+
+ /* Get acls */
+ $password_ACLS = $ui->get_permissions($ui->dn,"users/password");
+ $smarty->assign("ChangeACL" , $password_ACLS);
+ $smarty->assign("NotAllowed" , !preg_match("/w/i",$password_ACLS));
+
+ /* Display expiration template */
+ $smarty->assign("passwordExpired", FALSE);
+ if ($this->config->get_cfg_value("handleExpiredAccounts") == "true"){
+ $expired= ldap_expired_account($this->config, $ui->dn, $ui->username);
+ $smarty->assign("passwordExpired", $expired & POSIX_FORCE_PASSWORD_CHANGE);
+ if($expired == POSIX_DISALLOW_PASSWORD_CHANGE){
+ return($smarty->fetch(get_template_path("nochange.tpl", TRUE)));
+ }
}
- function execute()
- {
- plugin::execute();
- $smarty = get_smarty();
- $ui = get_userinfo();
+ // Refresh proposal if requested
+ if(isset($_POST['refreshProposal'])) $this->refreshProposal();
+ if(isset($_POST['proposalSelected'])) $this->proposalSelected = get_post('proposalSelected') == 1;
+ $smarty->assign("proposal" , $this->proposal);
+ $smarty->assign("proposalEnabled" , $this->proposalEnabled);
+ $smarty->assign("proposalSelected" , $this->proposalSelected);
- /* Get acls */
- $password_ACLS = $ui->get_permissions($ui->dn,"users/password");
- $smarty->assign("ChangeACL" , $password_ACLS);
- $smarty->assign("NotAllowed" , !preg_match("/w/i",$password_ACLS));
+ /* Pwd change requested */
+ if (isset($_POST['password_finish'])){
- /* Display expiration template */
- if ($this->config->get_cfg_value("handleExpiredAccounts") == "true"){
- $expired= ldap_expired_account($this->config, $ui->dn, $ui->username);
- if($expired == 4){
- return($smarty->fetch(get_template_path("nochange.tpl", TRUE)));
- }
- }
- /* Pwd change requested */
- if (isset($_POST['password_finish'])){
-
- /* Should we check different characters in new password */
- $check_differ = $this->config->get_cfg_value("passwordMinDiffer") != "";
- $differ = $this->config->get_cfg_value("passwordMinDiffer", 0);
-
- /* Enable length check ? */
- $check_length = $this->config->get_cfg_value("passwordMinLength") != "";
- $length = $this->config->get_cfg_value("passwordMinLength", 0);
-
- // Validate input
- $message = array();
- if(!isset($_POST['current_password']) || empty($_POST['current_password'])){
- $message[] = _("You need to specify your current password in order to proceed.");
- }elseif ($_POST['new_password'] != $_POST['repeated_password']){
- $message[] = _("The passwords you've entered as 'New password' and 'Repeated new password' do not match.");
- } elseif ($_POST['new_password'] == ""){
- $message[] = _("The password you've entered as 'New password' is empty.");
- }elseif($check_differ && (substr($_POST['current_password'], 0, $differ) == substr($_POST['new_password'], 0, $differ))){
- $message[] = _("The password used as new and current are too similar.");
- }elseif($check_length && (strlen($_POST['new_password']) < $length)){
- $message[] = _("The password used as new is to short.");
- }
-
- // No errors yet, so call the external password hook.
- if(!count($message)){
- $check_hook = $this->config->get_cfg_value("passwordHook") != "";
- $hook = $this->config->get_cfg_value("passwordHook")." ".
- $ui->username." ".$_POST['current_password']." ".$_POST['new_password'];
- if($check_hook){
- exec($hook,$resarr);
- $check_hook_output = "";
- if(count($resarr) > 0) {
- $check_hook_output= join('\n', $resarr);
- }
- $check_hook_output= sprintf(_("External password changer reported a problem: %s."),$check_hook_output);
- if(!empty($check_hook_output)) $message[] = $check_hook_output;
- }
- }
-
- if(count($message)){
- msg_dialog::displayChecks($message);
- }else{
-
- /* Try to connect via current password */
- $tldap = new LDAP(
- $ui->dn,
- $_POST['current_password'],
- $this->config->current['SERVER'],
- $this->config->get_cfg_value("ldapFollowReferrals") == "true",
- $this->config->get_cfg_value("ldapTLS") == "true");
-
- /* connection Successfull ? */
- if (!$tldap->success()){
- msg_dialog::display(_("Password change"),
- _("The password you've entered as your current password doesn't match the real one."),WARNING_DIALOG);
- }else{
-
- /* Check GOsa permissions */
- if (!preg_match("/w/i",$password_ACLS)){
- msg_dialog::display(_("Password change"),
- _("You have no permission to change your password."),WARNING_DIALOG);
- }else{
- change_password ($ui->dn, $_POST['new_password']);
- gosa_log ("User/password has been changed");
- $ui->password= $_POST['new_password'];
- session::set('ui',$ui);
- return($smarty->fetch(get_template_path("changed.tpl", TRUE)));
- }
- }
- }
+ if($this->proposalSelected){
+ $current_password = get_post('current_password');
+ $new_password = $this->proposal;
+ $repeated_password = $this->proposal;
+ }else{
+ $current_password = get_post('current_password');
+ $new_password = get_post('new_password');
+ $repeated_password = get_post('repeated_password');
}
- return($smarty->fetch(get_template_path("password.tpl", TRUE)));
- }
-
- function remove_from_parent()
- {
- $this->handle_post_events("remove");
- }
- function save()
- {
- }
- static function plInfo()
- {
- return (array(
- "plDescription" => _("User password"),
- "plSelfModify" => TRUE,
- "plDepends" => array("user"),
- "plPriority" => 10,
- "plSection" => array("personal" => _("My account")),
- "plCategory" => array("users"),
- "plOptions" => array(),
-
- "plProvidedAcls" => array())
- );
+ /* Should we check different characters in new password */
+ $check_differ = $this->config->get_cfg_value("passwordMinDiffer") != "";
+ $differ = $this->config->get_cfg_value("passwordMinDiffer", 0);
+
+ /* Enable length check ? */
+ $check_length = $this->config->get_cfg_value("passwordMinLength") != "";
+ $length = $this->config->get_cfg_value("passwordMinLength", 0);
+
+ // Perform GOsa password policy checks
+ $message = array();
+ if(empty($current_password)){
+ $message[] = _("You need to specify your current password in order to proceed.");
+ }elseif($new_password != $repeated_password){
+ $message[] = _("The passwords you've entered as 'New password' and 'Repeated new password' do not match.");
+ }elseif($new_password == ""){
+ $message[] = _("The password you've entered as 'New password' is empty.");
+ }elseif($check_differ && (substr($current_password, 0, $differ) == substr($new_password, 0, $differ))){
+ $message[] = _("The password used as new and current are too similar.");
+ }elseif($check_length && (strlen($new_password) < $length)){
+ $message[] = _("The password used as new is to short.");
+ }elseif(!passwordMethod::is_harmless($new_password)){
+ $message[] = _("The password contains possibly problematic Unicode characters!");
+ }
+
+ /* Call external password quality hook ?*/
+ if(!count($message)){
+ $check_hook = $this->config->get_cfg_value("passwordHook") != "";
+ $hook = $this->config->get_cfg_value("passwordHook")." ".
+ escapeshellarg($ui->username)." ".escapeshellarg($current_password)." ".escapeshellarg($new_password);
+ if($check_hook){
+ exec($hook,$resarr);
+ $check_hook_output = "";
+ if(count($resarr) > 0) {
+ $check_hook_output= join('\n', $resarr);
+ }
+ if(!empty($check_hook_output)){
+ $message[] = sprintf(_("Check-hook reported a problem: %s. Password change canceled!"),$check_hook_output);
+ }
+ }
+ }
+
+ // Some errors/warning occured, display them and abort password change.
+ if(count($message)){
+ msg_dialog::displayChecks($message);
+ }else{
+
+ /* Try to connect via current password */
+ $tldap = new LDAP(
+ $ui->dn,
+ $current_password,
+ $this->config->current['SERVER'],
+ $this->config->get_cfg_value("ldapFollowReferrals") == "true",
+ $this->config->get_cfg_value("ldapTLS") == "true");
+
+ /* connection Successfull ? */
+ if (!$tldap->success()){
+ msg_dialog::display(_("Password change"),
+ _("The password you've entered as your current password doesn't match the real one."),WARNING_DIALOG);
+ }else{
+
+ /* Check GOsa permissions */
+ if (!preg_match("/w/i",$password_ACLS)){
+ msg_dialog::display(_("Password change"),
+ _("You have no permission to change your password."),WARNING_DIALOG);
+ }else{
+ $this->change_password($ui->dn, $new_password,$this->forcedHash);
+ gosa_log ("User/password has been changed");
+ $ui->password= $new_password;
+ session::set('ui',$ui);
+#$this->handle_post_events("modify",array("userPassword" => $new_password));
+ return($smarty->fetch(get_template_path("changed.tpl", TRUE)));
+ }
+ }
+ }
}
+ return($smarty->fetch(get_template_path("password.tpl", TRUE)));
+ }
+
+ function change_password($dn, $pwd, $hash)
+ {
+ if(!$hash){
+ change_password ($dn, $pwd);
+ }else{
+ change_password ($dn, $pwd,0, $hash);
+ }
+ }
+
+
+ function remove_from_parent()
+ {
+ $this->handle_post_events("remove");
+ }
+
+ function save()
+ {
+ }
+
+ static function plInfo()
+ {
+ return (array(
+ "plDescription" => _("User password"),
+ "plSelfModify" => TRUE,
+ "plDepends" => array("user"),
+ "plPriority" => 10,
+ "plSection" => array("personal" => _("My account")),
+ "plCategory" => array("users"),
+ "plOptions" => array(),
+
+ "plProvidedAcls" => array())
+ );
+ }
}
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: