From 1f7d27ff6d053866af9b93b95691f538b9eff1eb Mon Sep 17 00:00:00 2001
From: hickert
- | - |
- | - |
{t}Strength{/t} | -- - - | -
+ | + |
+ | + |
{t}Strength{/t} | ++ + + | +
+ {t}Use proposal{/t} + | ++ + + | +
+ {t}Manually specify a password{/t} + | +|
+ | + |
+ | + |
{t}Strength{/t} | ++ + + | +
diff --git a/gosa-core/plugins/personal/generic/changed.tpl b/gosa-core/plugins/personal/generic/changed.tpl new file mode 100644 index 000000000..4fe49ed3f --- /dev/null +++ b/gosa-core/plugins/personal/generic/changed.tpl @@ -0,0 +1,12 @@ + +
+ {t}You've successfully changed your password. Remember to change all programms configured to use it as well.{/t} +
+ ++ +
+ + diff --git a/gosa-core/plugins/personal/generic/main.inc b/gosa-core/plugins/personal/generic/main.inc index 9037a452c..b7cbfc87b 100644 --- a/gosa-core/plugins/personal/generic/main.inc +++ b/gosa-core/plugins/personal/generic/main.inc @@ -38,7 +38,7 @@ if ( $cleanup ){ }else{ /* Reset requested? */ - if (isset($_POST['edit_cancel']) || isset($_POST['password_cancel'])){ + if (isset($_POST['edit_cancel']) || isset($_POST['password_cancel'])|| isset($_POST['password_changed'])){ session::un_set ('edit'); session::un_set ('user'); } @@ -76,129 +76,91 @@ if ( $cleanup ){ } } - /* Perform password change */ - if (isset($_POST['password_finish'])){ - - /* For security reasons, check if user is allowed to set password again */ - if ($user->acl_is_writeable("userPassword") || $user->acl_is_createable()){ - - /* Check input and feed errors into 'message' */ - $message= array(); - - /* Sanity checks... */ - if ($_POST['new_password'] != $_POST['repeated_password']){ - - /* Matching passwords in new and repeated? */ - $message[]= _("The passwords you've entered as 'New password' and 'Repeated new password' do not match."); - } else { - - /* Empty password is not permitted by default. */ - if ($_POST['new_password'] == ""){ - $message[]= msgPool::required(_("New password")); - } - } - - /* Errors, or change password? */ - if (count($message) != 0){ - - /* Show error message and continue editing */ - msg_dialog::displayChecks($message); - $display.= $smarty->fetch(get_template_path('password.tpl', TRUE)); - return ($display); - } - change_password ($user->dn, $_POST['new_password'], 0, $user->pw_storage); - new log("modify","users/password","",array(),"Password has been changed"); - - } else { - - /* Missing permissions, show message */ - msg_dialog::display(_("Error"), _("You have no permission to set your password!"), ERROR_DIALOG); - } - - del_lock ($ui->dn); - session::un_set ('user'); - } - /* save changes to LDAP and disable edit mode */ + $info = ""; if (isset($_POST['edit_finish'])){ - /* Perform checks */ - $message= $user->check (); + /* Perform checks */ + $message= $user->check (); + + /* No errors, save object */ + if (count ($message) == 0){ + $user->save (); + del_lock ($ui->dn); + session::un_set ('edit'); + + /* Need to reset the password? */ + if($user->password_change_needed()){ - /* No errors, save object */ - if (count ($message) == 0){ - $user->save (); - del_lock ($ui->dn); - session::un_set ('edit'); + $user->passwordClass= new password($config, $ui->dn); + $user->passwordClass->forceHash($user->pw_storage); - /* Need to reset the password? */ - if($user->password_change_needed()){ - /* Save object */ - session::set('user',$user); + session::set('user',$user); + $display.=$user->passwordClass->execute(); + } else { + session::un_set ('user'); + } - $display.= $smarty->fetch(get_template_path('password.tpl', TRUE)); - return ($display); } else { - session::un_set ('user'); + /* Errors found, show message */ + msg_dialog::displayChecks($message); } + }elseif(isset($user->passwordClass)){ - } else { - /* Errors found, show message */ - msg_dialog::displayChecks($message); - } - } + $display.=$user->passwordClass->execute(); - /* Execute formular */ - if($lock_msg){ - $display.= $lock_msg; }else{ - $display.= $user->execute (); - } - - /* Store changes in session */ - if (session::is_set('edit')){ - session::set('user',$user); - } - - $info = ""; - /* Show page footer depending on the mode */ - if (!$user->cert_dialog && !$user->picture_dialog && !$user->dialog && $user->is_account && empty($lock_msg)){ - $display.= ""; - - /* Are we in edit mode? */ - if (session::is_set('edit')){ - $display.= "\n"; - $display.= " "; - $display.= "\n"; - - $info= " ".$ui->dn." "; - } else { - /* 'viewid' may be set by i.e. the phonelist plugin. This - means that we want to go back... */ - if (isset ($viewid)){ - $str= msgPool::backButton(); - $fn = "back"; - } else { - $str= msgPool::editButton(); - $fn = "edit"; - $info= " ".$ui->dn." "; + /* Execute formular */ + if($lock_msg){ + $display.= $lock_msg; + }else{ + $display.= $user->execute (); } - /* Only display edit button if there is at least one attribute editable */ - if(preg_match("/r/",$ui->get_permissions($ui->dn,"users/user"))){ - if ($fn == "edit"){ - $info.= " ". - msgPool::clickEditToChange(); - $display.= "\n"; - } + /* Store changes in session */ + if (session::is_set('edit')){ + session::set('user',$user); } - $display.= "\n"; - } - $display.= "
\n"; + /* Show page footer depending on the mode */ + if (!$user->cert_dialog && !$user->picture_dialog && !$user->dialog && $user->is_account && empty($lock_msg)){ + $display.= ""; + + /* Are we in edit mode? */ + if (session::is_set('edit')){ + $display.= "\n"; + $display.= " "; + $display.= "\n"; + + $info= " ".$ui->dn." "; + } else { + /* 'viewid' may be set by i.e. the phonelist plugin. This + means that we want to go back... */ + if (isset ($viewid)){ + $str= msgPool::backButton(); + $fn = "back"; + } else { + $str= msgPool::editButton(); + $fn = "edit"; + $info= " ".$ui->dn." "; + } + + /* Only display edit button if there is at least one attribute editable */ + if(preg_match("/r/",$ui->get_permissions($ui->dn,"users/user"))){ + if ($fn == "edit"){ + $info.= " ". + msgPool::clickEditToChange(); + $display.= "\n"; + } + } + + $display.= "\n"; + } + $display.= "
\n"; + } } /* Page header*/ diff --git a/gosa-core/plugins/personal/generic/password.tpl b/gosa-core/plugins/personal/generic/password.tpl index 0430e544e..ab93bc83f 100644 --- a/gosa-core/plugins/personal/generic/password.tpl +++ b/gosa-core/plugins/personal/generic/password.tpl @@ -1,28 +1,103 @@ + + ++ {t}To change your personal password use the fields below. The changes take effect immediately. Please memorize the new password, because you wouldn't be able to login without it.{/t} +
+- {t}You have changed the method your password is stored in the ldap database. For that reason you've to enter your password at this point again. GOsa will then encode it with the selected method.{/t} + {t}Changing the password affects your authentification on mail, proxy, samba and unix services.{/t}
-- | - |
- | - |
+ | + |
+ | + |
+ | + |
{t}Password strength{/t} | ++ + + | +
+ | + |
+ {t}Use proposal{/t} + | ++ + + | +
+ {t}Manually specify a password{/t} + | +|
+ | + |
+ | + |
{t}Password strength{/t} | ++ + + | +
- + +
+ + + diff --git a/gosa-core/plugins/personal/password/class_password.inc b/gosa-core/plugins/personal/password/class_password.inc index f0b288b75..06e9db7b8 100644 --- a/gosa-core/plugins/personal/password/class_password.inc +++ b/gosa-core/plugins/personal/password/class_password.inc @@ -26,11 +26,35 @@ class password extends plugin var $plHeadline = "Password"; var $plDescription = "Change user password"; + var $proposal = ""; + var $proposalEnabled = FALSE; + var $proposalSelected = FALSE; + + var $forcedHash = NULL; + + function password(&$config, $dn= NULL, $parent= NULL) { - plugin::plugin($config, $dn, $parent); + plugin::plugin($config, $dn, $parent); + + // Try to generate a password proposal, if this is successfull + // then preselect the proposal usage. + $this->refreshProposal(); + if($this->proposal != ""){ + $this->proposalSelected = TRUE; + } } + function forceHash($hash) + { + $this->forcedHash = $hash; + } + + function refreshProposal() + { + $this->proposal = passwordMethod::getPasswordProposal($this->config); + $this->proposalEnabled = (!empty($this->proposal)); + } function execute() { @@ -51,9 +75,31 @@ class password extends plugin } } + + // Refresh proposal if requested + if(isset($_POST['refreshProposal'])) $this->refreshProposal(); + $smarty->assign("proposal" , $this->proposal); + $smarty->assign("proposalEnabled" , $this->proposalEnabled); + $smarty->assign("proposalSelected" , $this->proposalSelected); + + if(isset($_POST['proposalSelected'])) $this->proposalSelected = get_post('proposalSelected') == 1; + + /* Pwd change requested */ if (isset($_POST['password_finish'])){ + + if($this->proposalSelected){ + $current_password = get_post('current_password'); + $new_password = $this->proposal; + $repeated_password = $this->proposal; + }else{ + $current_password = get_post('current_password'); + $new_password = get_post('new_password'); + $repeated_password = get_post('repeated_password'); + } + + /* Should we check different characters in new password */ $check_differ = $this->config->get_cfg_value("passwordMinDiffer") != ""; $differ = $this->config->get_cfg_value("passwordMinDiffer", 0); @@ -74,19 +120,19 @@ class password extends plugin } /* Check given values */ - if(!isset($_POST['current_password']) || empty($_POST['current_password'])){ + if(!isset($current_password) || empty($current_password)){ msg_dialog::display(_("Password change"), _("You need to specify your current password in order to proceed."),WARNING_DIALOG); - }elseif ($_POST['new_password'] != $_POST['repeated_password']){ + }elseif ($new_password != $repeated_password){ msg_dialog::display(_("Password change"), _("The passwords you've entered as 'New password' and 'Repeated new password' do not match."),WARNING_DIALOG); - } elseif ($_POST['new_password'] == ""){ + } elseif ($new_password == ""){ msg_dialog::display(_("Password change"), _("The password you've entered as 'New password' is empty."),WARNING_DIALOG); - }elseif($check_differ && (substr($_POST['current_password'], 0, $differ) == substr($_POST['new_password'], 0, $differ))){ + }elseif($check_differ && (substr($current_password, 0, $differ) == substr($new_password, 0, $differ))){ msg_dialog::display(_("Password change"), _("The password used as new and current are too similar."),WARNING_DIALOG); - }elseif($check_length && (strlen($_POST['new_password']) < $length)){ + }elseif($check_length && (strlen($new_password) < $length)){ msg_dialog::display(_("Password change"), _("The password used as new is to short."),WARNING_DIALOG); }elseif($check_hook && $check_hook_output != ""){ @@ -97,7 +143,7 @@ class password extends plugin /* Try to connect via current password */ $tldap = new LDAP( $ui->dn, - $_POST['current_password'], + $current_password, $this->config->current['SERVER'], $this->config->get_cfg_value("ldapFollowReferrals") == "true", $this->config->get_cfg_value("ldapTLS") == "true"); @@ -113,11 +159,11 @@ class password extends plugin msg_dialog::display(_("Password change"), _("You have no permission to change your password."),WARNING_DIALOG); }else{ - $this->change_password($ui->dn, $_POST['new_password']); + $this->change_password($ui->dn, $new_password,$this->forcedHash); gosa_log ("User/password has been changed"); - $ui->password= $_POST['new_password']; + $ui->password= $new_password; session::set('ui',$ui); -#$this->handle_post_events("modify",array("userPassword" => $_POST['new_password'])); +#$this->handle_post_events("modify",array("userPassword" => $new_password)); return($smarty->fetch(get_template_path("changed.tpl", TRUE))); } } @@ -126,11 +172,16 @@ class password extends plugin return($smarty->fetch(get_template_path("password.tpl", TRUE))); } - function change_password($dn, $pwd) + function change_password($dn, $pwd, $hash) { - change_password ($dn, $pwd); + if(!$hash){ + change_password ($dn, $pwd); + }else{ + change_password ($dn, $pwd,0, $hash); + } } + function remove_from_parent() { $this->handle_post_events("remove"); diff --git a/gosa-core/plugins/personal/password/password.tpl b/gosa-core/plugins/personal/password/password.tpl index 88ffa0292..ab93bc83f 100644 --- a/gosa-core/plugins/personal/password/password.tpl +++ b/gosa-core/plugins/personal/password/password.tpl @@ -8,30 +8,79 @@ {t}Changing the password affects your authentification on mail, proxy, samba and unix services.{/t} -- | - |
- | - |
- | - |
{t}Password strength{/t} | -- - - | -
+ | + |
+ | + |
+ | + |
{t}Password strength{/t} | ++ + + | +
+ | + |
+ {t}Use proposal{/t} + | ++ + + | +
+ {t}Manually specify a password{/t} + | +|
+ | + |
+ | + |
{t}Password strength{/t} | ++ + + | +