From 995846d72c1232f59583c70f8dcc345f084cc984 Mon Sep 17 00:00:00 2001 From: opensides Date: Fri, 26 May 2006 11:45:37 +0000 Subject: [PATCH 1/1] first part of the account expiration code next part later today git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@3519 594d385d-05f5-0310-b6e9-bd551577e9d8 --- html/main.php | 13 ++++++ include/functions.inc | 94 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 107 insertions(+) diff --git a/html/main.php b/html/main.php index 660cd712b..35295c0cb 100644 --- a/html/main.php +++ b/html/main.php @@ -342,6 +342,18 @@ if (is_file("$plugin_dir/main.inc")){ /* Close div/tables */ + /* check if we are using account expiration */ + + if((isset($config->data['MAIN']['ACCOUNTEXPIRED'])) && $config->data['MAIN']['ACCOUNTEXPIRED'] == "1"){ + + $expired= ldap_expired_account($config, $ui->dn, $ui->username); + + if ($expired == 2){ + gosa_log ("password for user \"$ui->username\" is about to expire"); + print_red(_("Your password is about to expire, please change your password")); + } + } + /* Print_out last ErrorMessage repeated string. */ print_red(NULL); @@ -377,6 +389,7 @@ echo $display; $_SESSION['plist']= $plist; $_SESSION['config']= $config; + /* Echo compilation time * / $r = split(" ",$start); $ms = $r[0]; diff --git a/include/functions.inc b/include/functions.inc index fda4672ef..8588391b8 100644 --- a/include/functions.inc +++ b/include/functions.inc @@ -367,6 +367,100 @@ function ldap_login_user ($username, $password) } +function ldap_expired_account($config, $userdn, $username) +{ + $this->config= $config; + $ldap= $this->config->get_ldap_link(); + $ldap->cat($userdn); + $attrs= $ldap->fetch(); + + /* default value no errors */ + $expired = 0; + + $sExpire = 0; + $sLastChange = 0; + $sMax = 0; + $sMin = 0; + $sInactive = 0; + $sWarning = 0; + + $current= date("U"); + + $current= floor($current /60 /60 /24); + + /* special case of the admin, should never been locked */ + /* FIXME should allow any name as user admin */ + if($username != "admin") + { + + if(isset($attrs['shadowExpire'][0])){ + $sExpire= $attrs['shadowExpire'][0]; + } else { + $sExpire = 0; + } + + if(isset($attrs['shadowLastChange'][0])){ + $sLastChange= $attrs['shadowLastChange'][0]; + } else { + $sLastChange = 0; + } + + if(isset($attrs['shadowMax'][0])){ + $sMax= $attrs['shadowMax'][0]; + } else { + $smax = 0; + } + + if(isset($attrs['shadowMin'][0])){ + $sMin= $attrs['shadowMin'][0]; + } else { + $sMin = 0; + } + + if(isset($attrs['shadowInactive'][0])){ + $sInactive= $attrs['shadowInactive'][0]; + } else { + $sInactive = 0; + } + + if(isset($attrs['shadowWarning'][0])){ + $sWarning= $attrs['shadowWarning'][0]; + } else { + $sWarning = 0; + } + + /* is the account locked */ + /* shadowExpire + shadowInactive (option) */ + if($sExpire >0){ + if($current >= ($sExpire+$sInactive)){ + return(1); + } + } + + /* the user should be warned to change is password */ + if((($sExpire >0) && ($sWarning >0)) && ($sExpire >= $current)){ + if (($sExpire - $current) < $sWarning){ + return(2); + } + } + + /* force user to change password */ + if(($sLastChange >0) && ($sMax) >0){ + if($current >= ($sLastChange+$sMax)){ + return(3); + } + } + + /* the user should not be able to change is password */ + if(($sLastChange >0) && ($sMin >0)){ + if (($sLastChange + $sMin) >= $current){ + return(4); + } + } + } + return($expired); +} + function add_lock ($object, $user) { global $config; -- 2.30.2