1 <?php
2 /*
3 * This code is part of GOsa (http://www.gosa-project.org)
4 * Copyright (C) 2003-2008 GONICUS GmbH
5 *
6 * ID: $$Id$$
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 */
23 class password extends plugin
24 {
25 /* Definitions */
26 var $plHeadline = "Password";
27 var $plDescription = "Change user password";
29 var $proposal = "";
30 var $proposalEnabled = FALSE;
31 var $proposalSelected = FALSE;
32 var $proposalInitialized = FALSE;
34 var $forcedHash = NULL;
37 function password(&$config, $dn= NULL, $parent= NULL)
38 {
39 plugin::plugin($config, $dn, $parent);
41 }
43 function forceHash($hash)
44 {
45 $this->forcedHash = $hash;
46 }
48 function refreshProposal()
49 {
50 $this->proposal = passwordMethod::getPasswordProposal($this->config);
51 $this->proposalEnabled = (!empty($this->proposal));
52 }
54 function execute()
55 {
56 // Try to generate a password proposal, if this is successfull
57 // then preselect the proposal usage.
58 if(!$this->proposalInitialized){
59 $this->refreshProposal();
60 if($this->proposal != ""){
61 $this->proposalSelected = TRUE;
62 }
63 $this->proposalInitialized = TRUE;
64 }
66 plugin::execute();
67 $smarty = get_smarty();
68 $smarty->assign("usePrototype", "true");
69 $ui = get_userinfo();
71 /* Get acls */
72 $password_ACLS = $ui->get_permissions($ui->dn,"users/password");
73 $smarty->assign("ChangeACL" , $password_ACLS);
74 $smarty->assign("NotAllowed" , !preg_match("/w/i",$password_ACLS));
76 /* Display expiration template */
77 $smarty->assign("passwordExpired", FALSE);
78 if ($this->config->get_cfg_value("handleExpiredAccounts") == "true"){
79 $expired= ldap_expired_account($this->config, $ui->dn, $ui->username);
80 $smarty->assign("passwordExpired", $expired & POSIX_FORCE_PASSWORD_CHANGE);
81 if($expired == POSIX_DISALLOW_PASSWORD_CHANGE){
82 return($smarty->fetch(get_template_path("nochange.tpl", TRUE)));
83 }
84 }
87 // Refresh proposal if requested
88 if(isset($_POST['refreshProposal'])) $this->refreshProposal();
89 if(isset($_POST['proposalSelected'])) $this->proposalSelected = get_post('proposalSelected') == 1;
90 $smarty->assign("proposal" , $this->proposal);
91 $smarty->assign("proposalEnabled" , $this->proposalEnabled);
92 $smarty->assign("proposalSelected" , $this->proposalSelected);
94 /* Pwd change requested */
95 if (isset($_POST['password_finish'])){
98 if($this->proposalSelected){
99 $current_password = get_post('current_password');
100 $new_password = $this->proposal;
101 $repeated_password = $this->proposal;
102 }else{
103 $current_password = get_post('current_password');
104 $new_password = get_post('new_password');
105 $repeated_password = get_post('repeated_password');
106 }
109 /* Should we check different characters in new password */
110 $check_differ = $this->config->get_cfg_value("passwordMinDiffer") != "";
111 $differ = $this->config->get_cfg_value("passwordMinDiffer", 0);
113 /* Enable length check ? */
114 $check_length = $this->config->get_cfg_value("passwordMinLength") != "";
115 $length = $this->config->get_cfg_value("passwordMinLength", 0);
117 // Perform GOsa password policy checks
118 $message = array();
119 if(empty($current_password)){
120 $message[] = _("You need to specify your current password in order to proceed.");
121 }elseif($new_password != $repeated_password){
122 $message[] = _("The passwords you've entered as 'New password' and 'Repeated new password' do not match.");
123 }elseif($new_password == ""){
124 $message[] = _("The password you've entered as 'New password' is empty.");
125 }elseif($check_differ && (substr($current_password, 0, $differ) == substr($new_password, 0, $differ))){
126 $message[] = _("The password used as new and current are too similar.");
127 }elseif($check_length && (strlen($new_password) < $length)){
128 $message[] = _("The password used as new is to short.");
129 #}elseif(!passwordMethod::is_harmless($new_password)){
130 # $message[] = _("The password contains possibly problematic Unicode characters!");
131 }
133 /* Call external password quality hook ?*/
134 if(!count($message)){
135 $check_hook = $this->config->get_cfg_value("passwordHook") != "";
136 $hook = $this->config->get_cfg_value("passwordHook")." ".
137 escapeshellarg($ui->username)." ".escapeshellarg($current_password)." ".escapeshellarg($new_password);
138 if($check_hook){
139 exec($hook,$resarr);
140 $check_hook_output = "";
141 if(count($resarr) > 0) {
142 $check_hook_output= join('\n', $resarr);
143 }
144 if(!empty($check_hook_output)){
145 $message[] = sprintf(_("Check-hook reported a problem: %s. Password change canceled!"),$check_hook_output);
146 }
147 }
148 }
150 // Some errors/warning occured, display them and abort password change.
151 if(count($message)){
152 msg_dialog::displayChecks($message);
153 }else{
155 /* Try to connect via current password */
156 $tldap = new LDAP(
157 $ui->dn,
158 $current_password,
159 $this->config->current['SERVER'],
160 $this->config->get_cfg_value("ldapFollowReferrals") == "true",
161 $this->config->get_cfg_value("ldapTLS") == "true");
163 /* connection Successfull ? */
164 if (!$tldap->success()){
165 msg_dialog::display(_("Password change"),
166 _("The password you've entered as your current password doesn't match the real one."),WARNING_DIALOG);
167 }else{
169 /* Check GOsa permissions */
170 if (!preg_match("/w/i",$password_ACLS)){
171 msg_dialog::display(_("Password change"),
172 _("You have no permission to change your password."),WARNING_DIALOG);
173 }else{
174 $this->change_password($ui->dn, $new_password,$this->forcedHash);
175 gosa_log ("User/password has been changed");
176 $ui->password= $new_password;
177 session::set('ui',$ui);
178 #$this->handle_post_events("modify",array("userPassword" => $new_password));
179 return($smarty->fetch(get_template_path("changed.tpl", TRUE)));
180 }
181 }
182 }
183 }
184 return($smarty->fetch(get_template_path("password.tpl", TRUE)));
185 }
187 function change_password($dn, $pwd, $hash)
188 {
189 if(!$hash){
190 change_password ($dn, $pwd);
191 }else{
192 change_password ($dn, $pwd,0, $hash);
193 }
194 }
197 function remove_from_parent()
198 {
199 $this->handle_post_events("remove");
200 }
202 function save()
203 {
204 }
206 static function plInfo()
207 {
208 return (array(
209 "plDescription" => _("User password"),
210 "plSelfModify" => TRUE,
211 "plDepends" => array("user"),
212 "plPriority" => 10,
213 "plSection" => array("personal" => _("My account")),
214 "plCategory" => array("users"),
215 "plOptions" => array(),
217 "plProvidedAcls" => array())
218 );
219 }
221 }
222 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
223 ?>