From d6900a27b927cb4375396efdbfbff08fb51c6cae Mon Sep 17 00:00:00 2001
From: Roland Gruber <post@rolandgruber.de>
Date: Sat, 28 Sep 2013 11:44:41 +0000
Subject: [PATCH] show last password change in self service

---
 lam/lib/modules/sambaSamAccount.inc | 27 ++++++++++++++++++++++-
 lam/lib/modules/shadowAccount.inc   | 33 ++++++++++++++++++++++++++++-
 2 files changed, 58 insertions(+), 2 deletions(-)

diff --git a/lam/lib/modules/sambaSamAccount.inc b/lam/lib/modules/sambaSamAccount.inc
index ac6d7670..4fba2926 100644
--- a/lam/lib/modules/sambaSamAccount.inc
+++ b/lam/lib/modules/sambaSamAccount.inc
@@ -241,6 +241,7 @@ class sambaSamAccount extends baseModule implements passwordService {
 			'syncLMPassword' => _('Sync Samba LM password with Unix password'),
 			'syncSambaPwdLastSet' => _('Update attribute "sambaPwdLastSet" on password change'),
 			'password' => _('Password'),
+			'sambaPwdLastSet' => _('Last password change (read-only)'),
 		);
 		// help Entries
 		$return['help'] = array (
@@ -382,6 +383,9 @@ class sambaSamAccount extends baseModule implements passwordService {
 			'lmHash' => array (
 				"Headline" => _("Disable LM hashes"),
 				"Text" => _("Windows password hashes are saved by default as NT and LM hashes. LM hashes are insecure and only needed for old versions of Windows. You should disable them unless you really need them.")),
+			'sambaPwdLastSet' => array (
+				"Headline" => _("Last password change"), 'attr' => 'sambaPwdLastSet',
+				"Text" => _("This is the date when the user changed his password.")),
 			'hiddenOptions' => array(
 				"Headline" => _("Hidden options"),
 				"Text" => _("The selected options will not be managed inside LAM. You can use this to reduce the number of displayed input fields.")),
@@ -585,6 +589,8 @@ class sambaSamAccount extends baseModule implements passwordService {
 		$hiddenContainer->addElement(new htmlTableExtendedInputCheckbox('sambaSamAccount_hideProfilePath', false, _('Profile path'), null, false));
 		$hiddenContainer->addElement(new htmlOutputText(' '));
 		$hiddenContainer->addElement(new htmlTableExtendedInputCheckbox('sambaSamAccount_hideLogonScript', false, _('Logon script'), null, false));
+		$hiddenContainer->addElement(new htmlOutputText(' '));
+		$hiddenContainer->addElement(new htmlTableExtendedInputCheckbox('sambaSamAccount_hideSambaPwdLastSet', false, _('Last password change'), null, false));
 		$hiddenContainer->addNewLine();
 		$hiddenContainer->addElement(new htmlTableExtendedInputCheckbox('sambaSamAccount_hideWorkstations', false, _('Samba workstations'), null, false));
 		$hiddenContainer->addElement(new htmlOutputText(' '));
@@ -1137,7 +1143,17 @@ class sambaSamAccount extends baseModule implements passwordService {
 				}
 				$return->addElement(new htmlTableExtendedInputCheckbox('sambaAcctFlagsL', $locked, _('Account is locked'), 'locked'), true);
 				// password change at next login
-				$return->addElement(new htmlTableExtendedInputCheckbox('forcePasswordChangeOption', $this->expirePassword, _('Password change at next login'), 'passwordIsExpired'), true);	
+				$return->addElement(new htmlTableExtendedInputCheckbox('forcePasswordChangeOption', $this->expirePassword, _('Password change at next login'), 'passwordIsExpired'), true);
+				// last password change
+				if (!$this->isBooleanConfigOptionSet('sambaSamAccount_hideSambaPwdLastSet')) {
+					$sambaPwdLastSet = '';
+					if (!empty($this->attributes['sambaPwdLastSet'][0])) {
+						$sambaPwdLastSet = date('d.m.Y H:i', $this->attributes['sambaPwdLastSet'][0]);
+					}
+					$return->addElement(new htmlOutputText(_('Last password change')));
+					$return->addElement(new htmlOutputText($sambaPwdLastSet));
+					$return->addElement(new htmlHelpLink('sambaPwdLastSet'), true);
+				}
 				// password can be changed
 				$return->addElement(new htmlOutputText(_('User can change password')));
 				$tempTable = new htmlTable();
@@ -2297,6 +2313,15 @@ class sambaSamAccount extends baseModule implements passwordService {
 				$pwdTable
 			));
 		}
+		if (in_array('sambaPwdLastSet', $fields)) {
+			$sambaPwdLastSet = '';
+			if (isset($attributes['sambaPwdLastSet'][0])) {
+				$sambaPwdLastSet = date('d.m.Y H:i', $attributes['sambaPwdLastSet'][0]);
+			}
+			$return['sambaPwdLastSet'] = new htmlTableRow(array(
+				new htmlOutputText(_('Last password change')), new htmlOutputText($sambaPwdLastSet)
+			));
+		}
 		return $return;
 	}
 
diff --git a/lam/lib/modules/shadowAccount.inc b/lam/lib/modules/shadowAccount.inc
index 64af90e3..c1b4bea8 100644
--- a/lam/lib/modules/shadowAccount.inc
+++ b/lam/lib/modules/shadowAccount.inc
@@ -4,7 +4,7 @@ $Id$
 
   This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
   Copyright (C) 2003 - 2006  Tilo Lutz
-  Copyright (C) 2007 - 2012  Roland Gruber
+  Copyright (C) 2007 - 2013  Roland Gruber
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -228,6 +228,8 @@ class shadowAccount extends baseModule implements passwordService {
 				'example' => '17-07-2011'
 			)
 		);
+		// self service fields
+		$return['selfServiceFieldSettings'] = array('shadowLastChange' => _('Last password change (read-only)'));
 		return $return;
 	}
 
@@ -665,6 +667,35 @@ class shadowAccount extends baseModule implements passwordService {
 			intval($year))/3600/24);
 	}
 		
+	/**
+	 * Returns the meta HTML code for each input field.
+	 * format: array(<field1> => array(<META HTML>), ...)
+	 * It is not possible to display help links.
+	 *
+	 * @param array $fields list of active fields
+	 * @param array $attributes attributes of LDAP account
+	 * @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
+	 * @param array $readOnlyFields list of read-only fields
+	 * @return array list of meta HTML elements (field name => htmlTableRow)
+	 */
+	function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) {
+		$return = array();
+		if ($passwordChangeOnly) {
+			return $return; // no fields as long no LDAP content can be read
+		}
+		if (in_array('shadowLastChange', $fields)) {
+			$shadowLastChange = '';
+			if (isset($attributes['shadowLastChange'][0])) {
+				$date = getdate($attributes['shadowLastChange'][0] * 3600 * 24);
+				$shadowLastChange = $date['mday'] . "." . $date['mon'] . "." . $date['year'];
+			}
+			$return['shadowLastChange'] = new htmlTableRow(array(
+				new htmlOutputText(_('Last password change')), new htmlOutputText($shadowLastChange)
+			));
+		}
+		return $return;
+	}
+
 }
 
 ?>