149 lines
4.4 KiB
PHP
149 lines
4.4 KiB
PHP
<?php
|
|
|
|
namespace LAM\INIT;
|
|
|
|
use htmlButton;
|
|
use htmlOutputText;
|
|
use htmlResponsiveInputField;
|
|
use htmlResponsiveRow;
|
|
use htmlStatusMessage;
|
|
|
|
/*
|
|
|
|
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
|
Copyright (C) 2020 Roland Gruber
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation; either version 2 of the License, or
|
|
(at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program; if not, write to the Free Software
|
|
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
|
|
*/
|
|
|
|
/**
|
|
* Password change dialog for expired passwords.
|
|
*
|
|
* @author Roland Gruber
|
|
* @package main
|
|
*/
|
|
|
|
/** security functions */
|
|
include_once(__DIR__ . "/../lib/security.inc");
|
|
/** access to configuration settings */
|
|
include_once(__DIR__ . "/../lib/config.inc");
|
|
/** LDAP access */
|
|
include_once(__DIR__ . "/../lib/ldap.inc");
|
|
/** status messages */
|
|
include_once(__DIR__ . "/../lib/status.inc");
|
|
|
|
// start session
|
|
startSecureSession();
|
|
enforceUserIsLoggedIn();
|
|
|
|
if (!checkIfWriteAccessIsAllowed()) {
|
|
die();
|
|
}
|
|
|
|
setlanguage();
|
|
|
|
if (!empty($_POST)) {
|
|
validateSecurityToken();
|
|
}
|
|
|
|
$message = null;
|
|
|
|
// check if user already pressed button
|
|
if (isset($_POST['changePassword'])) {
|
|
// check new password
|
|
$password1 = $_POST['password1'];
|
|
$password2 = $_POST['password2'];
|
|
if ($password1 == '') {
|
|
$message = new htmlStatusMessage('ERROR', _('No password was entered!'));
|
|
printContent($message);
|
|
exit();
|
|
}
|
|
// check if passwords match
|
|
if ($password1 != $password2) {
|
|
$message = new htmlStatusMessage('ERROR', _('Passwords are different!'));
|
|
printContent($message);
|
|
exit();
|
|
}
|
|
// check passsword strength
|
|
$userDn = $_SESSION['ldap']->getUserName();
|
|
$additionalAttrs = array();
|
|
$rdnAttr = extractRDNAttribute($userDn);
|
|
$userName = null;
|
|
if ($rdnAttr === 'uid') {
|
|
$userName = extractRDNValue($userDn);
|
|
}
|
|
$pwdPolicyResult = checkPasswordStrength($password1, $userName, $additionalAttrs);
|
|
if ($pwdPolicyResult !== true) {
|
|
$message = new htmlStatusMessage('ERROR', $pwdPolicyResult);
|
|
printContent($message);
|
|
exit();
|
|
}
|
|
// set new password
|
|
$modifyResult = @ldap_exop_passwd($_SESSION['ldap']->server(), $userDn, $_SESSION['ldap']->getPassword(), $password1);
|
|
if ($modifyResult === true) {
|
|
$_SESSION['ldap']->encrypt_login($userDn, $password1);
|
|
$message = new htmlStatusMessage('INFO', _('Password changed.'));
|
|
printContent($message, false);
|
|
exit();
|
|
}
|
|
else {
|
|
$message = new htmlStatusMessage('ERROR', _('Unable to set password'), getExtendedLDAPErrorMessage($_SESSION['ldap']->server()));
|
|
printContent($message);
|
|
exit();
|
|
}
|
|
}
|
|
|
|
printContent($message);
|
|
|
|
/**
|
|
* Displays the content area
|
|
*
|
|
* @param htmlStatusMessage $message status message
|
|
* @param bool $showPasswordInputs show password input fields
|
|
*/
|
|
function printContent($message = null, $showPasswordInputs = true) {
|
|
include __DIR__ . '/../lib/adminHeader.inc';
|
|
echo '<div class="user-bright smallPaddingContent">';
|
|
echo "<form action=\"changePassword.php\" method=\"post\">\n";
|
|
$container = new htmlResponsiveRow();
|
|
if ($message !== null) {
|
|
$container->addVerticalSpacer('1rem');
|
|
$container->add($message, 12);
|
|
}
|
|
$container->addVerticalSpacer('2rem');
|
|
if ($showPasswordInputs) {
|
|
$container->add(new htmlOutputText(_("It seems your password expired. You can set a new one here.")), 12, 12, 12, 'text-center');
|
|
$container->addVerticalSpacer('2rem');
|
|
$pwdInput1 = new htmlResponsiveInputField(_('New password'), 'password1', '');
|
|
$pwdInput1->setIsPassword(true, true, true);
|
|
$container->add($pwdInput1, 12);
|
|
$pwdInput2 = new htmlResponsiveInputField(_('Repeat password'), 'password2', '');
|
|
$pwdInput2->setIsPassword(true);
|
|
$pwdInput2->setSameValueFieldID('password1');
|
|
$container->add($pwdInput2, 12);
|
|
$container->addVerticalSpacer('1rem');
|
|
$container->add(new htmlButton('changePassword', _("Submit")), 12, 12, 12, 'text-center');
|
|
addSecurityTokenToMetaHTML($container);
|
|
}
|
|
|
|
$tabindex = 1;
|
|
parseHtml(null, $container, array(), false, $tabindex, 'user');
|
|
|
|
echo "</form><br>\n";
|
|
echo "</div>\n";
|
|
include __DIR__ . '/../lib/adminFooter.inc';
|
|
}
|