LDAPAccountManager/lam/templates/changePassword.php

149 lines
4.4 KiB
PHP

<?php
namespace LAM\INIT;
use htmlButton;
use htmlOutputText;
use htmlResponsiveInputField;
use htmlResponsiveRow;
use htmlStatusMessage;
/*
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2020 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/**
* Password change dialog for expired passwords.
*
* @author Roland Gruber
* @package main
*/
/** security functions */
include_once(__DIR__ . "/../lib/security.inc");
/** access to configuration settings */
include_once(__DIR__ . "/../lib/config.inc");
/** LDAP access */
include_once(__DIR__ . "/../lib/ldap.inc");
/** status messages */
include_once(__DIR__ . "/../lib/status.inc");
// start session
startSecureSession();
enforceUserIsLoggedIn();
if (!checkIfWriteAccessIsAllowed()) {
die();
}
setlanguage();
if (!empty($_POST)) {
validateSecurityToken();
}
$message = null;
// check if user already pressed button
if (isset($_POST['changePassword'])) {
// check new password
$password1 = $_POST['password1'];
$password2 = $_POST['password2'];
if ($password1 == '') {
$message = new htmlStatusMessage('ERROR', _('No password was entered!'));
printContent($message);
exit();
}
// check if passwords match
if ($password1 != $password2) {
$message = new htmlStatusMessage('ERROR', _('Passwords are different!'));
printContent($message);
exit();
}
// check passsword strength
$userDn = $_SESSION['ldap']->getUserName();
$additionalAttrs = array();
$rdnAttr = extractRDNAttribute($userDn);
$userName = null;
if ($rdnAttr === 'uid') {
$userName = extractRDNValue($userDn);
}
$pwdPolicyResult = checkPasswordStrength($password1, $userName, $additionalAttrs);
if ($pwdPolicyResult !== true) {
$message = new htmlStatusMessage('ERROR', $pwdPolicyResult);
printContent($message);
exit();
}
// set new password
$modifyResult = @ldap_exop_passwd($_SESSION['ldap']->server(), $userDn, $_SESSION['ldap']->getPassword(), $password1);
if ($modifyResult === true) {
$_SESSION['ldap']->encrypt_login($userDn, $password1);
$message = new htmlStatusMessage('INFO', _('Password changed.'));
printContent($message, false);
exit();
}
else {
$message = new htmlStatusMessage('ERROR', _('Unable to set password'), getExtendedLDAPErrorMessage($_SESSION['ldap']->server()));
printContent($message);
exit();
}
}
printContent($message);
/**
* Displays the content area
*
* @param htmlStatusMessage $message status message
* @param bool $showPasswordInputs show password input fields
*/
function printContent($message = null, $showPasswordInputs = true) {
include __DIR__ . '/../lib/adminHeader.inc';
echo '<div class="user-bright smallPaddingContent">';
echo "<form action=\"changePassword.php\" method=\"post\">\n";
$container = new htmlResponsiveRow();
if ($message !== null) {
$container->addVerticalSpacer('1rem');
$container->add($message, 12);
}
$container->addVerticalSpacer('2rem');
if ($showPasswordInputs) {
$container->add(new htmlOutputText(_("It seems your password expired. You can set a new one here.")), 12, 12, 12, 'text-center');
$container->addVerticalSpacer('2rem');
$pwdInput1 = new htmlResponsiveInputField(_('New password'), 'password1', '');
$pwdInput1->setIsPassword(true, true, true);
$container->add($pwdInput1, 12);
$pwdInput2 = new htmlResponsiveInputField(_('Repeat password'), 'password2', '');
$pwdInput2->setIsPassword(true);
$pwdInput2->setSameValueFieldID('password1');
$container->add($pwdInput2, 12);
$container->addVerticalSpacer('1rem');
$container->add(new htmlButton('changePassword', _("Submit")), 12, 12, 12, 'text-center');
addSecurityTokenToMetaHTML($container);
}
$tabindex = 1;
parseHtml(null, $container, array(), false, $tabindex, 'user');
echo "</form><br>\n";
echo "</div>\n";
include __DIR__ . '/../lib/adminFooter.inc';
}