do not use password on asetLastPwdChange in admin actions, as the use of passwords indicates the usage of the functionality in usermode; Handle params for egw_cache::getSession in the correct order

This commit is contained in:
Klaus Leithoff 2011-05-19 10:32:46 +00:00
parent 86ced579db
commit 0b1e444325
3 changed files with 8 additions and 5 deletions

View File

@ -132,8 +132,8 @@ class admin_passwordreset
// force password change on next login // force password change on next login
if ((string)$content['mustchangepassword'] !== '' && !(!$content['mustchangepassword'] && $change_pw)) if ((string)$content['mustchangepassword'] !== '' && !(!$content['mustchangepassword'] && $change_pw))
{ {
$GLOBALS['egw']->auth->setLastPwdChange($account_id, $password, // dont use password here, as the use of passwords indicates the usage of the functionality in usermode
$content['mustchangepassword'] ? 0 : time()); $GLOBALS['egw']->auth->setLastPwdChange($account_id, null, $content['mustchangepassword'] ? 0 : time());
} }
// allow or forbid to change password, if requested // allow or forbid to change password, if requested
if ((string)$content['changepassword'] !== '') if ((string)$content['changepassword'] !== '')

View File

@ -70,7 +70,7 @@ class auth
// dont check anything for anonymous sessions/ users that are flagged as anonymous // dont check anything for anonymous sessions/ users that are flagged as anonymous
if (is_object($GLOBALS['egw']->session) && $GLOBALS['egw']->session->session_flags == 'A') return true; if (is_object($GLOBALS['egw']->session) && $GLOBALS['egw']->session->session_flags == 'A') return true;
static $UserKnowsAboutPwdChange; static $UserKnowsAboutPwdChange;
if (is_null($UserKnowsAboutPwdChange)) $UserKnowsAboutPwdChange =& egw_cache::getSession('auth_UserKnowsAboutPwdChange','phpgwapi'); if (is_null($UserKnowsAboutPwdChange)) $UserKnowsAboutPwdChange =& egw_cache::getSession('phpgwapi','auth_UserKnowsAboutPwdChange');
// some statics to make information and timecalculation a) more readable in conditions b) persistent per request // some statics to make information and timecalculation a) more readable in conditions b) persistent per request
static $alpwchange_val; static $alpwchange_val;
static $passwordAgeBorder; static $passwordAgeBorder;

View File

@ -210,8 +210,11 @@ class auth_ldap implements auth_backend
*/ */
function setLastPwdChange($account_id=0, $passwd=NULL, $lastpwdchange=NULL) function setLastPwdChange($account_id=0, $passwd=NULL, $lastpwdchange=NULL)
{ {
if (!$account_id) $admin = True;
// Don't allow password changes for other accounts when using XML-RPC
if(!$account_id || $GLOBALS['egw_info']['flags']['currentapp'] == 'login')
{ {
$admin = False;
$username = $GLOBALS['egw_info']['user']['account_lid']; $username = $GLOBALS['egw_info']['user']['account_lid'];
} }
else else
@ -232,7 +235,7 @@ class auth_ldap implements auth_backend
$dn = $allValues[0]['dn']; $dn = $allValues[0]['dn'];
if($passwd) // if old password given (not called by admin) --> bind as that user to change the pw if(!$admin && $passwd) // if old password given (not called by admin) --> bind as that user to change the pw
{ {
$ds = common::ldapConnect('',$dn,$passwd); $ds = common::ldapConnect('',$dn,$passwd);
} }