extern/egroupware
1
0
Fork 1
mirror of https://github.com/EGroupware/egroupware.git synced 2024-12-26 00:29:38 +01:00
Code Issues Packages Projects Releases Wiki Activity

more to the issue: fix to regard the password-last-changed information from the auth system - if provided, and thus be able to react on forced password changes triggered by auth system

Browse Source
This commit is contained in:
Klaus Leithoff 2011-03-16 12:44:42 +00:00
parent a080404dab
commit 4f0e104e27
4 changed files with 36 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
admin/inc/class.boaccounts.inc.php
View File

@ -451,7 +451,7 @@
if($_userData['account_passwd'])
{
$auth =& CreateObject('phpgwapi.auth');
$auth = CreateObject('phpgwapi.auth');
$auth->change_password($old_passwd, $_userData['account_passwd'], $_userData['account_id']);
$GLOBALS['hook_values']['account_id'] = $_userData['account_id'];
$GLOBALS['hook_values']['old_passwd'] = $old_passwd;
@ -466,10 +466,15 @@
// so we need to reset that to 0 as Admin required the change of password upon next login
unset($_userData['account_passwd']);
$this->save_user($_userData);
// maybe we should call that with NULL for 2nd Parameter as we are doing an admin action.
if (method_exists($auth,'setLastPwdChange')) $auth->setLastPwdChange($_userData['account_id'], $_userData['account_passwd'], $_userData['account_lastpwd_change']);
}
}
if ($_userData['account_lastpwd_change']==0)
{
if (!isset($auth)) $auth = CreateObject('phpgwapi.auth');
// we call that with NULL for 2nd Parameter as we are doing an admin action.
error_log(__METHOD__.array2string($_userData));
$auth->setLastPwdChange($_userData['account_id'],NULL, $_userData['account_lastpwd_change']);
}
$apps =& CreateObject('phpgwapi.applications',(int)$_userData['account_id']);
if($_userData['account_permissions'])

26
phpgwapi/inc/class.auth.inc.php
View File

@ -163,6 +163,32 @@ class auth
return true;
}
/**
* fetch the last pwd change for the user
*
* @param string $username username of account to authenticate
* @return mixed false or shadowlastchange*24*3600
*/
function getLastPwdChange($username)
{
if (method_exists($this->backend,'getLastPwdChange')) return $this->backend->getLastPwdChange($username);
return false;
}
/**
* changes account_lastpwd_change in ldap datababse
*
* @param int $account_id account id of user whose passwd should be changed
* @param string $passwd must be cleartext, usually not used, but may be used to authenticate as user to do the change -> ldap
* @param int $lastpwdchange must be a unixtimestamp
* @return boolean true if account_lastpwd_change successful changed, false otherwise
*/
function setLastPwdChange($account_id=0, $passwd=NULL, $lastpwdchange=NULL)
{
if (method_exists($this->backend,'setLastPwdChange')) return $this->backend->setLastPwdChange($account_id, $passwd, $lastpwdchange);
return false;
}
/**
* password authentication against password stored in sql datababse
*

2
phpgwapi/inc/class.auth_ldap.inc.php
View File

@ -203,7 +203,7 @@ class auth_ldap implements auth_backend
$sri = ldap_search($ds, $GLOBALS['egw_info']['server']['ldap_context'], $filter);
$allValues = ldap_get_entries($ds, $sri);
$entry['shadowlastchange'] = round((time()-date('Z')) / (24*3600));
$entry['shadowlastchange'] = (is_null($lastpwdchange) || $lastpwdchange<0 ? round((time()-date('Z')) / (24*3600)):$lastpwdchange);
$dn = $allValues[0]['dn'];

3
phpgwapi/inc/class.auth_sql.inc.php
View File

@ -175,9 +175,8 @@ class auth_sql implements auth_backend
{
return false;
}
$this->db->update($this->table,array(
'account_lastpwd_change' => ($lastpwdchange==NULL || $lastpwdchange<0 ? time():$lastpwdchange),
'account_lastpwd_change' => (is_null($lastpwdchange) || $lastpwdchange<0 ? time():$lastpwdchange),
),array(
'account_id' => $account_id,
),__LINE__,__FILE__);