diff --git a/admin/inc/class.boaccounts.inc.php b/admin/inc/class.boaccounts.inc.php index 4aed8baa14..c44665d304 100755 --- a/admin/inc/class.boaccounts.inc.php +++ b/admin/inc/class.boaccounts.inc.php @@ -451,7 +451,7 @@ if($_userData['account_passwd']) { - $auth =& CreateObject('phpgwapi.auth'); + $auth = CreateObject('phpgwapi.auth'); $auth->change_password($old_passwd, $_userData['account_passwd'], $_userData['account_id']); $GLOBALS['hook_values']['account_id'] = $_userData['account_id']; $GLOBALS['hook_values']['old_passwd'] = $old_passwd; @@ -466,10 +466,15 @@ // so we need to reset that to 0 as Admin required the change of password upon next login unset($_userData['account_passwd']); $this->save_user($_userData); - // maybe we should call that with NULL for 2nd Parameter as we are doing an admin action. - if (method_exists($auth,'setLastPwdChange')) $auth->setLastPwdChange($_userData['account_id'], $_userData['account_passwd'], $_userData['account_lastpwd_change']); } } + if ($_userData['account_lastpwd_change']==0) + { + if (!isset($auth)) $auth = CreateObject('phpgwapi.auth'); + // we call that with NULL for 2nd Parameter as we are doing an admin action. +error_log(__METHOD__.array2string($_userData)); + $auth->setLastPwdChange($_userData['account_id'],NULL, $_userData['account_lastpwd_change']); + } $apps =& CreateObject('phpgwapi.applications',(int)$_userData['account_id']); if($_userData['account_permissions']) diff --git a/phpgwapi/inc/class.auth.inc.php b/phpgwapi/inc/class.auth.inc.php index ac6e684567..091aee68c1 100644 --- a/phpgwapi/inc/class.auth.inc.php +++ b/phpgwapi/inc/class.auth.inc.php @@ -163,6 +163,32 @@ class auth return true; } + /** + * fetch the last pwd change for the user + * + * @param string $username username of account to authenticate + * @return mixed false or shadowlastchange*24*3600 + */ + function getLastPwdChange($username) + { + if (method_exists($this->backend,'getLastPwdChange')) return $this->backend->getLastPwdChange($username); + return false; + } + + /** + * changes account_lastpwd_change in ldap datababse + * + * @param int $account_id account id of user whose passwd should be changed + * @param string $passwd must be cleartext, usually not used, but may be used to authenticate as user to do the change -> ldap + * @param int $lastpwdchange must be a unixtimestamp + * @return boolean true if account_lastpwd_change successful changed, false otherwise + */ + function setLastPwdChange($account_id=0, $passwd=NULL, $lastpwdchange=NULL) + { + if (method_exists($this->backend,'setLastPwdChange')) return $this->backend->setLastPwdChange($account_id, $passwd, $lastpwdchange); + return false; + } + /** * password authentication against password stored in sql datababse * diff --git a/phpgwapi/inc/class.auth_ldap.inc.php b/phpgwapi/inc/class.auth_ldap.inc.php index 9e1488df79..90303ea553 100644 --- a/phpgwapi/inc/class.auth_ldap.inc.php +++ b/phpgwapi/inc/class.auth_ldap.inc.php @@ -203,7 +203,7 @@ class auth_ldap implements auth_backend $sri = ldap_search($ds, $GLOBALS['egw_info']['server']['ldap_context'], $filter); $allValues = ldap_get_entries($ds, $sri); - $entry['shadowlastchange'] = round((time()-date('Z')) / (24*3600)); + $entry['shadowlastchange'] = (is_null($lastpwdchange) || $lastpwdchange<0 ? round((time()-date('Z')) / (24*3600)):$lastpwdchange); $dn = $allValues[0]['dn']; diff --git a/phpgwapi/inc/class.auth_sql.inc.php b/phpgwapi/inc/class.auth_sql.inc.php index 204079da68..f2a7f24b2e 100644 --- a/phpgwapi/inc/class.auth_sql.inc.php +++ b/phpgwapi/inc/class.auth_sql.inc.php @@ -175,9 +175,8 @@ class auth_sql implements auth_backend { return false; } - $this->db->update($this->table,array( - 'account_lastpwd_change' => ($lastpwdchange==NULL || $lastpwdchange<0 ? time():$lastpwdchange), + 'account_lastpwd_change' => (is_null($lastpwdchange) || $lastpwdchange<0 ? time():$lastpwdchange), ),array( 'account_id' => $account_id, ),__LINE__,__FILE__);