mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-12-26 16:48:49 +01:00
more to the issue: fix to regard the password-last-changed information from the auth system - if provided, and thus be able to react on forced password changes triggered by auth system
This commit is contained in:
parent
a080404dab
commit
4f0e104e27
@ -451,7 +451,7 @@
|
||||
|
||||
if($_userData['account_passwd'])
|
||||
{
|
||||
$auth =& CreateObject('phpgwapi.auth');
|
||||
$auth = CreateObject('phpgwapi.auth');
|
||||
$auth->change_password($old_passwd, $_userData['account_passwd'], $_userData['account_id']);
|
||||
$GLOBALS['hook_values']['account_id'] = $_userData['account_id'];
|
||||
$GLOBALS['hook_values']['old_passwd'] = $old_passwd;
|
||||
@ -466,10 +466,15 @@
|
||||
// so we need to reset that to 0 as Admin required the change of password upon next login
|
||||
unset($_userData['account_passwd']);
|
||||
$this->save_user($_userData);
|
||||
// maybe we should call that with NULL for 2nd Parameter as we are doing an admin action.
|
||||
if (method_exists($auth,'setLastPwdChange')) $auth->setLastPwdChange($_userData['account_id'], $_userData['account_passwd'], $_userData['account_lastpwd_change']);
|
||||
}
|
||||
}
|
||||
if ($_userData['account_lastpwd_change']==0)
|
||||
{
|
||||
if (!isset($auth)) $auth = CreateObject('phpgwapi.auth');
|
||||
// we call that with NULL for 2nd Parameter as we are doing an admin action.
|
||||
error_log(__METHOD__.array2string($_userData));
|
||||
$auth->setLastPwdChange($_userData['account_id'],NULL, $_userData['account_lastpwd_change']);
|
||||
}
|
||||
|
||||
$apps =& CreateObject('phpgwapi.applications',(int)$_userData['account_id']);
|
||||
if($_userData['account_permissions'])
|
||||
|
@ -163,6 +163,32 @@ class auth
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* fetch the last pwd change for the user
|
||||
*
|
||||
* @param string $username username of account to authenticate
|
||||
* @return mixed false or shadowlastchange*24*3600
|
||||
*/
|
||||
function getLastPwdChange($username)
|
||||
{
|
||||
if (method_exists($this->backend,'getLastPwdChange')) return $this->backend->getLastPwdChange($username);
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* changes account_lastpwd_change in ldap datababse
|
||||
*
|
||||
* @param int $account_id account id of user whose passwd should be changed
|
||||
* @param string $passwd must be cleartext, usually not used, but may be used to authenticate as user to do the change -> ldap
|
||||
* @param int $lastpwdchange must be a unixtimestamp
|
||||
* @return boolean true if account_lastpwd_change successful changed, false otherwise
|
||||
*/
|
||||
function setLastPwdChange($account_id=0, $passwd=NULL, $lastpwdchange=NULL)
|
||||
{
|
||||
if (method_exists($this->backend,'setLastPwdChange')) return $this->backend->setLastPwdChange($account_id, $passwd, $lastpwdchange);
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* password authentication against password stored in sql datababse
|
||||
*
|
||||
|
@ -203,7 +203,7 @@ class auth_ldap implements auth_backend
|
||||
$sri = ldap_search($ds, $GLOBALS['egw_info']['server']['ldap_context'], $filter);
|
||||
$allValues = ldap_get_entries($ds, $sri);
|
||||
|
||||
$entry['shadowlastchange'] = round((time()-date('Z')) / (24*3600));
|
||||
$entry['shadowlastchange'] = (is_null($lastpwdchange) || $lastpwdchange<0 ? round((time()-date('Z')) / (24*3600)):$lastpwdchange);
|
||||
|
||||
$dn = $allValues[0]['dn'];
|
||||
|
||||
|
@ -175,9 +175,8 @@ class auth_sql implements auth_backend
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
$this->db->update($this->table,array(
|
||||
'account_lastpwd_change' => ($lastpwdchange==NULL || $lastpwdchange<0 ? time():$lastpwdchange),
|
||||
'account_lastpwd_change' => (is_null($lastpwdchange) || $lastpwdchange<0 ? time():$lastpwdchange),
|
||||
),array(
|
||||
'account_id' => $account_id,
|
||||
),__LINE__,__FILE__);
|
||||
|
Loading…
Reference in New Issue
Block a user