mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-11-25 17:33:49 +01:00
do not use password on asetLastPwdChange in admin actions, as the use of passwords indicates the usage of the functionality in usermode; Handle params for egw_cache::getSession in the correct order
This commit is contained in:
parent
86ced579db
commit
0b1e444325
@ -132,8 +132,8 @@ class admin_passwordreset
|
||||
// force password change on next login
|
||||
if ((string)$content['mustchangepassword'] !== '' && !(!$content['mustchangepassword'] && $change_pw))
|
||||
{
|
||||
$GLOBALS['egw']->auth->setLastPwdChange($account_id, $password,
|
||||
$content['mustchangepassword'] ? 0 : time());
|
||||
// dont use password here, as the use of passwords indicates the usage of the functionality in usermode
|
||||
$GLOBALS['egw']->auth->setLastPwdChange($account_id, null, $content['mustchangepassword'] ? 0 : time());
|
||||
}
|
||||
// allow or forbid to change password, if requested
|
||||
if ((string)$content['changepassword'] !== '')
|
||||
|
@ -70,7 +70,7 @@ class auth
|
||||
// dont check anything for anonymous sessions/ users that are flagged as anonymous
|
||||
if (is_object($GLOBALS['egw']->session) && $GLOBALS['egw']->session->session_flags == 'A') return true;
|
||||
static $UserKnowsAboutPwdChange;
|
||||
if (is_null($UserKnowsAboutPwdChange)) $UserKnowsAboutPwdChange =& egw_cache::getSession('auth_UserKnowsAboutPwdChange','phpgwapi');
|
||||
if (is_null($UserKnowsAboutPwdChange)) $UserKnowsAboutPwdChange =& egw_cache::getSession('phpgwapi','auth_UserKnowsAboutPwdChange');
|
||||
// some statics to make information and timecalculation a) more readable in conditions b) persistent per request
|
||||
static $alpwchange_val;
|
||||
static $passwordAgeBorder;
|
||||
|
@ -210,8 +210,11 @@ class auth_ldap implements auth_backend
|
||||
*/
|
||||
function setLastPwdChange($account_id=0, $passwd=NULL, $lastpwdchange=NULL)
|
||||
{
|
||||
if (!$account_id)
|
||||
$admin = True;
|
||||
// Don't allow password changes for other accounts when using XML-RPC
|
||||
if(!$account_id || $GLOBALS['egw_info']['flags']['currentapp'] == 'login')
|
||||
{
|
||||
$admin = False;
|
||||
$username = $GLOBALS['egw_info']['user']['account_lid'];
|
||||
}
|
||||
else
|
||||
@ -232,7 +235,7 @@ class auth_ldap implements auth_backend
|
||||
|
||||
$dn = $allValues[0]['dn'];
|
||||
|
||||
if($passwd) // if old password given (not called by admin) --> bind as that user to change the pw
|
||||
if(!$admin && $passwd) // if old password given (not called by admin) --> bind as that user to change the pw
|
||||
{
|
||||
$ds = common::ldapConnect('',$dn,$passwd);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user