mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-12-30 10:39:18 +01:00
* API/Auth: when required by setup check password strength upon login; strength must be specified, and user must be allowed to change password
This commit is contained in:
parent
8a55a0f99e
commit
a273f67df5
10
login.php
10
login.php
@ -343,12 +343,14 @@ else
|
||||
// redirect to referer on logout
|
||||
$GLOBALS['egw']->session->appsession('referer', 'login', $_SERVER['HTTP_REFERER']);
|
||||
}
|
||||
|
||||
$strength = ($GLOBALS['egw_info']['server']['force_pwd_strength']?$GLOBALS['egw_info']['server']['force_pwd_strength']:false);
|
||||
if ($strength && $strength>5) $strength =5;
|
||||
if ($strength && $strength<0) $strength = false;
|
||||
// Check for save passwd
|
||||
if($GLOBALS['egw_info']['server']['check_save_passwd'] && $GLOBALS['egw']->acl->check('changepassword', 1, 'preferences') &&
|
||||
($unsave_msg = $GLOBALS['egw']->auth->crackcheck($passwd)))
|
||||
if($strength && $GLOBALS['egw_info']['server']['check_save_passwd'] && !$GLOBALS['egw']->acl->check('nopasswordchange', 1, 'preferences') &&
|
||||
($unsave_msg = $GLOBALS['egw']->auth->crackcheck($passwd, $strength)))
|
||||
{
|
||||
$GLOBALS['egw']->log->write(array('text'=>'D-message, User '. $login. ' authenticated with an unsave password','file' => __FILE__,'line'=>__LINE__));
|
||||
error_log('login::'.__LINE__.' User '. $login. ' authenticated with an unsave password'.' '.$unsave_msg);
|
||||
$message = lang('eGroupWare checked your password for safetyness. You have to change your password for the following reason:')."\n";
|
||||
egw::redirect_link('/index.php', array(
|
||||
'menuaction' => 'preferences.uipassword.change',
|
||||
|
@ -27,7 +27,7 @@ class uipassword
|
||||
$n_passwd = $_POST['n_passwd'];
|
||||
$n_passwd_2 = $_POST['n_passwd_2'];
|
||||
$o_passwd_2 = $_POST['o_passwd_2'];
|
||||
|
||||
if (isset($_GET['message'])) $_GET['message'] = str_replace("<br />"," ",html::purify($_GET['message']));
|
||||
if($GLOBALS['egw']->acl->check('nopasswordchange', 1) || $_POST['cancel'])
|
||||
{
|
||||
if ($GLOBALS['egw_info']['user']['apps']['preferences'])
|
||||
|
Loading…
Reference in New Issue
Block a user