extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2025-01-04 21:18:54 +01:00
Code Issues Packages Projects Releases Wiki Activity

* API/Auth: when required by setup check password strength upon login; strength must be specified, and user must be allowed to change password

Browse Source
This commit is contained in:
Klaus Leithoff 2013-04-04 11:12:27 +00:00
parent 8a55a0f99e
commit a273f67df5
2 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
login.php
View File

@ -343,12 +343,14 @@ else
// redirect to referer on logout // redirect to referer on logout
$GLOBALS['egw']->session->appsession('referer', 'login', $_SERVER['HTTP_REFERER']); $GLOBALS['egw']->session->appsession('referer', 'login', $_SERVER['HTTP_REFERER']);
} }
$strength = ($GLOBALS['egw_info']['server']['force_pwd_strength']?$GLOBALS['egw_info']['server']['force_pwd_strength']:false);
if ($strength && $strength>5) $strength =5;
if ($strength && $strength<0) $strength = false;
// Check for save passwd // Check for save passwd
if($GLOBALS['egw_info']['server']['check_save_passwd'] && $GLOBALS['egw']->acl->check('changepassword', 1, 'preferences') && if($strength && $GLOBALS['egw_info']['server']['check_save_passwd'] && !$GLOBALS['egw']->acl->check('nopasswordchange', 1, 'preferences') &&
($unsave_msg = $GLOBALS['egw']->auth->crackcheck($passwd))) ($unsave_msg = $GLOBALS['egw']->auth->crackcheck($passwd, $strength)))
{ {
$GLOBALS['egw']->log->write(array('text'=>'D-message, User '. $login. ' authenticated with an unsave password','file' => __FILE__,'line'=>__LINE__)); error_log('login::'.__LINE__.' User '. $login. ' authenticated with an unsave password'.' '.$unsave_msg);
$message = lang('eGroupWare checked your password for safetyness. You have to change your password for the following reason:')."\n"; $message = lang('eGroupWare checked your password for safetyness. You have to change your password for the following reason:')."\n";
egw::redirect_link('/index.php', array( egw::redirect_link('/index.php', array(
'menuaction' => 'preferences.uipassword.change', 'menuaction' => 'preferences.uipassword.change',

2
preferences/inc/class.uipassword.inc.php
View File

@ -27,7 +27,7 @@ class uipassword
$n_passwd = $_POST['n_passwd']; $n_passwd = $_POST['n_passwd'];
$n_passwd_2 = $_POST['n_passwd_2']; $n_passwd_2 = $_POST['n_passwd_2'];
$o_passwd_2 = $_POST['o_passwd_2']; $o_passwd_2 = $_POST['o_passwd_2'];
if (isset($_GET['message'])) $_GET['message'] = str_replace("<br />"," ",html::purify($_GET['message']));
if($GLOBALS['egw']->acl->check('nopasswordchange', 1) || $_POST['cancel']) if($GLOBALS['egw']->acl->check('nopasswordchange', 1) || $_POST['cancel'])
{ {
if ($GLOBALS['egw_info']['user']['apps']['preferences']) if ($GLOBALS['egw_info']['user']['apps']['preferences'])