From cb46bce9cf7ac98fb5c66c60f36f1ec0066f5e14 Mon Sep 17 00:00:00 2001 From: Ralf Becker Date: Thu, 9 Apr 2009 06:44:02 +0000 Subject: [PATCH] Fixed not (always) updated last password change date --- phpgwapi/inc/class.accounts_ldap.inc.php | 7 ++++--- phpgwapi/inc/class.accounts_sql.inc.php | 1 + phpgwapi/inc/class.auth_ldap.inc.php | 12 +++++++----- 3 files changed, 12 insertions(+), 8 deletions(-) diff --git a/phpgwapi/inc/class.accounts_ldap.inc.php b/phpgwapi/inc/class.accounts_ldap.inc.php index 0897db9ae9..0d9f1599ea 100644 --- a/phpgwapi/inc/class.accounts_ldap.inc.php +++ b/phpgwapi/inc/class.accounts_ldap.inc.php @@ -488,7 +488,7 @@ class accounts_ldap // shadowexpire is in days since 1970/01/01 (equivalent to a timestamp (int UTC!) / (24*60*60) 'account_status' => isset($data['shadowexpire']) && $data['shadowexpire'][0]*24*3600+$utc_diff < time() ? false : 'A', 'account_expires' => isset($data['shadowexpire']) && $data['shadowexpire'][0] ? $data['shadowexpire'][0]*24*3600+$utc_diff : -1, // LDAP date is in UTC - 'account_lastpasswd_change' => isset($data['shadowlastchange']) ? $data['shadowlastchange'][0]*24*3600 : null, + 'account_lastpasswd_change' => isset($data['shadowlastchange']) ? $data['shadowlastchange'][0]*24*3600+$utc_diff : null, // lastlogin and lastlogin from are not availible via the shadowAccount object class // 'account_lastlogin' => $data['phpgwaccountlastlogin'][0], // 'account_lastloginfrom' => $data['phpgwaccountlastloginfrom'][0], @@ -548,6 +548,7 @@ class accounts_ldap } $to_write['cn'] = $data['account_fullname'] ? $data['account_fullname'] : $data['account_firstname'].' '.$data['account_lastname']; + $utc_diff = date('Z'); if (isset($data['account_passwd']) && $data['account_passwd']) { if (!preg_match('/^\\{[a-z5]{3,5}\\}.+/i',$data['account_passwd'])) // if it's not already entcrypted, do so now @@ -555,13 +556,13 @@ class accounts_ldap $data['account_passwd'] = auth::encrypt_ldap($data['account_passwd']); } $to_write['userpassword'] = $data['account_passwd']; + $to_write['shadowLastChange'] = (time()-$utc_diff) / (24*3600); } // both status and expires are encoded in the single shadowexpire value in LDAP // - if it's unset an account is enabled AND does never expire // - if it's set to 0, the account is disabled // - if it's set to > 0, it will or already has expired --> acount is active if it not yet expired // shadowexpire is in days since 1970/01/01 (equivalent to a timestamp (int UTC!) / (24*60*60) - $utc_diff = date('Z'); $shadowexpire = ($data['account_expires']-$utc_diff) / (24*3600); $account_expire = $shadowexpire*3600*24+$utc_diff; //echo "

account_expires=".date('Y-m-d H:i',$data['account_expires'])." --> $shadowexpire --> ".date('Y-m-d H:i',$account_expire)."

\n"; @@ -714,7 +715,7 @@ class accounts_ldap $relevantAccounts = is_numeric($start) ? array_slice(array_keys($fullSet), $start, $offset) : array_keys($fullSet); // if we do not have a start, or want the members of a certain group, we want all, that way we dont want to or the uids // since if we have a whole lot of members, it slows the query down - // if you work with very big groups, it may present a problem + // if you work with very big groups, it may present a problem if (is_numeric($start) || is_numeric($param['type'])) { $filter = "(" . "&(objectclass=posixaccount)" . '(|(uid='.implode(')(uid=',$relevantAccounts).'))' . $this->account_filter . ")"; } else { diff --git a/phpgwapi/inc/class.accounts_sql.inc.php b/phpgwapi/inc/class.accounts_sql.inc.php index c249ddbfde..55eb20ed74 100644 --- a/phpgwapi/inc/class.accounts_sql.inc.php +++ b/phpgwapi/inc/class.accounts_sql.inc.php @@ -167,6 +167,7 @@ class accounts_sql $data['account_passwd'] = $GLOBALS['egw']->auth->encrypt_sql($data['account_passwd']); } $to_write['account_pwd'] = $data['account_passwd']; + $to_write['account_lastpwd_change'] = time(); } if (!(int)$data['account_id'] || !$this->id2name($data['account_id'])) { diff --git a/phpgwapi/inc/class.auth_ldap.inc.php b/phpgwapi/inc/class.auth_ldap.inc.php index cc02c0b33c..70410fa2bd 100644 --- a/phpgwapi/inc/class.auth_ldap.inc.php +++ b/phpgwapi/inc/class.auth_ldap.inc.php @@ -1,10 +1,10 @@ - * @author Joseph Engo + * @author Joseph Engo * Copyright (C) 2000, 2001 Joseph Engo * Copyright (C) 2002, 2003 Lars Kneschke * @license http://opensource.org/licenses/lgpl-license.php LGPL - GNU Lesser General Public License @@ -107,9 +107,9 @@ class auth_ /** * changes password in LDAP * - * If $old_passwd is given, the password change is done binded as user and NOT with the + * If $old_passwd is given, the password change is done binded as user and NOT with the * "root" dn given in the configurations. - * + * * @param string $old_passwd must be cleartext or empty to not to be checked * @param string $new_passwd must be cleartext * @param int $account_id account id of user whose passwd should be changed @@ -134,8 +134,10 @@ class auth_ $ds = $GLOBALS['egw']->common->ldapConnect(); $sri = ldap_search($ds, $GLOBALS['egw_info']['server']['ldap_context'], $filter); $allValues = ldap_get_entries($ds, $sri); - + $entry['userpassword'] = auth::encrypt_password($new_passwd); + $entry['shadowLastChange'] = (time()-date('Z')) / (24*3600); + $dn = $allValues[0]['dn']; if($old_passwd) // if old password given (not called by admin) --> bind as that user to change the pw