* API/Auth: when required by setup check password strength upon login; strength must be specified, and user must be allowed to change password

This commit is contained in:
Klaus Leithoff 2013-04-04 11:50:11 +00:00
parent ecee76d6c4
commit fb31fef7f3
2 changed files with 7 additions and 5 deletions

View File

@ -343,12 +343,14 @@ else
// redirect to referer on logout
$GLOBALS['egw']->session->appsession('referer', 'login', $_SERVER['HTTP_REFERER']);
}
$strength = ($GLOBALS['egw_info']['server']['force_pwd_strength']?$GLOBALS['egw_info']['server']['force_pwd_strength']:false);
if ($strength && $strength>5) $strength =5;
if ($strength && $strength<0) $strength = false;
// Check for save passwd
if($GLOBALS['egw_info']['server']['check_save_passwd'] && $GLOBALS['egw']->acl->check('changepassword', 1, 'preferences') &&
($unsave_msg = $GLOBALS['egw']->auth->crackcheck($passwd)))
if($strength && $GLOBALS['egw_info']['server']['check_save_passwd'] && !$GLOBALS['egw']->acl->check('nopasswordchange', 1, 'preferences') &&
($unsave_msg = $GLOBALS['egw']->auth->crackcheck($passwd, $strength)))
{
$GLOBALS['egw']->log->write(array('text'=>'D-message, User '. $login. ' authenticated with an unsave password','file' => __FILE__,'line'=>__LINE__));
error_log('login::'.__LINE__.' User '. $login. ' authenticated with an unsave password'.' '.$unsave_msg);
$message = lang('eGroupWare checked your password for safetyness. You have to change your password for the following reason:')."\n";
egw::redirect_link('/index.php', array(
'menuaction' => 'preferences.uipassword.change',

View File

@ -27,7 +27,7 @@ class uipassword
$n_passwd = $_POST['n_passwd'];
$n_passwd_2 = $_POST['n_passwd_2'];
$o_passwd_2 = $_POST['o_passwd_2'];
if (isset($_GET['message'])) $_GET['message'] = str_replace("<br />"," ",html::purify($_GET['message']));
if($GLOBALS['egw']->acl->check('nopasswordchange', 1) || $_POST['cancel'])
{
if ($GLOBALS['egw_info']['user']['apps']['preferences'])