Commit Graph

42 Commits

Author SHA1 Message Date
Klaus Leithoff
110ffa9110 * API: is_a compatibility vs. php5.3.8 resolving to instanceof operator for most common basic classes 2011-09-26 10:01:46 +00:00
Klaus Leithoff
e655d67c97 * API/CheckPasswordAge: new approach to the issue, as we have to take into account that the timestamp of the last password change may not be provided by the auth system. We fetch the timestamp from the authsystem if the method is implemented for the auth method configured (instead of juggling with account_lastpasswd_change or account_lastpwd_change) 2011-09-26 09:11:13 +00:00
Klaus Leithoff
4020bf596a do not use password on asetLastPwdChange in admin actions, as the use of passwords indicates the usage of the functionality in usermode; Handle params for egw_cache::getSession in the correct order 2011-05-19 10:47:27 +00:00
Ralf Becker
d0c26b773b - fixed with ssha not working migration from sql <--> ldap
- using 16 char salt for ssha and smd5 as eclipse ldap admin does
- remove auth::hash_sql2ldap() method, as it is now in setup/inc/class.setup_cmd_ldap.inc.php
- added ability to create uid dn in setup_cmd_ldap subcommand create_ldap
2011-05-04 09:44:39 +00:00
Ralf Becker
607523803b * Setup: making SSHA (salted sha1) hashes the default password hash for SQL and LDAP
- fixing not working ssha hashes if mb_string.func_overload > 0 set
2011-05-04 07:50:03 +00:00
Klaus Leithoff
dcb7fae883 fix to regard the password-last-changed information from the auth system - if provided, and thus be able to react on forced password changes triggered from auth system. set password-last-changed info in authsystem on password change. when trying to force the user to change his password upon next login as admin from within egrouware, try to set the 0 value within the authsystem as well (in ldap rights are required for admin (or user) to set/alter the shadowlastchange attribute). regard auth-system information for user edit/view 2011-03-16 14:22:24 +00:00
Klaus Leithoff
1f98be4e38 if the number of days left until change of password is expired is negative, dont warn, require the change 2010-10-28 11:03:05 +00:00
Klaus Leithoff
5af9370fc6 * API/Passwordmanagement: option enable a warning for users to inform them, that their password is about to expire
will be displayed once every session starting X days before the password will expure, when enforce password change is enabled and 
a suitable period is set
-translations for that option
-pending translations
2010-10-21 14:02:36 +00:00
Klaus Leithoff
d0353af960 fixing ACL check for nopasswordchange; fixing setting of shadowlastchange by using the correct data with propper format 2010-09-24 08:20:52 +00:00
Klaus Leithoff
2d85f00b4b check if the user is allowed to change its password, before redirecting 2010-09-22 15:21:04 +00:00
Klaus Leithoff
96c1ac80c7 allow old name for account_lastpwd_change (account_lastpassword_change) 2010-09-22 11:41:58 +00:00
Klaus Leithoff
9d176490bf Feature: to allow admins a) to set an allowed password age, to require all users to change their password regularily; b) force password change for a given user on the users next login; c) better control about the password strength required; Funded by Cricket 2010-09-22 10:16:32 +00:00
Ralf Becker
bf898afb61 "removed permannent error_log" 2010-05-13 10:45:37 +00:00
Ralf Becker
e91b0f0cb5 using since php<=5.0 available raw_output=true parameter for md5 and sha1 instead of deprecated and in newer distros no longer available mhash extension 2010-05-13 10:39:48 +00:00
Ralf Becker
61d26df913 reworked auth classes, to allow them to use each other and a new auth class using a primary backend (ldap) and a fallback (sql) 2010-01-28 04:22:37 +00:00
Ralf Becker
b5c28fba48 1. NTLM Single Sign ON
NTLM SSO removes Windows users on a PC, which is a member of a Windows
domain and who are logged into that domain, from the need to explicitly log
into eGW.  They simply point IE to the eGW URL (eg. http://domain.com/egroupware/)
and start working. They can of cause explicitly log out and log in as an
other user.
For more information look at the README at
http://www.egroupware.org/viewvc/trunk/phpgwapi/ntml/README

2. different authentication for SyncML and/or GroupDAV
You can now use eg. an external auth provider for the login via the
WebGUI (eg. ADS) and the passwords stored in SQL for SyncML.
2008-07-16 09:29:13 +00:00
Ralf Becker
a5a7c2d30e Additional password crypt types for ldap:
- MD5_CRYPT (9 char salt prefixed with $1$)
- BLOWFISH_CRYPT (16 char salt prefixed with $2$)
- EXT_CRYPT (9 char salt, no prefix)
2008-05-31 06:25:04 +00:00
Ralf Becker
868345fcb6 "added static to encrypt_pasword" 2008-03-25 17:05:38 +00:00
Ralf Becker
4f94d5837d use of global db object and new headers, made all methods of the auth class static 2008-03-15 17:27:36 +00:00
Ralf Becker
90f39cef39 "encryption" type plain for sql and ldap, to allow to store the passwords readable 2007-11-06 11:16:34 +00:00
Miles Lott
23ac553d70 Fix for types other than md5 and crypt, e.g. SSHA where the the type is contained in the text of the password 2006-06-20 09:50:00 +00:00
Ralf Becker
5dc4617462 setting the default for encrypt_ldap() to des and not just return false, the default is needed if you never saved setup >> config 2006-06-17 16:04:35 +00:00
Ralf Becker
9eca4904e0 allow to specify the hash type to prefix the hash, to easy migrate passwords from ldap 2006-06-07 22:08:13 +00:00
Ralf Becker
98d8b30761 rewrite of the accounts classes:
- new cleaner AND documented interfaces
- old interfaces are still availible, but depricated
- LDAP backend stores now membership information in LDAP too, and does NO longer require the phpgwAccount schema
- LDAP backend deals now well with LDAP schema in which posixGroup is no structural object (eg. newer SuSE distros)
- password from users are done now binded as that user, so if you dont need/use our admin to manage accounts, you can give a root-dn which only allows to search&read accounts
2006-06-06 23:42:36 +00:00
Miles Lott
fb4182ea66 Correct spelling 2006-05-17 06:00:12 +00:00
Cornelius Weiß
b97f701d05 added an optinal check for a save^tm password (criterias as in MS-Windows) 2006-03-13 21:56:28 +00:00
Ralf Becker
c85d34c0fe changed the following table-names:
- phpgw_accounts --> egw_accounts
- phpgw_acl --> egw_acl
- phpgw_log(_msg) --> egw_log(_msg)
- phpgw_config --> egw_config
- phpgw_applications --> egw_applications
This requires code-changes in many apps. Quite often I was able to replace the db access, with calls to the appropreate classes.
2005-11-02 11:45:52 +00:00
Miles Lott
137e472433 Use correct quoting when querying/setting account_id; minor formatting 2005-08-27 12:19:35 +00:00
Cornelius Weiß
79c9507039 - massive code cleanup
- added md5_hmac auth type
- added support for password migration
2005-05-10 19:00:55 +00:00
Miles Lott
6adc7fda6f Add some notes to the smd5_compare() function 2004-02-05 02:14:31 +00:00
Miles Lott
dfa356e0c6 Fix smd5 password comparison for sql 2004-02-05 02:01:39 +00:00
Miles Lott
04067c7a04 Add SMD5 hashing for sql and ldap based on my debian experience today 2004-01-26 03:01:54 +00:00
Miles Lott
d7db3b384e update credits by request 2004-01-20 21:31:33 +00:00
Miles Lott
77fd8f4882 Move password functions to auth class; Add support for new encryption types in setup
and implement password checking and creation for these new types
2004-01-18 21:12:53 +00:00
Miles Lott
9b6465af7a Using GLOBALS 2001-08-30 19:40:44 +00:00
Miles Lott
61675e82b5 Formatting 2001-05-02 12:52:44 +00:00
skeeter
53f4716584 replaced quotes with single ticks where applicable 2001-02-11 20:03:35 +00:00
jengo
5f0c2433db Returned cvs to how it was last night (with including the class.accounts.inc.php) file first 2001-02-06 20:13:06 +00:00
jengo
e0b8a07f9c Fixed not being able to login and clean up a ton of code. It was a mess in there, things flow a little but better now. I still have some cleaning up to do 2001-02-06 13:18:51 +00:00
seek3r
00b23411ef moved to define() for path vars. Also starting to hack sessions to be phpgw_info manager 2001-02-06 09:19:38 +00:00
seek3r
431f841cba switching to the new Object factory method 2001-01-11 10:04:28 +00:00
seek3r
e97ef24062 switching to the new Object factory method 2001-01-11 09:52:33 +00:00