Ralf Becker
76abb48fa4
fixed auth_sql to allow updating passwords of in-active accounts and return true for all successfull password changes as documented (returned false if password was unchanged and hash password on success)
2013-06-26 09:49:57 +00:00
Ralf Becker
9dfd92813a
* Preferences/EMail: if user changed password, update password in session correct, so eg. EMail using that password keeps working
2013-02-21 09:44:56 +00:00
Klaus Leithoff
f7a50ec383
* API/CheckPasswordAge: new approach to the issue, as we have to take into account that the timestamp of the last password change may not be provided by the auth system. We fetch the timestamp from the authsystem if the method is implemented for the auth method configured (instead of juggling with account_lastpasswd_change or account_lastpwd_change)
2011-09-26 08:51:48 +00:00
Ralf Becker
fae1d29e68
- implemented more secure password hashing types: sha512_crypt, sha256_crypt and blowfish_crypt (later was only just broken)
...
- DB schema update for account_pwd to varchar(128) to accomodate sha512_crypt hashes
- enable automatic migration to sha512_crypt, if on SQL or LDAP (but only on Linux, as OpenLDAP has not native support for it)
2011-06-05 23:22:51 +00:00
Klaus Leithoff
9ec96b10e4
fix typo, as the account_lastpwd_change was not altered anymore on password change
2011-05-11 09:39:02 +00:00
Ralf Becker
bd64d536bc
fixed not working password (hash) migration
2011-05-04 13:33:34 +00:00
Klaus Leithoff
4f0e104e27
more to the issue: fix to regard the password-last-changed information from the auth system - if provided, and thus be able to react on forced password changes triggered by auth system
2011-03-16 12:44:42 +00:00
Klaus Leithoff
a080404dab
fix to regard the password-last-changed information from the auth system - if provided, and thus be able to react on forced password changes triggered from auth system. set password-last-changed info in authsystem on password change. when trying to force the user to change his password upon next login as admin from within egrouware, try to set the 0 value within the authsystem as well (in ldap rights are required for admin (or user) to set/alter the shadowlastchange attribute)
2011-03-16 11:00:16 +00:00
Ralf Becker
61d26df913
reworked auth classes, to allow them to use each other and a new auth class using a primary backend (ldap) and a fallback (sql)
2010-01-28 04:22:37 +00:00
Ralf Becker
232252475f
patch fixing many depricated functions (eg. posix regular expressions) and features, which fill up the error_log under php5.3 (and will no longer be available under php6).
...
Patch is mostly created by script in egroupware/doc/fix_depricated.php in separate commit.
I do NOT advice to apply this patch to a production system (it's commited to trunk!), as the automatic modified regular expressions have a good change to break something ...
2009-06-08 16:21:14 +00:00
Ralf Becker
bdf7f84a23
fix for bug #1261 : PostgreSQL: eGW ignores setting to dont care about case sensitive usernames
2008-06-07 08:25:28 +00:00
Ralf Becker
4f94d5837d
use of global db object and new headers, made all methods of the auth class static
2008-03-15 17:27:36 +00:00
Cornelius Weiß
f043f76be2
fix typo
2005-11-22 22:32:21 +00:00
Ralf Becker
c85d34c0fe
changed the following table-names:
...
- phpgw_accounts --> egw_accounts
- phpgw_acl --> egw_acl
- phpgw_log(_msg) --> egw_log(_msg)
- phpgw_config --> egw_config
- phpgw_applications --> egw_applications
This requires code-changes in many apps. Quite often I was able to replace the db access, with calls to the appropreate classes.
2005-11-02 11:45:52 +00:00
Miles Lott
137e472433
Use correct quoting when querying/setting account_id; minor formatting
2005-08-27 12:19:35 +00:00
Cornelius Weiß
632a990cfb
added support for authentication via cookie. NOTE: you have to enable this in setup if u want to use it.
2005-05-11 18:25:17 +00:00
Cornelius Weiß
bd9f34dbd3
bugfix in password migration
2005-05-10 21:14:20 +00:00
Cornelius Weiß
79c9507039
- massive code cleanup
...
- added md5_hmac auth type
- added support for password migration
2005-05-10 19:00:55 +00:00
reinerj
48f840d7de
move from old projct to new one
2004-05-05 12:06:13 +00:00
Miles Lott
04067c7a04
Add SMD5 hashing for sql and ldap based on my debian experience today
2004-01-26 03:01:54 +00:00
Miles Lott
934067f137
Fix the function call some more
2004-01-21 23:13:02 +00:00
Miles Lott
56085e8acf
Fix bad function call for md5 passwords
2004-01-21 23:10:05 +00:00
Miles Lott
9be5a8982d
Consolidate password updates and remove debug output, i think
2004-01-21 22:53:02 +00:00
Miles Lott
77fd8f4882
Move password functions to auth class; Add support for new encryption types in setup
...
and implement password checking and creation for these new types
2004-01-18 21:12:53 +00:00
Lars Kneschke
05b73a96b0
enable check for casesensitive usernames
2004-01-16 07:44:38 +00:00
Ralf Becker
b8557e49d9
make the phpgw Version-0_9_16-branch HEAD
2003-08-28 14:31:11 +00:00
jengo
1dc787e40d
Started working on allowing md5 passwords to be sent from login.php
2001-10-02 05:38:35 +00:00
Miles Lott
cb560611b1
using GLOBALS
2001-08-30 19:43:06 +00:00
jengo
37bd9763fa
Added feature to drop the previous login into appsessions, this way developer can find out how long its been since they last logged in.
...
- Formating in sqlssl
- Fixed change_password() in sqlssl not being correct and based on older versions
2001-06-03 17:58:12 +00:00
jengo
a7c66aa628
Fixed appsessions not being updated durring a password change
2001-04-17 17:49:13 +00:00
Miles Lott
e2afce4073
Fix account_id use in update_lastlogin to use get_account_id; formatting
2001-03-26 21:36:32 +00:00
skeeter
b9da94fd2e
New function get_account_id(). This will take either an account_id # as either an integer or a string and return a true intval(account_id) or take a string of a users lid and return the account_id as an integer
2001-03-19 20:25:04 +00:00
Lars Kneschke
9ebb3bfaae
make password changing working from user admin pages
2001-02-12 21:13:09 +00:00
skeeter
53f4716584
replaced quotes with single ticks where applicable
2001-02-11 20:03:35 +00:00
jengo
df7ef82a06
Fixed last login information not being updated
2001-02-07 13:19:09 +00:00
jengo
f6adca46c7
Changed the accounts class to use the new smaller version of the phpgw_accounts table
2001-02-05 14:58:03 +00:00
seek3r
4e3e6c77cb
fixed banners so that they are all uniform and complete
2001-01-16 13:52:32 +00:00
seek3r
fba1a92446
Put in new license details
2001-01-13 10:18:50 +00:00
seek3r
e97ef24062
switching to the new Object factory method
2001-01-11 09:52:33 +00:00