holm/egroupware
1
1
Fork 0
forked from extern/egroupware
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed not (always) updated last password change date

Browse Source
This commit is contained in:
Ralf Becker 2009-04-09 06:41:41 +00:00
parent bd8ba08bc3
commit 7698d3ef65
3 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
phpgwapi/inc/class.accounts_ldap.inc.php
View File

@ -488,7 +488,7 @@ class accounts_ldap
// shadowexpire is in days since 1970/01/01 (equivalent to a timestamp (int UTC!) / (24*60*60) // shadowexpire is in days since 1970/01/01 (equivalent to a timestamp (int UTC!) / (24*60*60)
'account_status' => isset($data['shadowexpire']) && $data['shadowexpire'][0]*24*3600+$utc_diff < time() ? false : 'A', 'account_status' => isset($data['shadowexpire']) && $data['shadowexpire'][0]*24*3600+$utc_diff < time() ? false : 'A',
'account_expires' => isset($data['shadowexpire']) && $data['shadowexpire'][0] ? $data['shadowexpire'][0]*24*3600+$utc_diff : -1, // LDAP date is in UTC 'account_expires' => isset($data['shadowexpire']) && $data['shadowexpire'][0] ? $data['shadowexpire'][0]*24*3600+$utc_diff : -1, // LDAP date is in UTC
'account_lastpasswd_change' => isset($data['shadowlastchange']) ? $data['shadowlastchange'][0]*24*3600 : null, 'account_lastpasswd_change' => isset($data['shadowlastchange']) ? $data['shadowlastchange'][0]*24*3600+$utc_diff : null,
// lastlogin and lastlogin from are not availible via the shadowAccount object class // lastlogin and lastlogin from are not availible via the shadowAccount object class
// 'account_lastlogin' => $data['phpgwaccountlastlogin'][0], // 'account_lastlogin' => $data['phpgwaccountlastlogin'][0],
// 'account_lastloginfrom' => $data['phpgwaccountlastloginfrom'][0], // 'account_lastloginfrom' => $data['phpgwaccountlastloginfrom'][0],
@ -548,6 +548,7 @@ class accounts_ldap
} }
$to_write['cn'] = $data['account_fullname'] ? $data['account_fullname'] : $data['account_firstname'].' '.$data['account_lastname']; $to_write['cn'] = $data['account_fullname'] ? $data['account_fullname'] : $data['account_firstname'].' '.$data['account_lastname'];
$utc_diff = date('Z');
if (isset($data['account_passwd']) && $data['account_passwd']) if (isset($data['account_passwd']) && $data['account_passwd'])
{ {
if (!preg_match('/^\\{[a-z5]{3,5}\\}.+/i',$data['account_passwd'])) // if it's not already entcrypted, do so now if (!preg_match('/^\\{[a-z5]{3,5}\\}.+/i',$data['account_passwd'])) // if it's not already entcrypted, do so now
@ -555,13 +556,13 @@ class accounts_ldap
$data['account_passwd'] = auth::encrypt_ldap($data['account_passwd']); $data['account_passwd'] = auth::encrypt_ldap($data['account_passwd']);
} }
$to_write['userpassword'] = $data['account_passwd']; $to_write['userpassword'] = $data['account_passwd'];
$to_write['shadowLastChange'] = (time()-$utc_diff) / (24*3600);
} }
// both status and expires are encoded in the single shadowexpire value in LDAP // both status and expires are encoded in the single shadowexpire value in LDAP
// - if it's unset an account is enabled AND does never expire // - if it's unset an account is enabled AND does never expire
// - if it's set to 0, the account is disabled // - if it's set to 0, the account is disabled
// - if it's set to > 0, it will or already has expired --> acount is active if it not yet expired // - if it's set to > 0, it will or already has expired --> acount is active if it not yet expired
// shadowexpire is in days since 1970/01/01 (equivalent to a timestamp (int UTC!) / (24*60*60) // shadowexpire is in days since 1970/01/01 (equivalent to a timestamp (int UTC!) / (24*60*60)
$utc_diff = date('Z');
$shadowexpire = ($data['account_expires']-$utc_diff) / (24*3600); $shadowexpire = ($data['account_expires']-$utc_diff) / (24*3600);
$account_expire = $shadowexpire*3600*24+$utc_diff; $account_expire = $shadowexpire*3600*24+$utc_diff;
//echo "<p align=right>account_expires=".date('Y-m-d H:i',$data['account_expires'])." --> $shadowexpire --> ".date('Y-m-d H:i',$account_expire)."</p>\n"; //echo "<p align=right>account_expires=".date('Y-m-d H:i',$data['account_expires'])." --> $shadowexpire --> ".date('Y-m-d H:i',$account_expire)."</p>\n";

1
phpgwapi/inc/class.accounts_sql.inc.php
View File

@ -167,6 +167,7 @@ class accounts_sql
$data['account_passwd'] = $GLOBALS['egw']->auth->encrypt_sql($data['account_passwd']); $data['account_passwd'] = $GLOBALS['egw']->auth->encrypt_sql($data['account_passwd']);
} }
$to_write['account_pwd'] = $data['account_passwd']; $to_write['account_pwd'] = $data['account_passwd'];
$to_write['account_lastpwd_change'] = time();
} }
if (!(int)$data['account_id'] || !$this->id2name($data['account_id'])) if (!(int)$data['account_id'] || !$this->id2name($data['account_id']))
{ {

2
phpgwapi/inc/class.auth_ldap.inc.php
View File

@ -136,6 +136,8 @@ class auth_
$allValues = ldap_get_entries($ds, $sri); $allValues = ldap_get_entries($ds, $sri);
$entry['userpassword'] = auth::encrypt_password($new_passwd); $entry['userpassword'] = auth::encrypt_password($new_passwd);
$entry['shadowLastChange'] = (time()-date('Z')) / (24*3600);
$dn = $allValues[0]['dn']; $dn = $allValues[0]['dn'];
if($old_passwd) // if old password given (not called by admin) --> bind as that user to change the pw if($old_passwd) // if old password given (not called by admin) --> bind as that user to change the pw