From aa1426b8dedc1a9c32724224c7c858332e0c0edc Mon Sep 17 00:00:00 2001 From: Ralf Becker Date: Tue, 25 Jun 2013 16:37:44 +0000 Subject: [PATCH] * Admin: split password strength config in minimum length and number of character types, allow account backends specially AD to report password policy failures --- admin/inc/class.boaccounts.inc.php | 232 +++++++----------- admin/inc/class.soaccounts.inc.php | 92 ------- admin/inc/class.uiaccounts.inc.php | 159 ++++-------- admin/lang/egw_de.lang | 5 +- admin/lang/egw_en.lang | 5 +- admin/templates/default/account_form.tpl | 14 +- admin/templates/default/account_form_ldap.tpl | 149 ----------- .../default/account_form_ldapdata.tpl | 84 ------- admin/templates/default/config.tpl | 39 ++- phpgwapi/inc/class.accounts_ads.inc.php | 8 +- phpgwapi/inc/class.auth.inc.php | 73 ++++-- phpgwapi/inc/class.auth_ads.inc.php | 8 +- preferences/inc/class.uipassword.inc.php | 15 +- preferences/lang/egw_de.lang | 1 + preferences/lang/egw_en.lang | 1 + setup/templates/default/config.tpl | 66 +++-- 16 files changed, 275 insertions(+), 676 deletions(-) delete mode 100755 admin/inc/class.soaccounts.inc.php delete mode 100644 admin/templates/default/account_form_ldap.tpl delete mode 100644 admin/templates/default/account_form_ldapdata.tpl diff --git a/admin/inc/class.boaccounts.inc.php b/admin/inc/class.boaccounts.inc.php index e112688c7a..12ef790c96 100755 --- a/admin/inc/class.boaccounts.inc.php +++ b/admin/inc/class.boaccounts.inc.php @@ -32,11 +32,6 @@ ) ); - function boaccounts() - { - $this->so =& CreateObject('admin.soaccounts'); - } - function delete_group($account_id='') { if(!$account_id || $GLOBALS['egw']->acl->check('group_access',32,'admin')) @@ -144,63 +139,6 @@ return False; } - function add_user($userData) - { - if($GLOBALS['egw']->acl->check('account_access',4,'admin')) - { - return False; - } - - $accountPrefix = ''; - if(isset($GLOBALS['egw_info']['server']['account_prefix'])) - { - $accountPrefix = $GLOBALS['egw_info']['server']['account_prefix']; - } - if($accountPrefix) - { - $userData['account_lid'] = $accountPrefix . $userData['account_lid']; - } - - // add the primary group, to the users other groups, if not already added - if(is_array($userData['account_groups'])) - { - if(!in_array($userData['account_primary_group'],$userData['account_groups'])) - { - $userData['account_groups'][] = (int)$userData['account_primary_group']; - } - } - else - { - $userData['account_groups'] = array((int)$userData['account_primary_group']); - } - - // do we have all needed data?? - if(!($errors = $this->validate_user($userData)) && - ($userData['account_id'] = $account_id = $this->so->add_user($userData))) // no error in the creation - { - if($userData['anonymous']) - { - $GLOBALS['egw']->acl->add_repository('phpgwapi','anonymous',$account_id,1); - } - else - { - $GLOBALS['egw']->acl->delete_repository('phpgwapi','anonymous',$account_id); - } - // make this information for the hooks available - $GLOBALS['hook_values'] = $userData + array('new_passwd' => $userData['account_passwd']); - $GLOBALS['egw']->hooks->process($GLOBALS['hook_values']+array( - 'location' => 'addaccount' - ),False,True); // called for every app now, not only enabled ones - - return True; - } - else - { - return $errors; - } - return False; - } - function edit_group($group_info) { if($GLOBALS['egw']->acl->check('group_access',16,'admin')) @@ -254,9 +192,16 @@ return True; } - function edit_user($userData) + /** + * Process a user edit + * + * @param array $userData + * @param int $required_account_access=16 can be set to 4 for add user + * @return boolean|array with errors or true on success, false on acl failure + */ + function edit_user(&$userData, $required_account_access=16) { - if($GLOBALS['egw']->acl->check('account_access',16,'admin')) + if($GLOBALS['egw']->acl->check('account_access',$required_account_access,'admin')) { return False; } @@ -272,21 +217,17 @@ } $errors = $this->validate_user($userData); - if(@is_array($errors)) + + if(!$errors) { - return $errors; - } - else - { - $this->save_user($userData); + $errors = $this->save_user($userData); $GLOBALS['hook_values'] = $userData; $GLOBALS['egw']->hooks->process($GLOBALS['hook_values']+array( 'location' => 'editaccount' ),False,True); // called for every app now, not only enabled ones) - - return True; } - return True; + error_log(__METHOD__."(".array2string($userData).") returning ".array2string($errors ? $errors : true)); + return $errors ? $errors : true; } function validate_group($group_info) @@ -326,31 +267,29 @@ } } - /* checks if the userdata are valid - returns FALSE if the data are correct - otherwise the error array - */ + /** + * checks if the userdata are valid + * + * @return array with errors or empty array if there are none + */ function validate_user(&$_userData) { - $totalerrors = 0; + $errors = array(); if($GLOBALS['egw_info']['server']['account_repository'] == 'ldap' && (!$_userData['account_lastname'] && !$_userData['lastname'])) { - $error[$totalerrors] = lang('You must enter a lastname'); - $totalerrors++; + $errors[] = lang('You must enter a lastname'); } if(!$_userData['account_lid']) { - $error[$totalerrors] = lang('You must enter a loginid'); - $totalerrors++; + $errors[] = lang('You must enter a loginid'); } if(!in_array($_userData['account_primary_group'],$_userData['account_groups'])) { - $error[$totalerrors] = lang('The groups must include the primary group'); - $totalerrors++; + $errors[] = lang('The groups must include the primary group'); } // Check if an account already exists as system user, and if it does deny creation // (increase the totalerrors counter and the message thereof) @@ -358,8 +297,7 @@ !$GLOBALS['egw_info']['server']['ldap_allow_systemusernames'] && !$_userData['account_id'] && function_exists('posix_getpwnam') && posix_getpwnam($_userData['account_lid'])) { - $error[$totalerrors] = lang('There already is a system-user with this name. User\'s should not have the same name as a systemuser'); - $totalerrors++; + $errors[] = lang('There already is a system-user with this name. User\'s should not have the same name as a systemuser'); } if($_userData['old_loginid'] != $_userData['account_lid']) { @@ -367,13 +305,12 @@ { if($GLOBALS['egw']->accounts->exists($_userData['account_lid']) && $GLOBALS['egw']->accounts->get_type($_userData['account_lid'])=='g') { - $error[$totalerrors] = lang('There already is a group with this name. Userid\'s can not have the same name as a groupid'); + $errors[] = lang('There already is a group with this name. Userid\'s can not have the same name as a groupid'); } else { - $error[$totalerrors] = lang('That loginid has already been taken'); + $errors[] = lang('That loginid has already been taken'); } - $totalerrors++; } } @@ -381,15 +318,13 @@ { if($_userData['account_passwd'] != $_userData['account_passwd_2']) { - $error[$totalerrors] = lang('The two passwords are not the same'); - $totalerrors++; + $errors[] = lang('The two passwords are not the same'); } } if(!count($_userData['account_permissions']) && !count($_userData['account_groups'])) { - $error[$totalerrors] = lang('You must add at least 1 permission or group to this account'); - $totalerrors++; + $errors[] = lang('You must add at least 1 permission or group to this account'); } if($_userData['account_expires_month'] || $_userData['account_expires_day'] || $_userData['account_expires_year'] || $_userData['account_expires_never']) @@ -403,8 +338,7 @@ { if(! checkdate($_userData['account_expires_month'],$_userData['account_expires_day'],$_userData['account_expires_year'])) { - $error[$totalerrors] = lang('You have entered an invalid expiration date'); - $totalerrors++; + $errors[] = lang('You have entered an invalid expiration date'); } else { @@ -423,49 +357,64 @@ $check_account_file_space = explode('-', $_userData['file_space']); if(preg_match("/\D/", $check_account_file_space[0])) { - $error[$totalerrors] = lang('File space must be an integer'); - $totalerrors++; + $errors[] = lang('File space must be an integer'); } */ - if($totalerrors == 0) - { - return False; - } - else - { - return $error; - } + return $errors; } - /* stores the userdata */ - function save_user($_userData) + /** + * stores the userdata + * + * @param array &$_userData "account_id" got set for new accounts + * @return array with error-messages + */ + function save_user(array &$_userData) { - //error_log(__METHOD__.array2string($_userData)); - //error_log(__METHOD__.array2string($old_passwd)); - $account =& CreateObject('phpgwapi.accounts',$_userData['account_id'],'u'); - $account->update_data($_userData); - $account->save_repository(); + error_log(__METHOD__."(".array2string($_userData).")"); + $errors = array(); - $account->set_memberships($_userData['account_groups'],$_userData['account_id']); - - if($_userData['account_passwd']) + // do NOT save password via accounts::save, as pw policy violation can happen and we cant/dont report that way + $passwd = $_userData['account_passwd']; + unset($_userData['account_passwd']); + unset($_userData['account_passwd_2']); + if (!$GLOBALS['egw']->accounts->save($_userData)) { - $auth =& CreateObject('phpgwapi.auth'); - $auth->change_password($old_passwd, $_userData['account_passwd'], $_userData['account_id']); - $GLOBALS['hook_values']['account_id'] = $_userData['account_id']; - $GLOBALS['hook_values']['old_passwd'] = $old_passwd; - $GLOBALS['hook_values']['new_passwd'] = $_userData['account_passwd']; + $errors[] = lang('Failed to save user!'); + return $errors; + } - $GLOBALS['egw']->hooks->process($GLOBALS['hook_values']+array( - 'location' => 'changepassword' - ),False,True); // called for every app now, not only enabled ones) - if ($_userData['account_lastpwd_change']==0) - { - // change password sets the shadow_timestamp/account_lastpwd_change timestamp - // so we need to reset that to 0 as Admin required the change of password upon next login - unset($_userData['account_passwd']); - $this->save_user($_userData); + $GLOBALS['egw']->accounts->set_memberships($_userData['account_groups'],$_userData['account_id']); + + if ($passwd) + { + try { + $auth = new auth(); + if ($auth->change_password('', $passwd, $_userData['account_id'])) + { + $GLOBALS['hook_values']['account_id'] = $_userData['account_id']; + $GLOBALS['hook_values']['old_passwd'] = ''; + $GLOBALS['hook_values']['new_passwd'] = $_userData['account_passwd']; + + $GLOBALS['egw']->hooks->process($GLOBALS['hook_values']+array( + 'location' => 'changepassword' + ),False,True); // called for every app now, not only enabled ones) + if ($_userData['account_lastpwd_change']==0) + { + // change password sets the shadow_timestamp/account_lastpwd_change timestamp + // so we need to reset that to 0 as Admin required the change of password upon next login + unset($_userData['account_passwd']); + $this->save_user($_userData); + } + } + else + { + $errors[] = lang('Failed to change password. Please contact your administrator.'); + } + } + catch(Exception $e) { + $errors[] = $e->getMessage(); } } if ($_userData['account_lastpwd_change']==0) @@ -475,7 +424,7 @@ $auth->setLastPwdChange($_userData['account_id'],NULL, $_userData['account_lastpwd_change']); } - $apps =& CreateObject('phpgwapi.applications',(int)$_userData['account_id']); + $apps = new applications((int)$_userData['account_id']); if($_userData['account_permissions']) { foreach($_userData['account_permissions'] as $app => $enabled) @@ -488,7 +437,7 @@ } $apps->save_repository(); - $acl =& CreateObject('phpgwapi.acl',$_userData['account_id']); + $acl = new acl($_userData['account_id']); if($_userData['anonymous']) { $acl->add_repository('phpgwapi','anonymous',$_userData['account_id'],1); @@ -506,6 +455,9 @@ $GLOBALS['egw']->acl->delete_repository('preferences','nopasswordchange',$_userData['account_id']); } $GLOBALS['egw']->session->delete_cache((int)$_userData['account_id']); + + error_log(__METHOD__."(".array2string($_userData).") returning ".array2string($errors)); + return $errors; } function load_group_managers($account_id) @@ -540,22 +492,4 @@ @reset($account_apps); return $account_apps; } - - // xmlrpc functions - - function rpc_add_user($data) - { - exit; - - if(!$errors = $this->validate_user($data)) - { - $result = $this->so->add_user($data); - } - else - { - $result = $errors; - } - return $result; - } } -?> diff --git a/admin/inc/class.soaccounts.inc.php b/admin/inc/class.soaccounts.inc.php deleted file mode 100755 index c63fdad3d4..0000000000 --- a/admin/inc/class.soaccounts.inc.php +++ /dev/null @@ -1,92 +0,0 @@ -accounts->create($userData))) - { - return false; - } - $GLOBALS['egw']->accounts->set_memberships($userData['account_groups'],$userData['account_id']); - - $apps =& CreateObject('phpgwapi.applications',$userData['account_id']); - $apps->read_installed_apps(); - /* dont think this is still used -- RalfBecker 2006-06-03 - // Read Group Apps - if ($userData['account_groups']) - { - $apps->account_type = 'g'; - reset($userData['account_groups']); - while($groups = each($userData['account_groups'])) - { - $apps->account_id = $groups[0]; - $old_app_groups = $apps->read_account_specific(); - @reset($old_app_groups); - while($old_group_app = each($old_app_groups)) - { - if (!$apps_after[$old_group_app[0]]) - { - $apps_after[$old_group_app[0]] = $old_app_groups[$old_group_app[0]]; - } - } - } - } - */ - $apps->account_type = 'u'; - $apps->account_id = $userData['account_id']; - $apps->data = Array(Array()); - - if ($userData['account_permissions']) - { - @reset($userData['account_permissions']); - while (list($app,$turned_on) = each($userData['account_permissions'])) - { - if ($turned_on) - { - $apps->add($app); - /* dont think this is still used -- RalfBecker 2006-06-03 - if (!$apps_after[$app]) - { - $apps_after[] = $app; - } - */ - } - } - } - $apps->save_repository(); - - if (!$userData['changepassword']) - { - $GLOBALS['egw']->acl->add_repository('preferences','nopasswordchange',$userData['account_id'],1); - } - - $apps->account_apps = array(array()); - // $apps_after = array(array()); - - return $userData['account_id']; - } - } -?> diff --git a/admin/inc/class.uiaccounts.inc.php b/admin/inc/class.uiaccounts.inc.php index 723454416f..7e2acf4550 100755 --- a/admin/inc/class.uiaccounts.inc.php +++ b/admin/inc/class.uiaccounts.inc.php @@ -30,6 +30,10 @@ 'set_group_managers' => True ); + /** + * Instance of boaccounts + * @var boaccounts + */ var $bo; var $nextmatchs; var $apps_with_acl = array( @@ -51,7 +55,7 @@ 'timesheet' => True ); - function uiaccounts() + function __construct() { $this->bo =& CreateObject('admin.boaccounts'); $this->nextmatchs =& CreateObject('phpgwapi.nextmatchs'); @@ -131,7 +135,7 @@ unset($GLOBALS['egw_info']['flags']['nonavbar']); $GLOBALS['egw_info']['flags']['app_header'] = $GLOBALS['egw_info']['apps']['admin']['title'].' - '. lang('User groups'); - $GLOBALS['egw']->common->egw_header(); + common::egw_header(); $p =& CreateObject('phpgwapi.Template',EGW_APP_TPL); $p->set_file( @@ -333,7 +337,7 @@ unset($GLOBALS['egw_info']['flags']['nonavbar']); $GLOBALS['egw_info']['flags']['app_header'] = $GLOBALS['egw_info']['apps']['admin']['title'].' - '. lang('User accounts'); - $GLOBALS['egw']->common->egw_header(); + common::egw_header(); $p =& CreateObject('phpgwapi.Template',EGW_APP_TPL); @@ -370,7 +374,7 @@ $uiaccountsel =& CreateObject('phpgwapi.uiaccountsel'); $p->set_var(array( 'left_next_matchs' => $this->nextmatchs->left('/index.php',$start,$total,$link_data), - 'lang_showing' => ($_REQUEST['group_id'] ? $GLOBALS['egw']->common->grab_owner_name($_REQUEST['group_id']).': ' : ''). + 'lang_showing' => ($_REQUEST['group_id'] ? common::grab_owner_name($_REQUEST['group_id']).': ' : ''). ($GLOBALS['query'] ? lang("Search %1 '%2'",lang($uiaccountsel->query_types[$_REQUEST['query_type']]), html::htmlspecialchars($GLOBALS['query'])).': ' : '') .$this->nextmatchs->show_hits($total,$start), @@ -458,9 +462,9 @@ $account['account_status'] = '' . lang('Disabled') . ''; } if (isset($account['account_created'])) - $account['account_status'].= '
'.$GLOBALS['egw']->common->show_date($account['account_created'],$GLOBALS['egw_info']['user']['preferences']['common']['dateformat']); + $account['account_status'].= '
'.common::show_date($account['account_created'],$GLOBALS['egw_info']['user']['preferences']['common']['dateformat']); if (isset($account['account_modified'])) - $account['account_status'].= '
'.$GLOBALS['egw']->common->show_date($account['account_modified'],$GLOBALS['egw_info']['user']['preferences']['common']['dateformat']); + $account['account_status'].= '
'.common::show_date($account['account_modified'],$GLOBALS['egw_info']['user']['preferences']['common']['dateformat']); $p->set_var($account); @@ -529,7 +533,7 @@ if(is_array($errors)) { $this->create_edit_group($group_info,$errors); - $GLOBALS['egw']->common->egw_exit(); + common::egw_exit(); } $GLOBALS['egw']->redirect($GLOBALS['egw']->link('/index.php','menuaction=admin.uiaccounts.list_groups')); } @@ -547,61 +551,7 @@ function add_user() { - if ($GLOBALS['egw']->acl->check('account_access',4,'admin')) - { - $this->list_users(); - return; - } - - if($_POST['submit']) - { - if(!($email = $_POST['account_email'])) - { - $email = $GLOBALS['egw']->common->email_address($_POST['account_firstname'],$_POST['account_lastname'],$_POST['account_lid']); - } - $userData = array( - 'account_type' => 'u', - 'account_lid' => $_POST['account_lid'], - 'account_firstname' => $_POST['account_firstname'], - 'account_lastname' => $_POST['account_lastname'], - 'account_passwd' => $_POST['account_passwd'], - 'status' => ($_POST['account_status'] ? 'A' : ''), - 'account_status' => ($_POST['account_status'] ? 'A' : ''), - 'old_loginid' => ($_GET['old_loginid']?rawurldecode($_GET['old_loginid']):''), - 'account_id' => ($_GET['account_id']?$_GET['account_id']:0), - 'account_primary_group' => $_POST['account_primary_group'], - 'account_passwd_2' => $_POST['account_passwd_2'], - 'account_groups' => $_POST['account_groups'], - 'anonymous' => $_POST['anonymous'], - 'changepassword' => $_POST['changepassword'], - 'mustchangepassword' => $_POST['mustchangepassword'], - 'account_permissions' => $_POST['account_permissions'], - 'homedirectory' => $_POST['homedirectory'], - 'loginshell' => $_POST['loginshell'], - 'account_expires_never' => $_POST['never_expires'], - 'account_email' => $email - /* 'file_space' => $_POST['account_file_space_number'] . "-" . $_POST['account_file_space_type'] */ - ); - if ($userData['mustchangpassword']) $userData['account_lastpwd_change']=0; - /* when does the account expire */ - if ($_POST['expires'] !== '' && !$_POST['never_expires']) - { - $jscal =& CreateObject('phpgwapi.jscalendar',False); - $userData += $jscal->input2date($_POST['expires'],False,'account_expires_day','account_expires_month','account_expires_year'); - } - - $errors = $this->bo->add_user($userData); - if(is_array($errors)) - { - $this->create_edit_user(0,$userData,$errors); - $GLOBALS['egw']->common->egw_exit(); - } - $GLOBALS['egw']->redirect($GLOBALS['egw']->link('/index.php','menuaction=admin.uiaccounts.list_users')); - } - else - { - $this->create_edit_user(0); - } + return $this->edit_user('', '', 4); } function delete_group() @@ -618,7 +568,7 @@ unset($GLOBALS['egw_info']['flags']['noheader']); unset($GLOBALS['egw_info']['flags']['nonavbar']); - $GLOBALS['egw']->common->egw_header(); + common::egw_header(); $p =& CreateObject('phpgwapi.Template',EGW_APP_TPL); $p->set_file( @@ -647,7 +597,7 @@ 'menuaction' => 'admin.uiaccounts.edit_user', 'account_id' => $id ) - ) . '">' . $GLOBALS['egw']->common->grab_owner_name($id) . '
'; + ) . '">' . common::grab_owner_name($id) . '
'; } $p->set_var('message_display',$user_list); $p->parse('messages','message_row',True); @@ -695,7 +645,7 @@ unset($GLOBALS['egw_info']['flags']['noheader']); unset($GLOBALS['egw_info']['flags']['nonavbar']); - $GLOBALS['egw']->common->egw_header(); + common::egw_header(); $t =& CreateObject('phpgwapi.Template',EGW_APP_TPL); $t->set_file( @@ -767,7 +717,7 @@ if(is_array($errors)) { $this->create_edit_group($group_info,$errors); - $GLOBALS['egw']->common->egw_exit(); + common::egw_exit(); } $GLOBALS['egw']->redirect($GLOBALS['egw']->link('/index.php','menuaction=admin.uiaccounts.list_groups')); } @@ -838,9 +788,9 @@ //NDEE } - function edit_user($cd='',$account_id='') + function edit_user($cd='',$account_id='', $required_account_access=16) { - if($GLOBALS['egw']->acl->check('account_access',16,'admin')) + if($GLOBALS['egw']->acl->check('account_access',$required_account_access,'admin') || isset($_POST['cancel'])) { $this->list_users(); return False; @@ -850,9 +800,10 @@ { if(!($email = $_POST['account_email'])) { - $email = $GLOBALS['egw']->common->email_address($_POST['account_firstname'],$_POST['account_lastname'],$_POST['account_lid']); + $email = common::email_address($_POST['account_firstname'],$_POST['account_lastname'],$_POST['account_lid']); } $userData = array( + 'account_type' => 'u', 'account_lid' => $_POST['account_lid'], 'account_firstname' => $_POST['account_firstname'], 'account_lastname' => $_POST['account_lastname'], @@ -894,10 +845,10 @@ } if($_POST['expires'] !== '' && !$_POST['never_expires']) { - $jscal =& CreateObject('phpgwapi.jscalendar',False); + $jscal = new jscalendar(False); $userData += $jscal->input2date($_POST['expires'],False,'account_expires_day','account_expires_month','account_expires_year'); } - $errors = $this->bo->edit_user($userData); + $errors = $this->bo->edit_user($userData, $required_account_access); if(!@is_array($errors)) { @@ -939,12 +890,12 @@ // todo // not needed if i use the same file for new users too - if(!$account_id) + /*if(!$account_id) { $this->list_users(); return False; } - else + else*/ { $this->create_edit_user($account_id); } @@ -960,7 +911,7 @@ } unset($GLOBALS['egw_info']['flags']['noheader']); unset($GLOBALS['egw_info']['flags']['nonavbar']); - $GLOBALS['egw']->common->egw_header(); + common::egw_header(); $t =& CreateObject('phpgwapi.Template',EGW_APP_TPL); $t->set_unknowns('remove'); @@ -1019,14 +970,14 @@ { $var['account_status'] = '' . lang('Disabled') . ''; } - if (isset($userData['account_created'])) $var['account_status'].= '
'.lang('Created').': '.$GLOBALS['egw']->common->show_date($userData['account_created']); - if (isset($userData['account_modified'])) $var['account_status'].= '
'.lang('Modified').': '.$GLOBALS['egw']->common->show_date($userData['account_modified']); + if (isset($userData['account_created'])) $var['account_status'].= '
'.lang('Created').': '.common::show_date($userData['account_created']); + if (isset($userData['account_modified'])) $var['account_status'].= '
'.lang('Modified').': '.common::show_date($userData['account_modified']); // Last login time if ($userData['lastlogin']) { - $var['account_lastlogin'] = $GLOBALS['egw']->common->show_date($userData['lastlogin']); + $var['account_lastlogin'] = common::show_date($userData['lastlogin']); } else { @@ -1046,7 +997,7 @@ // Account expires if ($userData['expires'] != -1) { - $var['input_expires'] = $GLOBALS['egw']->common->show_date($userData['expires']); + $var['input_expires'] = common::show_date($userData['expires']); } else { @@ -1169,7 +1120,7 @@ { unset($GLOBALS['egw_info']['flags']['noheader']); unset($GLOBALS['egw_info']['flags']['nonavbar']); - $GLOBALS['egw']->common->egw_header(); + common::egw_header(); $p =& CreateObject('phpgwapi.Template',EGW_APP_TPL); $p->set_file(Array('edit' => 'group_form.tpl')); @@ -1188,7 +1139,7 @@ 'lang_group_name' => lang('group name'), 'group_name_value' => $group_info['account_name'], 'lang_include_user' => lang('Select users for inclusion'), - 'error' => (!$_errors?'':'
'.$GLOBALS['egw']->common->error_list($_errors).'
'), + 'error' => (!$_errors?'':'
'.common::error_list($_errors).'
'), 'lang_permissions' => lang('Permissions this group has') ); $p->set_var($var); @@ -1265,7 +1216,7 @@ . ' ' . ($acl_action?'':' ').''.($i & 1?'':'')."\n"; } if($i & 1) @@ -1330,18 +1281,16 @@ unset($GLOBALS['egw_info']['flags']['noheader']); unset($GLOBALS['egw_info']['flags']['nonavbar']); - $GLOBALS['egw']->common->egw_header(); + common::egw_header(); $t =& CreateObject('phpgwapi.Template',EGW_APP_TPL); $t->set_unknowns('remove'); - if ($GLOBALS['egw_info']['server']['ldap_extra_attributes'] && ($GLOBALS['egw_info']['server']['account_repository'] == 'ldap')) + $t->set_file(array('account' => 'account_form.tpl')); + $t->set_block('account', 'ldap_extra'); + if (!$GLOBALS['egw_info']['server']['ldap_extra_attributes'] || $GLOBALS['egw_info']['server']['account_repository'] != 'ldap') { - $t->set_file(array('account' => 'account_form_ldap.tpl')); - } - else - { - $t->set_file(array('account' => 'account_form.tpl')); + $t->set_var('ldap_extra', ''); } $t->set_block('account','form','form'); $t->set_block('account','form_passwordinfo','form_passwordinfo'); @@ -1356,16 +1305,13 @@ { $userData = Array(); $userData=$_userData; -// $userData['firstname'] = $userData['account_firstname']; -// $userData['lastname'] = $userData['account_lastname']; @reset($userData['account_groups']); while (list($key, $value) = @each($userData['account_groups'])) { $userGroups[$key]['account_id'] = $value; } - $account =& CreateObject('phpgwapi.accounts'); - $allGroups = $account->get_list('groups'); + $allGroups = $GLOBALS['egw']->accounts->get_list('groups'); } elseif(is_string($_userData) && $_userData=='') { @@ -1388,7 +1334,6 @@ } else { - $account =& CreateObject('phpgwapi.accounts'); $userData = Array(); $userData['status'] = 'A'; $userGroups = Array(); @@ -1407,7 +1352,7 @@ $var = Array( 'form_action' => $GLOBALS['egw']->link('/index.php',$page_params), - 'error_messages' => (!$_errors?'':'
'.$GLOBALS['egw']->common->error_list($_errors).'
'), + 'error_messages' => (!$_errors?'':'
'.common::error_list($_errors).'
'), 'th_bg' => $GLOBALS['egw_info']['theme']['th_bg'], 'tr_color1' => $GLOBALS['egw_info']['theme']['row_on'], 'tr_color2' => $GLOBALS['egw_info']['theme']['row_off'], @@ -1427,6 +1372,8 @@ 'lang_mustchangepassword'=> lang('Must change password upon next login'), 'lang_button' => ($_account_id?lang('Save'):lang('Add')), 'lang_passwds_unequal' => lang('The two passwords are not the same'), + 'lang_cancel' => lang('Cancel'), + 'cancel_action' => "document.location='".egw::link('/index.php', array('menuaction' => 'admin.uiaccounts.list_users'))."';", /* 'lang_file_space' => lang('File Space') */ ); $t->set_var($var); @@ -1496,16 +1443,16 @@ 'changepassword' => '', 'mustchangepassword' => '', 'account_status' => '', - 'account_firstname' => '', - 'account_lastname' => '', - 'account_email' => '', + 'account_firstname' => '', + 'account_lastname' => '', + 'account_email' => '', 'account_passwd' => $userData['account_passwd'], 'account_passwd_2' => $userData['account_passwd_2'], 'account_file_space' => $account_file_space, 'account_id' => (int) $userData['account_id'] ); - if (isset($userData['account_created'])) $var['account_status'].= '
'.lang('Created').': '.$GLOBALS['egw']->common->show_date($userData['account_created']); - if (isset($userData['account_modified'])) $var['account_status'].= '
'.lang('Modified').': '.$GLOBALS['egw']->common->show_date($userData['account_modified']); + if (isset($userData['account_created'])) $var['account_status'].= '
'.lang('Created').': '.common::show_date($userData['account_created']); + if (isset($userData['account_modified'])) $var['account_status'].= '
'.lang('Modified').': '.common::show_date($userData['account_modified']); if($userData['expires'] == -1) @@ -1576,7 +1523,7 @@ $part[$i&1] = sprintf('%s', $data['title'],$app,$checked). ($acl_action?'':' ').''; if ($i & 1) @@ -1624,7 +1571,7 @@ // $menuClass =& CreateObject('admin.uimenuclass'); // This is now using ExecMethod() $GLOBALS['account_id'] = $_account_id; - $t->set_var('rows',ExecMethod('admin.uimenuclass.createHTMLCode','edit_user')); + $t->set_var('rows', $_account_id ? ExecMethod('admin.uimenuclass.createHTMLCode','edit_user') : ''); echo $t->fp('out','form'); } @@ -1634,7 +1581,7 @@ $response = new xajaxResponse(); if (!$email) { - $response->addAssign('email','value',$GLOBALS['egw']->common->email_address($first,$last,$account_lid)); + $response->addAssign('email','value',common::email_address($first,$last,$account_lid)); } $id_account_lid = (int) $GLOBALS['egw']->accounts->name2id($account_lid); if ($id == 'account' && $id_account_lid && $id_account_lid != (int) $account_id) @@ -1665,13 +1612,13 @@ { $user_list .= ''."\n"; } unset($GLOBALS['egw_info']['flags']['noheader']); unset($GLOBALS['egw_info']['flags']['nonavbar']); - $GLOBALS['egw']->common->egw_header(); + common::egw_header(); $t =& CreateObject('phpgwapi.Template',EGW_APP_TPL); $t->set_unknowns('remove'); @@ -1708,7 +1655,7 @@ if($GLOBALS['egw']->acl->check('group_access',16,'admin') || $_POST['cancel']) { $GLOBALS['egw']->redirect_link('/index.php','menuaction=admin.uiaccounts.list_groups'); - $GLOBALS['egw']->common->egw_exit(); + common::egw_exit(); } elseif($_POST['submit']) { @@ -1728,7 +1675,7 @@ } } $GLOBALS['egw']->redirect($GLOBALS['egw']->link('/index.php','menuaction=admin.uiaccounts.list_groups')); - $GLOBALS['egw']->common->egw_exit(); + common::egw_exit(); } /** diff --git a/admin/lang/egw_de.lang b/admin/lang/egw_de.lang index 1af56321ca..f8fb957c43 100644 --- a/admin/lang/egw_de.lang +++ b/admin/lang/egw_de.lang @@ -272,7 +272,6 @@ enter your http proxy server port admin de HTTP-Proxy-Server-Port enter your smtp server hostname or ip address admin de SMTP-Server Hostname oder IP-Adresse enter your smtp server port admin de SMTP-Server Port error canceling timer, maybe there's none set !!! admin de Fehler beim Abbrechen des Test-Jobs, eventuell läuft gar kein Job !!! -error changing the password for % !!! admin de Fehler beim Ändern des Passworts für % ! error changing the password for %1 !!! admin de Fehler beim Ändern des Passworts für %1 ! error deleting log entry! admin de Fehler beim Löschen des Protokolleintrags! error saving admin de Fehler beim Speichern @@ -296,7 +295,6 @@ file space admin de Speicherplatz file space must be an integer admin de Speicherplatz muss eine Zahl sein for the times above admin de für die oben angegebenen Zeiten for the times below (empty values count as '*', all empty = every minute) admin de für die darunter angegebenen Zeiten (leere Felder zählen als "*", alles leer = jede Minute) -force password strength (1-5, default empty: no check against rules for a strong password)? admin de Erzwinge eine gewisse Qualität der Passwörter im Passwort-Ändern Dialog (1-5, 1:gering, 5=stark; Default=leer kein Check gegen Regeln zur Passwortqualität) force selectbox admin de Auswahl erzwingen force users to change their password regularily?(empty for no,number for after that number of days admin de Erzwinge das ändern von Passwörtern durch den Benutzer nach X Tagen. (leer für nein, eine positive Zahl für alle X Tage) forward also to admin de Zusätzlich weiterleiten an @@ -453,6 +451,8 @@ passthrough admin de durchgehend password for smtp-authentication admin de Passwort für SMTP Authentifizierung password updated admin de Passwort aktualisiert passwords and/or attributes of %1 accounts changed admin de Passwörter und/oder Attribute von %1 Benutzern geändert +passwords require a minimum number of characters admin de Passworte benötigen diese Mindestanzahl Zeichen +passwords requires this number of different character classes admin de Passworte benötigen mindestens soviele Zeichenklassen path information admin de Pfad-Information peer server list admin de Liste der Server im Verbund peer servers admin de Server-Verbund @@ -603,6 +603,7 @@ unknown option %1 admin de Unbekannte Option %1 unwilling to save category with current settings. check for inconsistency: admin de Kategorie kann mit den aktuellen Einstellungen nicht gespeichert werden. Bitte überprüfen sie die Einstellungen auf Ungereimtheiten up admin de hoch updated admin de aktualisiert +uppercase, lowercase, number, special char admin de Großbuchstaben, kleine Buchstaben, Zahlen, Sonderzeichen url of the egroupware installation, eg. http://domain.com/egroupware admin de URL der EGroupware Installation, z.B. http://domain.com/egroupware usage admin de Einsatz use cookies to pass sessionid admin de Sitzungs-ID in einem Cookie speichern diff --git a/admin/lang/egw_en.lang b/admin/lang/egw_en.lang index f5b2c888d7..f51c41b0f0 100644 --- a/admin/lang/egw_en.lang +++ b/admin/lang/egw_en.lang @@ -273,7 +273,6 @@ enter your http proxy server port admin en Enter your HTTP proxy server port enter your smtp server hostname or ip address admin en Enter your SMTP server hostname or IP address enter your smtp server port admin en Enter your SMTP server port error canceling timer, maybe there's none set !!! admin en Error canceling timer, maybe there's none set! -error changing the password for % !!! admin en Error changing the password for % ! error changing the password for %1 !!! admin en Error changing the password for %1 ! error deleting log entry! admin en Error deleting log entry! error saving admin en Error saving! @@ -297,7 +296,6 @@ file space admin en File space file space must be an integer admin en File space must be an integer for the times above admin en For the times above for the times below (empty values count as '*', all empty = every minute) admin en For the times below: empty values count as '*', all empty = every minute. -force password strength (1-5, default empty: no check against rules for a strong password)? admin en Set required password strength. 1 = weak, up to 5 = very strong. Default = empty, no password strength checked force selectbox admin en Force select box force users to change their password regularily?(empty for no,number for after that number of days admin en Set recurrent forced password change. Set a number of days. Empty = No forward also to admin en Forward also to @@ -454,6 +452,8 @@ passthrough admin en Passthrough password for smtp-authentication admin en Password for SMTP authentication password updated admin en Password updated. passwords and/or attributes of %1 accounts changed admin en Passwords and/or attributes of %1 accounts changed +passwords require a minimum number of characters admin en Passwords require a minimum number of characters +passwords requires this number of different character classes admin en Passwords requires this number of different character classes path information admin en Path information peer server list admin en Peer server list peer servers admin en Peer servers @@ -604,6 +604,7 @@ unknown option %1 admin en Unknown option %1 ! unwilling to save category with current settings. check for inconsistency: admin en Unable to save category with current settings. Check for inconsistency: up admin en Up updated admin en Updated +uppercase, lowercase, number, special char admin en Uppercase, lowercase, number, special char url of the egroupware installation, eg. http://domain.com/egroupware admin en URL of the EGroupware installation, e.g. http://domain.com/egroupware usage admin en Usage use cookies to pass sessionid admin en Use cookies to pass session ID diff --git a/admin/templates/default/account_form.tpl b/admin/templates/default/account_form.tpl index 9ea877c72c..ba3ce5ea55 100644 --- a/admin/templates/default/account_form.tpl +++ b/admin/templates/default/account_form.tpl @@ -61,7 +61,14 @@ function check_password(id) {password_fields} - + + + {lang_homedir} + {homedirectory}  + {lang_shell} + {loginshell}  + + {lang_mustchangepassword} {mustchangepassword} @@ -120,7 +127,10 @@ function check_password(id) - + + + + diff --git a/admin/templates/default/account_form_ldap.tpl b/admin/templates/default/account_form_ldap.tpl deleted file mode 100644 index 8fcc3371ef..0000000000 --- a/admin/templates/default/account_form_ldap.tpl +++ /dev/null @@ -1,149 +0,0 @@ - -{error_messages} - - -
-
- - - - - -
- {rows} - - - - - - - - - - - - - - - - - - - - - - - {password_fields} - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - {permissions_list} - - {form_buttons} - -
{lang_action}
{lang_loginid}{account_lid} {lang_account_active}:{account_status}
{lang_firstname}{account_firstname} {lang_lastname}{account_lastname} 
{lang_mustchangepassword}{mustchangepassword}
{lang_homedir}{homedirectory} {lang_shell}{loginshell} 
{lang_expires}{input_expires}  {lang_never} {never_expires}{lang_email}{account_email}
{lang_changepassword}{changepassword}{lang_anonymous}{anonymous}
{lang_groups}{groups_select} {lang_primary_group}{primary_group_select} 
{lang_app}{lang_acl}{lang_app}{lang_acl}
-
-
-
- - - - - {lang_password} - - {lang_reenter_password} - - - - - - - - - - - - - {lang_lastlogin} - {account_lastlogin} - - {lang_lastloginfrom} - {account_lastloginfrom} - - - - - -  {row_text} - - diff --git a/admin/templates/default/account_form_ldapdata.tpl b/admin/templates/default/account_form_ldapdata.tpl deleted file mode 100644 index a47be48b92..0000000000 --- a/admin/templates/default/account_form_ldapdata.tpl +++ /dev/null @@ -1,84 +0,0 @@ - -
-
- - - - - -
- {rows} - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- {lang_email_config} - - - {lang_emailaccount_active} -
{lang_masterEmailAddress}
{lang_mailAliases}{options_mailAlternateAddress} - -
-   -
- -
- -
- {lang_RouteMailsTo} - - -
-   -
-   -
- - - - -
- -
-
-
-
- - - - -   {row_text} - - diff --git a/admin/templates/default/config.tpl b/admin/templates/default/config.tpl index af97cf672f..ddd2674784 100644 --- a/admin/templates/default/config.tpl +++ b/admin/templates/default/config.tpl @@ -231,13 +231,34 @@ - {lang_Force_password_strength_(1-5,_default_empty: no check against rules for a strong password)?}: + {lang_Passwords_require_a_minimum_number_of_characters}: - + + {lang_Passwords_requires_this_number_of_different_character_classes}:
({lang_Uppercase,_lowercase,_number,_special_char}) + + + + + + {lang_Admin_email_addresses_(comma-separated)_to_be_notified_about_the_blocking_(empty_for_no_notify)}: @@ -254,7 +275,7 @@ --> - + {lang_Enable_the_xmlrpc_service} {lang_(default_No,_leave_it_off_if_you_dont_use_it)}: @@ -273,19 +294,19 @@ - + {lang_How_many_entries_should_non-admins_be_able_to_export_(empty_=_no_limit,_no_=_no_export)}:
{lang_This_controls_exports_and_merging.} - + {lang_Group_excepted_from_above_export_limit_(admins_are_always_excepted)}: {call_bo_merge::hook_export_limit_excepted} - + {lang_Allow_remote_administration_from_following_install_ID's_(comma_separated)}:
{lang_Own_install_ID:_}{value_install_id} - + {lang_Should_exceptions_contain_a_trace_(including_function_arguments)}: - + {lang_Disable_minifying_of_javascript_and_CSS_files}: - - - - - - - - {lang_Allow_authentication_via_cookie}: - - - - - - - {lang_Auto_login_anonymous_user}: - - - - - - {lang_Allow_password_migration}: + + {lang_Allow_authentication_via_cookie}: + + + + + + {lang_Auto_login_anonymous_user}: + + + + + + {lang_Minimum_account_id_(e.g._500_or_100,_etc.)}: - + {lang_Maximum_account_id_(e.g._65535_or_1000000)}: - + {lang_User_account_prefix}: - + {lang_Usernames_are_casesensitive}: @@ -369,7 +359,7 @@ - + {lang_Auto-created_user_accounts_expire}: - + {lang_If_no_ACL_records_for_user_or_any_group_the_user_is_a_member_of}: