holm/egroupware
1
1
Fork 0
forked from extern/egroupware
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* Login/Password: handle forced password change on login page

Browse Source
This commit is contained in:
Ralf Becker 2015-07-01 12:44:34 +00:00
parent 8702d06ec7
commit d39c2a71bf
13 changed files with 252 additions and 144 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
etemplate/templates/default/etemplate2.css
View File

@ -901,7 +901,7 @@ td.et2_required {
border: 1px solid #E1E16D;
color: #000000;
font-size: 11px;
height: 15px;
min-height: 15px;
padding: 4px 10px;
}
.error p {

112
login.php
View File

@ -132,11 +132,13 @@ else
return lang('Sorry, your login has expired');
case 4:
return lang('Cookies are required to login to this site');
case 5:
case egw_session::CD_BAD_LOGIN_OR_PASSWORD:
return lang('Bad login or password');
case 98:
case egw_session::CD_FORCE_PASSWORD_CHANGE:
return lang('You must change your password!');
case egw_session::CD_ACCOUNT_EXPIRED:
return lang('Account is expired');
case 99:
case egw_session::CD_BLOCKED:
return lang('Blocked, too many attempts');
case 10:
$GLOBALS['egw']->session->egw_setcookie('sessionid');
@ -272,9 +274,32 @@ else
$login .= '@'.$GLOBALS['egw_info']['server']['default_domain'];
}
}
$GLOBALS['sessionid'] = $GLOBALS['egw']->session->create($login,$passwd,$passwd_type);
$GLOBALS['sessionid'] = $GLOBALS['egw']->session->create($login, $passwd,
$passwd_type, false, true, true); // true = let session fail on forced password change
if(!isset($GLOBALS['sessionid']) || ! $GLOBALS['sessionid'])
if (!$GLOBALS['sessionid'] && $GLOBALS['egw']->session->cd_reason == egw_session::CD_FORCE_PASSWORD_CHANGE)
{
if (isset($_POST['new_passwd']))
{
if (($errors = preferences_password::do_change($passwd, $_POST['new_passwd'], $_POST['new_passwd2'])))
{
$force_password_change = implode("\n", $errors);
}
else
{
$GLOBALS['sessionid'] = $GLOBALS['egw']->session->create($login,$_POST['new_passwd'],$passwd_type);
}
}
else
{
$force_password_change = $GLOBALS['egw']->session->reason;
}
}
if (isset($force_password_change))
{
// will show new login-screen incl. new password field below
}
elseif (!isset($GLOBALS['sessionid']) || ! $GLOBALS['sessionid'])
{
$GLOBALS['egw']->session->egw_setcookie('eGW_remember','',0,'/');
egw::redirect_link('/login.php?cd=' . $GLOBALS['egw']->session->cd_reason);
@ -363,52 +388,49 @@ else
}
}
}
else
// show login screen
if(isset($_COOKIE['last_loginid']))
{
if(isset($_COOKIE['last_loginid']))
{
$accounts =& CreateObject('phpgwapi.accounts');
$prefs =& CreateObject('phpgwapi.preferences', $accounts->name2id($_COOKIE['last_loginid']));
$prefs = new preferences($GLOBALS['egw']->accounts->name2id($_COOKIE['last_loginid']));
if($prefs->account_id)
{
$GLOBALS['egw_info']['user']['preferences'] = $prefs->read_repository();
}
}
if ($_GET['lang'] && preg_match('/^[a-z]{2}(-[a-z]{2})?$/',$_GET['lang']))
if($prefs->account_id)
{
$GLOBALS['egw_info']['user']['preferences']['common']['lang'] = $_GET['lang'];
$GLOBALS['egw_info']['user']['preferences'] = $prefs->read_repository();
}
elseif(!isset($_COOKIE['last_loginid']) || !$prefs->account_id)
}
if ($_GET['lang'] && preg_match('/^[a-z]{2}(-[a-z]{2})?$/',$_GET['lang']))
{
$GLOBALS['egw_info']['user']['preferences']['common']['lang'] = $_GET['lang'];
}
elseif(!isset($_COOKIE['last_loginid']) || !$prefs->account_id)
{
// If the lastloginid cookies isn't set, we will default to the first language,
// the users browser accepts.
list($lang) = explode(',',$_SERVER['HTTP_ACCEPT_LANGUAGE']);
if(strlen($lang) > 2)
{
// If the lastloginid cookies isn't set, we will default to the first language,
// the users browser accepts.
list($lang) = explode(',',$_SERVER['HTTP_ACCEPT_LANGUAGE']);
if(strlen($lang) > 2)
{
$lang = substr($lang,0,2);
}
$GLOBALS['egw_info']['user']['preferences']['common']['lang'] = $lang;
$lang = substr($lang,0,2);
}
if ($_COOKIE['eGW_cookie_test'] !== 'enabled')
{
egw_session::egw_setcookie('eGW_cookie_test','enabled',0);
}
#print 'LANG:' . $GLOBALS['egw_info']['user']['preferences']['common']['lang'] . '<br>';
translation::init(); // this will set the language according to the (new) set prefs
translation::add_app('login');
translation::add_app('loginscreen');
$GLOBALS['egw_info']['user']['preferences']['common']['lang'] = $lang;
}
if ($_COOKIE['eGW_cookie_test'] !== 'enabled')
{
egw_session::egw_setcookie('eGW_cookie_test','enabled',0);
}
#print 'LANG:' . $GLOBALS['egw_info']['user']['preferences']['common']['lang'] . '<br>';
translation::init(); // this will set the language according to the (new) set prefs
translation::add_app('login');
translation::add_app('loginscreen');
$GLOBALS['loginscreenmessage'] = translation::translate('loginscreen_message',false,'');
if($GLOBALS['loginscreenmessage'] == 'loginscreen_message' || empty($GLOBALS['loginscreenmessage']))
{
translation::add_app('loginscreen','en'); // trying the en one
$GLOBALS['loginscreenmessage'] = translation::translate('loginscreen_message',false,'');
if($GLOBALS['loginscreenmessage'] == 'loginscreen_message' || empty($GLOBALS['loginscreenmessage']))
{
translation::add_app('loginscreen','en'); // trying the en one
$GLOBALS['loginscreenmessage'] = translation::translate('loginscreen_message',false,'');
}
if($GLOBALS['loginscreenmessage'] == 'loginscreen_message' || empty($GLOBALS['loginscreenmessage']))
{
// remove the global var since the lang loginscreen message and its fallback (en) is empty or not set
unset($GLOBALS['loginscreenmessage']);
}
}
if($GLOBALS['loginscreenmessage'] == 'loginscreen_message' || empty($GLOBALS['loginscreenmessage']))
{
// remove the global var since the lang loginscreen message and its fallback (en) is empty or not set
unset($GLOBALS['loginscreenmessage']);
}
foreach($_GET as $name => $value)
@ -424,5 +446,5 @@ else
$extra_vars = '?' . substr($extra_vars,1);
}
$GLOBALS['egw']->framework->login_screen($extra_vars);
$GLOBALS['egw']->framework->login_screen($extra_vars, $force_password_change);
}

13
phpgwapi/inc/class.auth.inc.php
View File

@ -62,9 +62,11 @@ class auth
* @param string $app to know where you are/ or where you want to go
* @param string $class to know where you are/ or where you want to go
* @param string $method to know where you are/ or where you want to go
* @param boolean $no_redirect =false true: do NOT redirect, but return false for forced change
* @param string &$message =null on return false: message why password needs to be changed
* @return boolean true if check determined, that you passed the test, otherwise void, as we get redirected
*/
static function check_password_age($app='', $class='', $method='')
static function check_password_age($app='', $class='', $method='', $no_redirect=false, &$message=null)
{
// dont check anything for anonymous sessions/ users that are flagged as anonymous
if (is_object($GLOBALS['egw']->session) && $GLOBALS['egw']->session->session_flags == 'A') return true;
@ -87,7 +89,7 @@ class auth
// on the other side, if your auth system does not require an forcedPasswordChange, you will not be asked.
if (method_exists($backend,'getLastPwdChange'))
{
$alpwchange_val = $backend->getLastPwdChange($GLOBALS['egw_info']['user']['account_lid']);
$alpwchange_val = $backend->getLastPwdChange($GLOBALS['egw']->session->account_lid);
$pwdTsChecked = true;
}
// if your authsystem does not provide that information, its likely, that you cannot change your password there,
@ -141,7 +143,6 @@ class auth
)
)
{
if ($GLOBALS['egw']->acl->check('nopasswordchange', 1, 'preferences')) return true; // user has no rights to change password
if ($UserKnowsAboutPwdChange === true && !($passwordAgeBorder > $alpwchange_val || $alpwchange_val==0)) return true; // user has already been informed about the upcomming password expiration
if (!is_null($alpwchange_val))
{
@ -159,6 +160,9 @@ class auth
{
$UserKnowsAboutPwdChange = true;
$message = lang('your password is about to expire in %1 days, you may change your password now',round($daysLeftUntilChangeReq));
// user has no rights to change password --> do NOT warn, as only forced check ignores rights
if ($GLOBALS['egw']->acl->check('nopasswordchange', 1, 'preferences')) return true;
if ($no_redirect) return true;
}
elseif ($passwordAgeBorder > $alpwchange_val && $alpwchange_val > 0)
{
@ -167,6 +171,7 @@ class auth
'date'=>egw_time::to($alpwchange_val))));
$message = lang('it has been more then %1 days since you changed your password',$GLOBALS['egw_info']['server']['change_pwd_every_x_days']);
}
if ($no_redirect) return false;
egw::redirect_link('/index.php',array(
'menuaction' => 'preferences.preferences_password.change',
'message' => $message,
@ -234,7 +239,7 @@ class auth
}
if (($ret = $this->backend->change_password($old_passwd, $new_passwd, $account_id)))
{
if ($account_id == $GLOBALS['egw_info']['user']['account_id'])
if ($account_id == $GLOBALS['egw']->session->account_id)
{
// need to change current users password in session
egw_cache::setSession('phpgwapi', 'password', base64_encode($new_passwd));

2
phpgwapi/inc/class.auth_sql.inc.php
View File

@ -200,7 +200,7 @@ class auth_sql implements auth_backend
{
$admin = True;
// Don't allow password changes for other accounts when using XML-RPC
if(!$account_id || $GLOBALS['egw_info']['flags']['currentapp'] == 'login')
if(!$account_id)
{
$admin = False;
$account_id = $GLOBALS['egw_info']['user']['account_id'];

49
phpgwapi/inc/class.egw_framework.inc.php
View File

@ -572,11 +572,12 @@ abstract class egw_framework
abstract function footer();
/**
* displays a login screen
*
* @param string $extra_vars for login url
* Displays the login screen
*
* @param string $extra_vars for login url
* @param string $change_passwd =null string with message to render input fields for password change
*/
function login_screen($extra_vars)
function login_screen($extra_vars, $change_passwd=null)
{
self::csp_frame_src_attrs(array()); // array() no external frame-sources
@ -587,8 +588,32 @@ abstract class egw_framework
$tmpl->set_var('lang_message',$GLOBALS['loginscreenmessage']);
$last_loginid = $_COOKIE['last_loginid'];
// hide change-password fields, if not requested
if (!$change_passwd)
{
$tmpl->set_block('login_form','change_password');
$tmpl->set_var('change_password', '');
$tmpl->set_var('lang_password',lang('password'));
$tmpl->set_var('cd',check_logoutcode($_GET['cd']));
$tmpl->set_var('cd_class', isset($_GET['cd']) && $_GET['cd'] != 1 ? 'error' : '');
$last_loginid = $_COOKIE['last_loginid'];
$last_domain = $_COOKIE['last_domain'];
$tmpl->set_var('passwd', '');
$tmpl->set_var('autofocus_login', 'autofocus');
}
else
{
$tmpl->set_var('lang_password',lang('Old password'));
$tmpl->set_var('lang_new_password',lang('New password'));
$tmpl->set_var('lang_repeat_password',lang('Repeat password'));
$tmpl->set_var('cd', $change_passwd);
$tmpl->set_var('cd_class', 'error');
$last_loginid = $_POST['login'];
$last_domain = $_POST['domain'];
$tmpl->set_var('passwd', $_POST['passwd']);
$tmpl->set_var('autofocus_login', '');
$tmpl->set_var('autofocus_new_passwd', 'autofocus');
}
if($GLOBALS['egw_info']['server']['show_domain_selectbox'])
{
foreach(array_keys($GLOBALS['egw_domain']) as $domain)
@ -597,7 +622,7 @@ abstract class egw_framework
}
$tmpl->set_var(array(
'lang_domain' => lang('domain'),
'select_domain' => html::select('logindomain',$_COOKIE['last_domain'],$domains,true,'tabindex="2"',0,false),
'select_domain' => html::select('logindomain',$last_domain,$domains,true,'tabindex="2"',0,false),
));
}
else
@ -612,9 +637,9 @@ abstract class egw_framework
reset($GLOBALS['egw_domain']);
list($default_domain) = each($GLOBALS['egw_domain']);
if($_COOKIE['last_domain'] != $default_domain && !empty($_COOKIE['last_domain']))
if(!empty ($last_domain) && $last_domain != $default_domain)
{
$last_loginid .= '@' . $_COOKIE['last_domain'];
$last_loginid .= '@' . $last_domain;
}
}
}
@ -654,12 +679,10 @@ abstract class egw_framework
}
$tmpl->set_var('login_url', $GLOBALS['egw_info']['server']['webserver_url'] . '/login.php' . $extra_vars);
$tmpl->set_var('version',$GLOBALS['egw_info']['server']['versions']['phpgwapi']);
$tmpl->set_var('cd',check_logoutcode($_GET['cd']));
$tmpl->set_var('cookie',$last_loginid);
$tmpl->set_var('version', $GLOBALS['egw_info']['server']['versions']['phpgwapi']);
$tmpl->set_var('login', $last_loginid);
$tmpl->set_var('lang_username',lang('username'));
$tmpl->set_var('lang_password',lang('password'));
$tmpl->set_var('lang_login',lang('login'));
$tmpl->set_var('website_title', $GLOBALS['egw_info']['server']['site_title']);

30
phpgwapi/inc/class.egw_session.inc.php
View File

@ -166,6 +166,24 @@ class egw_session
*/
var $required_files;
/**
* Nummeric code why session creation failed
*
* @var int
*/
var $cd_reason;
const CD_BAD_LOGIN_OR_PASSWORD = 5;
const CD_FORCE_PASSWORD_CHANGE = 97;
const CD_ACCOUNT_EXPIRED = 98;
const CD_BLOCKED = 99; // to many failed attempts to loing
/**
* Verbose reason why session creation failed
*
* @var string
*/
var $reason;
/**
* Constructor just loads up some defaults from cookies
*
@ -422,9 +440,10 @@ class egw_session
* @param string $passwd_type type of password being used, ie plaintext, md5, sha1
* @param boolean $no_session =false dont create a real session, eg. for GroupDAV clients using only basic auth, no cookie support
* @param boolean $auth_check =true if false, the user is loged in without checking his password (eg. for single sign on), default = true
* @param boolean $fail_on_forced_password_change =false true: do NOT create session, if password change requested
* @return string session id
*/
function create($login,$passwd = '',$passwd_type = '',$no_session=false,$auth_check=true)
function create($login,$passwd = '',$passwd_type = '',$no_session=false,$auth_check=true,$fail_on_forced_password_change=false)
{
if (is_array($login))
{
@ -492,7 +511,7 @@ class egw_session
$this->account_id && $GLOBALS['egw']->accounts->get_type($this->account_id) == 'g')
{
$this->reason = $blocked ? 'blocked, too many attempts' : 'bad login or password';
$this->cd_reason = $blocked ? 99 : 5;
$this->cd_reason = $blocked ? self::CD_BLOCKED : self::CD_BAD_LOGIN_OR_PASSWORD;
// we dont log anon users as it would block the website
if (!$GLOBALS['egw']->acl->get_specific_rights_for_account($this->account_id,'anonymous','phpgwapi'))
@ -502,6 +521,11 @@ class egw_session
if (self::ERROR_LOG_DEBUG) error_log(__METHOD__."($this->login,$this->passwd,$this->passwd_type,$no_session,$auth_check) UNSUCCESSFULL ($this->reason)");
return false;
}
if ($fail_on_forced_password_change && !auth::check_password_age('', '', '', true, $this->reason))
{
$this->cd_reason = self::CD_FORCE_PASSWORD_CHANGE;
return false;
}
if (!$this->account_id && $GLOBALS['egw_info']['server']['auto_create_acct'])
{
if ($GLOBALS['egw_info']['server']['auto_create_acct'] == 'lowercase')
@ -543,7 +567,7 @@ class egw_session
if ($GLOBALS['egw']->accounts->is_expired($GLOBALS['egw_info']['user']))
{
$this->reason = 'account is expired';
$this->cd_reason = 98;
$this->cd_reason = self::CD_ACCOUNT_EXPIRED;
if (self::ERROR_LOG_DEBUG) error_log(__METHOD__."($this->login,$this->passwd,$this->passwd_type,$no_session,$auth_check) UNSUCCESSFULL ($this->reason)");
return false;

22
phpgwapi/templates/default/login.tpl
View File

@ -5,12 +5,16 @@
</div>
<div id="centerBox">
<div id="loginScreenMessage">{lang_message}</div>
<div id="loginCdMessage">{cd}</div>
<form name="login_form" method="post" action="{login_url}">
<table class="divLoginbox divSideboxEntry" cellspacing="0" cellpadding="2" border="0" align="center">
<tr class="divLoginboxHeader">
<td colspan="3">{website_title}</td>
</tr>
<tr>
<td colspan="3">
<div id="loginCdMessage" class="{cd_class}">{cd}</div>
</td>
</tr>
<tr>
<td colspan="2" height="20">
<input type="hidden" name="passwd_type" value="text" />
@ -40,16 +44,26 @@
<!-- END remember_me_selection -->
<tr>
<td align="right">{lang_username}:&nbsp;</td>
<td><input name="login" tabindex="4" value="{cookie}" size="30" autofocus /></td>
<td><input name="login" tabindex="4" value="{login}" size="30" autofocus /></td>
</tr>
<tr>
<td align="right">{lang_password}:&nbsp;</td>
<td><input name="passwd" tabindex="5" type="password" size="30" /></td>
<td><input name="passwd" tabindex="5" value="{passwd}" type="password" size="30" /></td>
</tr>
<!-- BEGIN change_password -->
<tr>
<td align="right">{lang_new_password}:&nbsp;</td>
<td><input name="new_passwd" tabindex="6" type="password" size="30" /></td>
</tr>
<tr>
<td align="right">{lang_repeat_password}:&nbsp;</td>
<td><input name="new_passwd2" tabindex="7" type="password" size="30" /></td>
</tr>
<!-- END change_password -->
<tr>
<td>&nbsp;</td>
<td>
<input tabindex="6" type="submit" value=" {lang_login} " name="submitit" />
<input tabindex="8" type="submit" value=" {lang_login} " name="submitit" />
</td>
</tr>
<!-- BEGIN registration -->

3
phpgwapi/templates/idots/css/traditional.css
View File

@ -201,7 +201,7 @@ input[type=image]
.divLoginbox
{
position:relative;
width: 370px;
width: 400px;
border: #9c9c9c 1px solid;
}
@ -483,6 +483,7 @@ body {
padding-bottom: 10px;
color: red;
font-style: italic;
margin: 7px 7px 0 0;
}
.divLoginboxHeader {
text-align: center;

11
pixelegg/css/pixelegg.css
View File

@ -2284,14 +2284,11 @@ body {
border-top-left-radius: 10px;
color: red;
text-align: center;
padding-top: 1em;
padding: 1em;
white-space: pre-wrap;
}
#loginMainDiv div#centerBox #loginCdMessage span {
padding: 0.5em;
font-size: 1.2em;
color: #189800;
text-shadow: -1px -1px 0px #101010, 1px 1px 0px #505050;
width: 100%;
#loginMainDiv div#centerBox #loginCdMessage.error {
font-weight: bold;
}
#loginMainDiv div#centerBox form {
margin: 1em;

15
pixelegg/inc/class.pixelegg_framework.inc.php
View File

@ -61,7 +61,7 @@ class pixelegg_framework extends jdots_framework
}
return parent::header($extra);
}
/**
* Make given color lighter or darker by percentage
*
@ -78,7 +78,7 @@ class pixelegg_framework extends jdots_framework
$R = round($R * (100 + $percent) / 100);
$G = round($G * (100 + $percent) / 100);
$B = round($B * (100 + $percent) / 100);
$R = ($R<255)?$R:255;
$G = ($G<255)?$G:255;
$B = ($B<255)?$B:255;
@ -89,7 +89,7 @@ class pixelegg_framework extends jdots_framework
return '#'.$RR.$GG.$BB;
}
/**
* Overwrite to NOT add customizable colors from jDots
*
@ -104,12 +104,12 @@ class pixelegg_framework extends jdots_framework
$GLOBALS['egw_info']['user']['preferences']['common']['template_color']);
//The hex value of the color
$color_hex = ltrim($color, '#');
// Create a drak variant of the color
$color_hex_dark = $this->_color_shader($color_hex, 15);
// Create a draker variant of the color
$color_hex_darker = $this->_color_shader($color_hex, -30);
if (preg_match('/^(#[0-9A-F]+|[A-Z]+)$/i',$color)) // a little xss check
{
$ret['app_css'] = "
@ -163,8 +163,9 @@ div#egw_fw_header, div.egw_fw_ui_category:hover,#loginMainDiv,#loginMainDiv #div
* Reimplemented to remove site_title from login box and display it as loginscreenmessage, if none set.
*
* @param string $extra_vars for login url
* @param string $change_passwd =null string with message to render input fields for password change
*/
function login_screen($extra_vars)
function login_screen($extra_vars, $change_passwd=null)
{
if (empty($GLOBALS['loginscreenmessage']))
{
@ -172,6 +173,6 @@ div#egw_fw_header, div.egw_fw_ui_category:hover,#loginMainDiv,#loginMainDiv #div
}
unset($GLOBALS['egw_info']['server']['site_title']);
return parent::login_screen($extra_vars);
return parent::login_screen($extra_vars, $change_passwd);
}
}

25
pixelegg/less/layout_loginPage.less
View File

@ -94,23 +94,16 @@
// Message
#loginCdMessage{
margin: 1em;
.border_radius_button_lefttop;
color: red;
text-align: center;
padding-top: 1em;
// Text der Meldung
span {
padding: 0.5em;
font-size: 1.2em;
// .background-color-hint;
color: @color_hint;
text-shadow: -1px -1px 0px #101010, 1px 1px 0px #505050;
width: 100%;
}
margin: 1em;
.border_radius_button_lefttop;
color: red;
text-align: center;
padding: 1em;
white-space: pre-wrap;
}
#loginCdMessage.error {
font-weight: bold;
}

18
pixelegg/login.tpl
View File

@ -8,7 +8,7 @@
</div>
<div id="centerBox">
<div id="loginScreenMessage">{lang_message}</div>
<div id="loginCdMessage">{cd}</div>
<div id="loginCdMessage" class="{cd_class}">{cd}</div>
<form name="login_form" method="post" action="{login_url}">
<table class="divLoginbox divSideboxEntry" cellspacing="0" cellpadding="2" border="0" align="center">
<tr class="divLoginboxHeader">
@ -43,16 +43,26 @@
<!-- END remember_me_selection -->
<tr>
<td align="right">{lang_username}:&nbsp;</td>
<td><input name="login" tabindex="4" value="{cookie}" size="30" autofocus/></td>
<td><input name="login" tabindex="4" value="{login}" size="30" {autofocus_login}/></td>
</tr>
<tr>
<td align="right">{lang_password}:&nbsp;</td>
<td><input name="passwd" tabindex="5" type="password" size="30" /></td>
<td><input name="passwd" tabindex="5" value="{passwd}" type="password" size="30" /></td>
</tr>
<!-- BEGIN change_password -->
<tr>
<td align="right">{lang_new_password}:&nbsp;</td>
<td><input name="new_passwd" tabindex="6" type="password" size="30" {autofocus_new_passwd}/></td>
</tr>
<tr>
<td align="right">{lang_repeat_password}:&nbsp;</td>
<td><input name="new_passwd2" tabindex="7" type="password" size="30" /></td>
</tr>
<!-- END change_password -->
<tr>
<td>&nbsp;</td>
<td>
<input tabindex="6" type="submit" value=" {lang_login} " name="submitit" />
<input tabindex="8" type="submit" value=" {lang_login} " name="submitit" />
</td>
</tr>
<!-- BEGIN registration -->

94
preferences/inc/class.preferences_password.inc.php
View File

@ -27,7 +27,7 @@ class preferences_password
{
egw_framework::window_close('There was no password change!');
}
if (!is_array($content))
{
$content= array();
@ -36,43 +36,8 @@ class preferences_password
{
if ($content['button']['change'])
{
$o_passwd = $GLOBALS['egw_info']['user']['passwd'];
if($o_passwd != $content['o_passwd_2'])
if (($errors = self::do_change($content['o_passwd_2'], $content['n_passwd'], $content['n_passwd_2'])))
{
$errors[] = lang('The old password is not correct');
}
if($content['n_passwd'] != $content['n_passwd_2'])
{
$errors[] = lang('The two passwords are not the same');
}
if($o_passwd == $content['n_passwd'])
{
$errors[] = lang('Old password and new password are the same. This is invalid. You must enter a new password');
}
if(!$content['n_passwd'])
{
$errors[] = lang('You must enter a password');
}
// allow auth backends or configured password strenght to throw exceptions and display there message
if (!$errors)
{
try {
$passwd_changed = $GLOBALS['egw']->auth->change_password($o_passwd, $content['n_passwd'],
$GLOBALS['egw_info']['user']['account_id']);
}
catch (Exception $e) {
$errors[] = $e->getMessage();
}
}
if(!$passwd_changed)
{
if (!$errors) // if we have no specific error, add general message
{
$errors[] = lang('Failed to change password.');
}
egw_framework::message(implode("\n", $errors), 'error');
$content = array();
}
@ -81,7 +46,6 @@ class preferences_password
egw_framework::refresh_opener(lang('Password changed'), 'preferences');
egw_framework::window_close();
}
}
}
@ -90,4 +54,58 @@ class preferences_password
$tmpl->exec('preferences.preferences_password.change', $content,array(),array(),array(),2);
}
/**
* Do some basic checks and then change password
*
* @param string $old_passwd
* @param string $new_passwd
* @param string $new_passwd2
* @return array with already translated errors
*/
public static function do_change($old_passwd, $new_passwd, $new_passwd2)
{
if ($GLOBALS['egw_info']['flags']['currentapp'] != 'preferences')
{
translation::add_app('preferences');
}
$errors = array();
if (isset($GLOBALS['egw_info']['user']['passwd']) &&
$old_passwd !== $GLOBALS['egw_info']['user']['passwd'])
{
$errors[] = lang('The old password is not correct');
}
if ($new_passwd != $new_passwd2)
{
$errors[] = lang('The two passwords are not the same');
}
if ($old_passwd !== false && $old_passwd == $new_passwd)
{
$errors[] = lang('Old password and new password are the same. This is invalid. You must enter a new password');
}
if (!$new_passwd)
{
$errors[] = lang('You must enter a password');
}
// allow auth backends or configured password strenght to throw exceptions and display there message
if (!$errors)
{
try {
if (!$GLOBALS['egw']->auth->change_password($old_passwd, $new_passwd,
$GLOBALS['egw']->session->account_id))
{
// if we have no specific error, add general message
$errors[] = lang('Failed to change password.');
}
}
catch (Exception $e) {
$errors[] = $e->getMessage();
}
}
return $errors;
}
}