$conf = $GLOBALS['CONF'];
$pass_length_min = $conf->get_conf('pass_length_min') ? $conf->get_conf('pass_length_min') : 7;
$pass_length_max = $conf->get_conf('pass_length_max') ? $conf->get_conf('pass_length_max') : 255;
$pass_length_max = $pass_length_max < $pass_length_min || $pass_length_max < 1 ? 255 : $pass_length_max;
$pass_expire_min = $conf->get_conf('pass_expire_min') ? $conf->get_conf('pass_expire_min') : 0;
if (0 != strcmp($pass1, $pass2)) {
$validation_errors['pass'] = _('Authentication failure') . '. ' . _('Passwords mismatch');
} elseif (strlen($pass1) < $pass_length_min) {
$validation_errors['pass'] = _('Password is not long enough') . ' [' . _('Minimum password size is') . ' ' . $pass_length_min . ']';
} elseif (strlen($pass1) > $pass_length_max) {
$validation_errors['pass'] = _('Password is long enough') . ' [' . _('Maximum password size is') . ' ' . $pass_length_max . ']';
} elseif (!Session::pass_check_complexity($pass1)) {
$validation_errors['pass'] = _('Password is not strong enough. Check the password policy configuration for more details');
} elseif ($mode == 'update') {
$recent_pass = Log_action::get_last_pass($conn, $login);
if ($pass_expire_min > 0 && dateDiff_min($last_pass_change, date('Y-m-d H:i:s')) < $pass_expire_min && !Session::am_i_admin()) {
$validation_errors['pass'] = _('Password lifetime is too short to allow change. Wait a few minutes...');
} elseif (count($recent_pass) > 0 && (in_array(md5($pass1), $recent_pass) || in_array(hash('sha256', $pass1), $recent_pass))) {
$validation_errors['pass'] = _('This password is recently used. Try another');
}
}
}
}
}
//Checking entities field requirements
if (empty($validation_errors['entities[]'])) {
//Check allowed entities
if ($pro && !$is_my_profile) {
foreach ($entities as $ent_id) {
if (!Acl::entityAllowed($ent_id)) {
$validation_errors['entities[]'] = _("You don't have permission to create users at this level");
} else {
$error->display(_("BAD_OLD_PASSWORD"));
}
} elseif (strlen($pass1) < $pass_length_min) {
require_once "ossim_error.inc";
$error = new OssimError();
$error->display("PASSWORD_SIZE");
} elseif (strlen($pass1) > $pass_length_max) {
require_once "ossim_error.inc";
$error = new OssimError();
$error->display("PASSWORD_SIZE_MAX");
} elseif (!Session::pass_check_complexity($pass1)) {
require_once "ossim_error.inc";
$error = new OssimError();
$error->display("PASSWORD_ALPHANUM");
} elseif ($pass_expire_min > 0 && dateDiff_min($last_pass_change, date("Y-m-d H:i:s")) < $pass_expire_min) {
require_once "ossim_error.inc";
$error = new OssimError();
$error->display("PASSWORD_EXPIRE_MIN");
} elseif (count($recent_pass) > 0 && in_array(md5($pass1), $recent_pass)) {
require_once "ossim_error.inc";
$error = new OssimError();
$error->display("PASSWORD_RECENT");
}
/* check for old password if not actual user or admin */
/*
if ((($_SESSION["_user"] != $user) && $_SESSION["_user"] != ACL_DEFAULT_OSSIM_ADMIN) && !is_array($user_list = Session::get_list($conn, "WHERE login = '******' and pass = '******'"))) {
require_once ("ossim_error.inc");
$error = new OssimError();
$error->display("BAD_OLD_PASSWORD");
}*/
