/** * Save password form * */ public function savePassword() { global $tpl, $lng, $ilCtrl, $ilUser, $ilSetting; // normally we should not end up here if (!$this->allowPasswordChange()) { $ilCtrl->redirect($this, "showPersonalData"); return; } $this->initPasswordForm(); if ($this->form->checkInput()) { $cp = $this->form->getItemByPostVar("current_password"); $np = $this->form->getItemByPostVar("new_password"); $error = false; // The old password needs to be checked for verification // unless the user uses Shibboleth authentication with additional // local authentication for WebDAV. #if ($ilUser->getAuthMode(true) != AUTH_SHIBBOLETH || ! $ilSetting->get("shib_auth_allow_local")) if ($ilUser->getAuthMode(true) == AUTH_LOCAL) { require_once 'Services/User/classes/class.ilUserPasswordManager.php'; if (!ilUserPasswordManager::getInstance()->verifyPassword($ilUser, ilUtil::stripSlashes($_POST['current_password']))) { $error = true; $cp->setAlert($this->lng->txt('passwd_wrong')); } } // select password from auto generated passwords if ($this->ilias->getSetting("passwd_auto_generate") == 1 && !ilUtil::isPassword($_POST["new_password"])) { $error = true; $np->setAlert($this->lng->txt("passwd_not_selected")); } if ($this->ilias->getSetting("passwd_auto_generate") != 1 && !ilUtil::isPassword($_POST["new_password"], $custom_error)) { $error = true; if ($custom_error != '') { $np->setAlert($custom_error); } else { $np->setAlert($this->lng->txt("passwd_invalid")); } } $error_lng_var = ''; if ($this->ilias->getSetting("passwd_auto_generate") != 1 && !ilUtil::isPasswordValidForUserContext($_POST["new_password"], $ilUser, $error_lng_var)) { ilUtil::sendFailure($this->lng->txt('form_input_not_valid')); $np->setAlert($this->lng->txt($error_lng_var)); $error = true; } if ($this->ilias->getSetting("passwd_auto_generate") != 1 && ($ilUser->isPasswordExpired() || $ilUser->isPasswordChangeDemanded()) && $_POST["current_password"] == $_POST["new_password"]) { $error = true; $np->setAlert($this->lng->txt("new_pass_equals_old_pass")); } if (!$error) { $ilUser->resetPassword($_POST["new_password"], $_POST["new_password"]); if ($_POST["current_password"] != $_POST["new_password"]) { $ilUser->setLastPasswordChangeToNow(); } if (ilSession::get('orig_request_target')) { ilUtil::sendSuccess($this->lng->txt('saved_successfully'), true); $target = ilSession::get('orig_request_target'); ilSession::set('orig_request_target', ''); ilUtil::redirect($target); } else { ilUtil::sendSuccess($this->lng->txt('saved_successfully')); $this->showPassword(true, true); return; } } } $this->form->setValuesByPost(); $this->showPassword(true); }
/** * Check input, strip slashes etc. set alert, if input is not ok. * * @return boolean Input ok, true/false */ function checkInput() { global $lng; $_POST[$this->getPostVar()] = ilUtil::stripSlashes($_POST[$this->getPostVar()]); $_POST[$this->getPostVar() . "_retype"] = ilUtil::stripSlashes($_POST[$this->getPostVar() . "_retype"]); if ($this->getRequired() && trim($_POST[$this->getPostVar()]) == "") { $this->setAlert($lng->txt("msg_input_is_required")); return false; } if ($this->getValidateAuthPost() != "") { $auth = ilAuthUtils::_getAuthMode($_POST[$this->getValidateAuthPost()]); // check, if password is required dependent on auth mode if ($this->getRequiredOnAuth() && ilAuthUtils::_allowPasswordModificationByAuthMode($auth) && trim($_POST[$this->getPostVar()]) == "") { $this->setAlert($lng->txt("form_password_required_for_auth")); return false; } // check, if password is allowed to be set for given auth mode if (trim($_POST[$this->getPostVar()]) != "" && !ilAuthUtils::_allowPasswordModificationByAuthMode($auth)) { $this->setAlert($lng->txt("form_password_not_allowed_for_auth")); return false; } } if ($this->getRetype() && !$this->getPreSelection() && $_POST[$this->getPostVar()] != $_POST[$this->getPostVar() . "_retype"]) { $this->setAlert($lng->txt("passwd_not_match")); return false; } if (!$this->getSkipSyntaxCheck() && !ilUtil::isPassword($_POST[$this->getPostVar()], $custom_error) && $_POST[$this->getPostVar()] != "") { if ($custom_error != '') { $this->setAlert($custom_error); } else { $this->setAlert($lng->txt("passwd_invalid")); } return false; } return $this->checkSubItemsInput(); }
/** Reads the submitted data from the password assistance form. * * The following form fields are read as HTTP POST parameters: * key * username * password1 * password2 * * The key is used to retrieve the password assistance session. * If the key is missing, or if the password assistance session has expired, the * password assistance form will be shown instead of this form. * * If the password assistance session is valid, and if the username matches the * username, for which the password assistance has been requested, and if the * new password is valid, ILIAS assigns the password to the user. * * Note: To prevent replay attacks, the session is deleted when the * password has been assigned successfully. */ function submitAssignPasswordForm() { global $tpl, $ilias, $lng, $rbacadmin, $rbacreview; require_once "include/inc.pwassist_session_handler.php"; // Retrieve form data $pwassist_id = ilUtil::stripSlashes($_POST["key"]); $username = ilUtil::stripSlashes($_POST["username"]); $password1 = ilUtil::stripSlashes($_POST["password1"]); $password2 = ilUtil::stripSlashes($_POST["password2"]); // Retrieve the session $pwassist_session = db_pwassist_session_read($pwassist_id); if (count($pwassist_session) == 0 || $pwassist_session["expires"] < time()) { $this->showAssistanceForm($lng->txt("pwassist_session_expired")); } else { $is_successful = true; $message = ""; $userObj = new ilObjUser($pwassist_session["user_id"]); // Validate the entries of the user // ---------------------------------- // check if the user still exists if ($userObj == null) { $message = $lng->txt("user_does_not_exist"); $is_successful = false; } // check if the username entered by the user matches the // one of the user object. if ($is_successful && strcasecmp($userObj->getLogin(), $username) != 0) { $message = $lng->txt("pwassist_login_not_match"); $is_successful = false; } // check if the user entered the password correctly into the // two entry fields. if ($is_successful && $password1 != $password2) { $message = $lng->txt("passwd_not_match"); $is_successful = false; } // validate the password if ($is_successful && !ilUtil::isPassword($password1)) { $message = $lng->txt("passwd_invalid"); $is_successful = false; } // End of validation // If the validation was successful, we change the password of the // user. // ------------------ if ($is_successful) { $is_successful = $userObj->resetPassword($password1, $password2); if (!$is_successful) { $message = $lng->txt("passwd_invalid"); } } // If we are successful so far, we update the user object. // ------------------ if ($is_successful) { $is_successfull = $userObj->update(); if (!$is_successful) { $message = $lng->txt("update_error"); } } // If we are successful, we destroy the password assistance // session and redirect to the login page. // Else we display the form again along with an error message. // ------------------ if ($is_successful) { db_pwassist_session_destroy($pwassist_id); $this->showMessageForm(null, sprintf($lng->txt("pwassist_password_assigned"), $username)); } else { $this->showAssignPasswordForm($message, $username, $password1, $password2, $pwassist_id); } } }
function __validateUserData(&$user_data, $check_complete = true) { global $lng, $styleDefinition, $ilLog; $this->__setMessage(''); include_once './Services/Authentication/classes/class.ilAuthUtils.php'; $allow_empty_password = ilAuthUtils::_needsExternalAccountByAuthMode(ilAuthUtils::_getAuthMode($user_data['auth_mode'])); if ($check_complete) { if (!isset($user_data['login'])) { $this->__appendMessage('No login given.'); } if (!isset($user_data['passwd']) and !$allow_empty_password) { $this->__appendMessage('No password given.'); } if (!isset($user_data['email'])) { $this->__appendMessage('No email given'); } if (!isset($user_data['user_language'])) { $user_data['user_language'] = $lng->getDefaultLanguage(); } } foreach ($user_data as $field => $value) { switch ($field) { case 'login': if (!ilUtil::isLogin($value)) { $this->__appendMessage('Login invalid.'); } // check loginname if ($check_complete) { if (ilObjUser::_loginExists($value)) { $this->__appendMessage('Login already exists.'); } } break; case 'passwd': if (!strlen($value) and $allow_empty_password) { break; } if (!ilUtil::isPassword($value)) { $this->__appendMessage('Password invalid.'); } break; case 'email': if (!ilUtil::is_email($value)) { $this->__appendMessage('Email invalid.'); } break; case 'time_limit_unlimited': if ($value != 1) { if ($user_data['time_limit_from'] >= $user_data['time_limit_until']) { $this->__appendMessage('Time limit invalid'); } } break; case 'user_language': $lang_inst = $lng->getInstalledLanguages(); if (!in_array($user_data['user_language'], $lang_inst)) { $this->__appendMessage('Language: ' . $user_data['user_language'] . ' is not installed'); } break; case 'user_skin': case 'user_style': if ($user_data['user_skin'] and !$user_data['user_style'] or !$user_data['user_skin'] and $user_data['user_style']) { $this->__appendMessage('user_skin, user_style not valid.'); } elseif ($user_data['user_skin'] and $user_data['user_style']) { $ok = false; $templates = $styleDefinition->getAllTemplates(); if (count($templates) > 0 && is_array($templates)) { foreach ($templates as $template) { $styleDef =& new ilStyleDefinition($template["id"]); $styleDef->startParsing(); $styles = $styleDef->getStyles(); foreach ($styles as $style) { if ($user_data['user_skin'] == $template["id"] && $user_data['user_style'] == $style["id"]) { $ok = true; } } } if (!$ok) { $this->__appendMessage('user_skin, user_style not valid.'); } } } break; case 'time_limit_owner': $type = ilObject::_lookupType($user_data['time_limit_owner'], true); if ($type != 'cat' and $type != 'usrf') { $this->__appendMessage('time_limit_owner must be ref_id of category or user folder' . $type); } break; default: continue; } } return strlen($this->__getMessage()) ? false : true; }
/** * Does input checks and updates a user account if everything is fine. * @access public */ function updateObjectOld() { global $ilias, $rbacsystem, $rbacadmin, $ilUser; include_once './Services/Authentication/classes/class.ilAuthUtils.php'; //load ILIAS settings $settings = $ilias->getAllSettings(); // User folder if ($this->usrf_ref_id == USER_FOLDER_ID and !$rbacsystem->checkAccess('visible,read,write', $this->usrf_ref_id)) { $this->ilias->raiseError($this->lng->txt("msg_no_perm_modify_user"), $this->ilias->error_obj->MESSAGE); } // if called from local administration $this->usrf_ref_id is category id // Todo: this has to be fixed. Do not mix user folder id and category id if ($this->usrf_ref_id != USER_FOLDER_ID) { // check if user is assigned to category if (!$rbacsystem->checkAccess('cat_administrate_users', $this->object->getTimeLimitOwner())) { $this->ilias->raiseError($this->lng->txt("msg_no_perm_modify_user"), $this->ilias->error_obj->MESSAGE); } } foreach ($_POST["Fobject"] as $key => $val) { $_POST["Fobject"][$key] = ilUtil::stripSlashes($val); } // check dynamically required fields foreach ($settings as $key => $val) { $field = substr($key, 8); switch ($field) { case 'passwd': case 'passwd2': if (ilAuthUtils::_allowPasswordModificationByAuthMode(ilAuthUtils::_getAuthMode($_POST['Fobject']['auth_mode']))) { $require_keys[] = $field; } break; default: $require_keys[] = $field; break; } } foreach ($require_keys as $key => $val) { // exclude required system and registration-only fields $system_fields = array("default_role"); if (!in_array($val, $system_fields)) { if (isset($settings["require_" . $val]) && $settings["require_" . $val]) { if (empty($_POST["Fobject"][$val])) { $this->ilias->raiseError($this->lng->txt("fill_out_all_required_fields") . ": " . $this->lng->txt($val), $this->ilias->error_obj->MESSAGE); } } } } if (!$this->__checkUserDefinedRequiredFields()) { $this->ilias->raiseError($this->lng->txt("fill_out_all_required_fields"), $this->ilias->error_obj->MESSAGE); } // validate login if ($this->object->getLogin() != $_POST["Fobject"]["login"] && !ilUtil::isLogin($_POST["Fobject"]["login"])) { $this->ilias->raiseError($this->lng->txt("login_invalid"), $this->ilias->error_obj->MESSAGE); } // check loginname if (ilObjUser::_loginExists($_POST["Fobject"]["login"], $this->id)) { $this->ilias->raiseError($this->lng->txt("login_exists"), $this->ilias->error_obj->MESSAGE); } if (ilAuthUtils::_allowPasswordModificationByAuthMode(ilAuthUtils::_getAuthMode($_POST['Fobject']['auth_mode']))) { if ($_POST['Fobject']['passwd'] == "********" and !strlen($this->object->getPasswd())) { $this->ilias->raiseError($this->lng->txt("fill_out_all_required_fields") . ": " . $this->lng->txt('password'), $this->ilias->error_obj->MESSAGE); } // check passwords if ($_POST["Fobject"]["passwd"] != $_POST["Fobject"]["passwd2"]) { $this->ilias->raiseError($this->lng->txt("passwd_not_match"), $this->ilias->error_obj->MESSAGE); } // validate password if (!ilUtil::isPassword($_POST["Fobject"]["passwd"])) { $this->ilias->raiseError($this->lng->txt("passwd_invalid"), $this->ilias->error_obj->MESSAGE); } } else { // Password will not be changed... $_POST['Fobject']['passwd'] = "********"; } if (ilAuthUtils::_needsExternalAccountByAuthMode(ilAuthUtils::_getAuthMode($_POST['Fobject']['auth_mode']))) { if (!strlen($_POST['Fobject']['ext_account'])) { $this->ilias->raiseError($this->lng->txt('ext_acccount_required'), $this->ilias->error_obj->MESSAGE); } } if ($_POST['Fobject']['ext_account'] && ($elogin = ilObjUser::_checkExternalAuthAccount($_POST['Fobject']['auth_mode'], $_POST['Fobject']['ext_account']))) { if ($elogin != $this->object->getLogin()) { $this->ilias->raiseError(sprintf($this->lng->txt("err_auth_ext_user_exists"), $_POST["Fobject"]["ext_account"], $_POST['Fobject']['auth_mode'], $elogin), $this->ilias->error_obj->MESSAGE); } } // The password type is not passed with the post data. Therefore we // append it here manually. include_once './Services/User/classes/class.ilObjUser.php'; $_POST["Fobject"]["passwd_type"] = IL_PASSWD_PLAIN; // validate email if (strlen($_POST['Fobject']['email']) and !ilUtil::is_email($_POST["Fobject"]["email"])) { $this->ilias->raiseError($this->lng->txt("email_not_valid"), $this->ilias->error_obj->MESSAGE); } $start = $this->__toUnix($_POST["time_limit"]["from"]); $end = $this->__toUnix($_POST["time_limit"]["until"]); // validate time limit if (!$_POST["time_limit"]["unlimited"] and $start > $end) { $this->ilias->raiseError($this->lng->txt("time_limit_not_valid"), $this->ilias->error_obj->MESSAGE); } if (!$this->ilias->account->getTimeLimitUnlimited()) { if ($start < $this->ilias->account->getTimeLimitFrom() or $end > $this->ilias->account->getTimeLimitUntil() or $_POST['time_limit']['unlimited']) { $_SESSION['error_post_vars'] = $_POST; ilUtil::sendFailure($this->lng->txt('time_limit_not_within_owners')); $this->editObject(); return false; } } // TODO: check length of login and passwd // checks passed. save user $_POST['Fobject']['time_limit_owner'] = $this->object->getTimeLimitOwner(); $_POST['Fobject']['time_limit_unlimited'] = (int) $_POST['time_limit']['unlimited']; $_POST['Fobject']['time_limit_from'] = $this->__toUnix($_POST['time_limit']['from']); $_POST['Fobject']['time_limit_until'] = $this->__toUnix($_POST['time_limit']['until']); if ($_POST['Fobject']['time_limit_unlimited'] != $this->object->getTimeLimitUnlimited() or $_POST['Fobject']['time_limit_from'] != $this->object->getTimeLimitFrom() or $_POST['Fobject']['time_limit_until'] != $this->object->getTimeLimitUntil()) { $_POST['Fobject']['time_limit_message'] = 0; } else { $_POST['Fobject']['time_limit_message'] = $this->object->getTimeLimitMessage(); } $this->object->assignData($_POST["Fobject"]); $this->object->setUserDefinedData($_POST['udf']); try { $this->object->updateLogin($_POST['Fobject']['login']); } catch (ilUserException $e) { ilUtil::sendFailure($e->getMessage()); $this->form_gui->setValuesByPost(); return $tpl->setContent($this->form_gui->getHtml()); } $this->object->setTitle($this->object->getFullname()); $this->object->setDescription($this->object->getEmail()); $this->object->setLanguage($_POST["Fobject"]["language"]); //set user skin and style $sknst = explode(":", $_POST["Fobject"]["skin_style"]); if ($this->object->getPref("style") != $sknst[1] || $this->object->getPref("skin") != $sknst[0]) { $this->object->setPref("skin", $sknst[0]); $this->object->setPref("style", $sknst[1]); } // set hits per pages $this->object->setPref("hits_per_page", $_POST["Fobject"]["hits_per_page"]); // set show users online $this->object->setPref("show_users_online", $_POST["Fobject"]["show_users_online"]); // set hide_own_online_status if ($_POST["Fobject"]["hide_own_online_status"]) { $this->object->setPref("hide_own_online_status", $_POST["Fobject"]["hide_own_online_status"]); } else { $this->object->setPref("hide_own_online_status", "n"); } $this->update = $this->object->update(); //$rbacadmin->updateDefaultRole($_POST["Fobject"]["default_role"], $this->object->getId()); // BEGIN DiskQuota: Remember the state of the "send info mail" checkbox global $ilUser; $ilUser->setPref('send_info_mails', $_POST['send_mail'] == 'y' ? 'y' : 'n'); $ilUser->writePrefs(); // END DiskQuota: Remember the state of the "send info mail" checkbox $mail_message = $this->__sendProfileMail(); $msg = $this->lng->txt('saved_successfully') . $mail_message; // feedback ilUtil::sendSuccess($msg, true); if (strtolower($_GET["baseClass"]) == 'iladministrationgui') { $this->ctrl->redirectByClass("ilobjuserfoldergui", "view"); } else { $this->ctrl->redirectByClass('ilobjcategorygui', 'listUsers'); } }
/** * Save password form * */ public function savePassword() { global $tpl, $lng, $ilCtrl, $ilUser, $ilSetting; // normally we should not end up here if (!$this->allowPasswordChange()) { $ilCtrl->redirect($this, "showPersonalData"); return; } $this->initPasswordForm(); if ($this->form->checkInput()) { $cp = $this->form->getItemByPostVar("current_password"); $np = $this->form->getItemByPostVar("new_password"); $error = false; // The old password needs to be checked for verification // unless the user uses Shibboleth authentication with additional // local authentication for WebDAV. #if ($ilUser->getAuthMode(true) != AUTH_SHIBBOLETH || ! $ilSetting->get("shib_auth_allow_local")) if ($ilUser->getAuthMode(true) == AUTH_LOCAL) { // check current password if (md5($_POST["current_password"]) != $ilUser->getPasswd() and $ilUser->getPasswd()) { $error = true; $cp->setAlert($this->lng->txt("passwd_wrong")); } } // select password from auto generated passwords if ($this->ilias->getSetting("passwd_auto_generate") == 1 && !ilUtil::isPassword($_POST["new_password"])) { $error = true; $np->setAlert($this->lng->txt("passwd_not_selected")); } if ($this->ilias->getSetting("passwd_auto_generate") != 1 && !ilUtil::isPassword($_POST["new_password"], $custom_error)) { $error = true; if ($custom_error != '') { $np->setAlert($custom_error); } else { $np->setAlert($this->lng->txt("passwd_invalid")); } } if ($this->ilias->getSetting("passwd_auto_generate") != 1 && ($ilUser->isPasswordExpired() || $ilUser->isPasswordChangeDemanded()) && $_POST["current_password"] == $_POST["new_password"]) { $error = true; $np->setAlert($this->lng->txt("new_pass_equals_old_pass")); } if (!$error) { ilUtil::sendSuccess($this->lng->txt("saved_successfully"), true); $ilUser->resetPassword($_POST["new_password"], $_POST["new_password"]); if ($_POST["current_password"] != $_POST["new_password"]) { $ilUser->setLastPasswordChangeToNow(); } $ilCtrl->redirect($this, "showPassword"); } } $this->form->setValuesByPost(); $this->showPassword(true); }
/** * change user password */ function changeFeedSettings() { global $ilCtrl, $lng, $ilUser; // Deactivate private Feed - just delete the password if (empty($_POST["enable_private_feed"])) { ilUtil::sendSuccess($lng->txt("priv_feed_disabled"), true); $ilUser->_setFeedPass($_SESSION["AccountId"], ""); $ilCtrl->returnToParent($this); } else { // check old password if ($_POST["desired_password"] != $_POST["retype_password"]) { ilUtil::sendFailure($lng->txt("passwd_not_match"), true); $ilCtrl->redirectByClass("ilPDNewsBlockGUI", "editSettings"); } else { if (!ilUtil::isPassword($_POST["desired_password"])) { ilUtil::sendFailure($lng->txt("passwd_invalid"), true); $ilCtrl->redirectByClass("ilPDNewsBlockGUI", "editSettings"); } else { if (md5($_POST["desired_password"]) == $ilUser->getPasswd()) { ilUtil::sendFailure($lng->txt("passwd_equals_ilpasswd"), true); $ilCtrl->redirectByClass("ilPDNewsBlockGUI", "editSettings"); } else { if ($_POST["desired_password"] != "") { ilUtil::sendSuccess($lng->txt("saved_successfully"), true); $ilUser->_setFeedPass($_SESSION["AccountId"], $_POST["desired_password"]); $ilCtrl->returnToParent($this); } } } } } }