protected function drawFormReadWriteValuePasswordAttribute($attribute, $i) { if (DEBUGTMP) { printf('<font size=-2>%s</font><br />', __METHOD__); } $server = $this->getServer(); $val = $attribute->getValue($i); $enc_type = get_enc_type($val); # Set the default hashing type if the password is blank (must be newly created) if (trim($val)) { $enc_type = get_enc_type($val); } else { $enc_type = $server->getValue('appearance', 'pla_password_hash'); } echo '<table cellspacing="0" cellpadding="0"><tr><td valign="top">'; $obfuscate_password = obfuscate_password_display($enc_type); $id = sprintf('new_values_%s_%s', htmlspecialchars($attribute->getName()), $i); printf('<input type="%s" class="value" name="new_values[%s][%s]" id="%s" value="%s" %s%s %s %s/>', $obfuscate_password ? 'password' : 'text', htmlspecialchars($attribute->getName()), $i, $id, htmlspecialchars($val), $attribute->needJS('focus') ? sprintf('onfocus="focus_%s(this);" ', $attribute->getName()) : '', $attribute->needJS('blur') ? sprintf('onblur="blur_%s(this);" ', $attribute->getName()) : '', $attribute->getSize() > 0 ? sprintf('size="%s"', $attribute->getSize()) : '', $attribute->getMaxLength() > 0 ? sprintf('maxlength="%s"', $attribute->getMaxLength()) : ''); echo '</td><td valign="top">'; if ($attribute->getHelper()) { $this->draw('Helper', $attribute, $i); } else { $this->draw('DefaultHelper', $attribute, $i); } echo '</td></tr><tr><td valign="top">'; if ($attribute->getVerify() && $obfuscate_password) { printf('<input type="password" class="value" name="new_values_verify[%s][%s]" id="new_values_verify_%s_%s" value="" %s %s/>', htmlspecialchars($attribute->getName()), $i, htmlspecialchars($attribute->getName()), $i, $attribute->getSize() > 0 ? sprintf('size="%s"', $attribute->getSize()) : '', $attribute->getMaxLength() > 0 ? sprintf('maxlength="%s"', $attribute->getMaxLength()) : ''); echo '</td><td valign="top">'; printf('(%s)', _('confirm')); echo '</td></tr><tr><td valign="top">'; } $this->draw('CheckLink', $attribute, $id); echo '</td></tr></table>'; }
?> <input type="hidden" name="old_values[userpassword]" value="<?php echo htmlspecialchars($user_password); ?> " /> <!-- Special case of enc_type to detect changes when user changes enc_type but not the password value --> <input size="38" type="hidden" name="old_enc_type" value="<?php echo $enc_type == '' ? 'clear' : $enc_type; ?> " /> <?php } if (obfuscate_password_display($enc_type)) { echo htmlspecialchars(preg_replace('/./', '*', $user_password)); } else { echo htmlspecialchars($user_password); } ?> <br /> <?php if ($side == 'dst') { ?> <input style="width: 260px" type="password" name="new_values[userpassword]" value="<?php echo htmlspecialchars($user_password); ?>
$request['password'] = get_request('check_password', 'REQUEST'); $request['action'] = get_request('action', 'REQUEST'); $request['attribute'] = get_request('attr', 'REQUEST'); if (get_request('base64', 'REQUEST')) { $request['hash'] = base64_decode($request['hash']); $request['password'] = base64_decode($request['password']); } $request['enc_type'] = get_enc_type($request['hash']); printf('<h3 class="subtitle">%s</h3>', _('Password Checker Tool')); echo '<form action="password_checker.php" method="post">'; echo '<input type="hidden" name="action" value="compare" />'; printf('<input type="hidden" name="attr" value="%s" />', $request['attribute']); echo '<table class="forminput" width="100%" border="0">'; echo '<tr>'; printf('<td class="heading">%s</td>', _('Compare')); printf('<td><input type="%s" name="hash" id="hash" value="%s" /></td>', obfuscate_password_display($request['enc_type']) ? 'password' : 'text', htmlspecialchars($request['hash'])); echo '</tr>'; echo '<tr>'; printf('<td class="heading">%s</td>', _('To')); printf('<td><input type="password" name="check_password" value="%s" /></td>', htmlspecialchars($request['password'])); echo '</tr>'; echo '<tr>'; echo '<td> </td>'; echo '<td><input type="submit" value="Compare" />'; if ($request['action'] == 'compare') { echo ' <b>'; if (password_check($request['hash'], $request['password'], $request['attribute'])) { printf('<span class="good">%s</span>', _('Passwords match!')); } else { printf('<span class="bad">%s</span>', _('Passwords do not match!')); }
printf('<li><a href="%s"><img src="images/save.png" />%s (%s)</a></li>', $href, _('download value'), $i); } } else { $href = sprintf('download_binary_attr.php?server_id=%s&dn=%s&attr=%s', $ldapserver->server_id, $encoded_dn, $attr); printf('<li><a href="%s"><img src="images/save.png" />%s</a></li>', $href, _('download value')); } echo '</ul>'; # <!-- Temporary warning until we find a way to add jpegPhoto values without an INAPROPRIATE_MATCHING error --> printf('<p><small>%s</small></p>', _('Note: You will get an "inappropriate matching" error if you have not setup an EQUALITY rule on your LDAP server for this attribute.')); # <!-- End of temporary warning --> } else { echo '<ul class="current_values">'; if (is_array($current_values)) { if (strcasecmp($attr, 'userPassword') == 0) { foreach ($current_values as $key => $value) { if (obfuscate_password_display(get_enc_type($value))) { echo '<li><nobr>' . preg_replace('/./', '*', $value) . '<br /></li>'; } else { echo '<li><nobr>' . htmlspecialchars($value) . '<br /></li>'; } } } else { foreach ($current_values as $val) { printf('<li><nobr>%s</nobr></li>', htmlspecialchars($val)); } } } else { printf('<li><nobr>%s</nobr></li>', htmlspecialchars($current_values)); } echo '</ul>'; }
} } elseif (is_array($old_values[$attr])) { foreach ($old_values[$attr] as $v) { echo nl2br(htmlspecialchars($v)) . '<br />'; } } else { echo nl2br(htmlspecialchars($old_values[$attr])) . '<br />'; } echo '</nobr></td>'; echo '<td><nobr>'; # Is this a multi-valued attribute? if (is_array($new_val)) { if (strcasecmp($attr, 'userPassword') == 0) { foreach ($new_values[$attr] as $key => $value) { if (isset($new_val[$key])) { if (obfuscate_password_display(get_enc_type($new_val[$key]))) { echo preg_replace('/./', '*', $new_val[$key]) . '<br />'; } else { echo htmlspecialchars($new_val[$key]) . '<br />'; } } } } else { foreach ($new_val as $i => $v) { if ($v == '') { # Remove it from the update array if it's empty unset($update_array[$attr][$i]); $update_array[$attr] = array_values($update_array[$attr]); } else { echo nl2br(htmlspecialchars($v)) . '<br />'; }
foreach ($vals as $user_password) { $enc_type = get_enc_type($user_password); # Set the default hashing type if the password is blank (must be newly created) if ($user_password == '') { $enc_type = get_default_hash($ldapserver->server_id); } printf('<input type="hidden" name="old_values[userpassword][]" value="%s" />', htmlspecialchars($user_password)); echo '<!-- Special case of enc_type to detect changes when user changes enc_type but not the password value -->'; printf('<input size="38" type="hidden" name="old_enc_type[]" value="%s" />', $enc_type == '' ? 'clear' : $enc_type); if (obfuscate_password_display($enc_type)) { echo htmlspecialchars(preg_replace('/./', '*', $user_password)); } else { echo htmlspecialchars($user_password); } echo '<br />'; printf('<input style="width: 260px" type="%s" name="new_values[userpassword][]" value="" />', obfuscate_password_display($enc_type) ? 'password' : 'text'); echo enc_type_select_list($enc_type); echo '<br />'; printf('<small><a href="javascript:passwordComparePopup(\'%s\')">%s</a></small>', base64_encode($user_password), _('Check password...')); echo '<br />'; } /* Draw the "add value" link under the list of values for this attributes */ if (!$ldapserver->isReadOnly() && ($schema_attr = $ldapserver->getSchemaAttribute($attr, $dn)) && !$schema_attr->getIsSingleValue()) { $add_href = sprintf('add_value_form.php?server_id=%s&dn=%s&attr=%s', $ldapserver->server_id, $encoded_dn, rawurlencode($attr)); printf('<div class="add_value">(<a href="%s" title="%s">%s</a>)</div>', $add_href, sprintf(_('Add an additional value to attribute \'%s\''), $attr), _('add value')); } echo '</td>'; echo '</tr>'; if ($is_modified_attr) { echo '<tr class="updated_attr"><td class="bottom" colspan="2"></td></tr>'; }