/** * Validate the data for the admin user account * * @param string &$username the login id for the admin user - * @param string $passwd the password for the new user * @param string $passwd2 the verification password for the new user * @param string $fname the first name of the administrator * @param string $lname the lastname of the administrator * * @return array list of errors - empty array if valid * * @internal we pass the username by ref so it can be unset if invalid */ function validate_admin(&$username, $passwd, &$passwd2, $fname, $lname) { phpgw::import_class('phpgwapi.globally_denied'); $errors = array(); if ($passwd != $passwd2) { $errors[] = lang('Passwords did not match, please re-enter'); } else { $account = new phpgwapi_user(); try { $account->validate_password($passwd); } catch (Exception $e) { $errors[] = $e->getMessage(); } } if (!$username) { $errors[] = lang('You must enter a username for the admin'); } else { if (phpgwapi_globally_denied::user($username)) { $errors[] = lang('You can not use %1 as the admin username, please try again with another username', $username); $username = ''; } } return $errors; }
/** * Validate a username * * @param string $username the username to validate * @param boolean $lookup check if the account already exists * * @return boolean is the username valid? * * @throws Exception when username is invalid */ private function _validate_username($username, $lookup = true) { if (!strlen($username)) { throw new Exception('Username is too short'); } if ($lookup) { $id = $GLOBALS['phpgw']->accounts->name2id($username); if ($id && $id != $this->_data['id']) { throw new Exception('Username already in use'); } } phpgw::import_class('phpgwapi.globally_denied'); if (phpgwapi_globally_denied::user($username)) { throw new Exception('Username is blocked'); } return true; }
/** * Create a new session * * @param string $login user login * @param string $passwd user password * @param boolean $skip_auth create a sesison without authenticating the user? * * @return string session id */ public function create($login, $passwd = '', $skip_auth = false) { phpgw::import_class('phpgwapi.globally_denied'); $accounts =& $GLOBALS['phpgw']->accounts; if (is_array($login)) { $this->_login = $login['login']; $this->_passwd = $login['passwd']; $login = $this->_login; } else { $this->_login = $login; $this->_passwd = $passwd; } $now = time(); $this->_set_login($login); $user_ip = $this->_get_user_ip(); if ($this->_login_blocked($login, $this->_get_user_ip())) { $this->reason = 'blocked, too many attempts'; $this->cd_reason = 99; // log unsuccessfull login $this->log_access($this->reason, $login, $user_ip, 0); return false; } if (phpgwapi_globally_denied::user($this->_account_lid) || !$accounts->name2id($this->_account_lid) || !$skip_auth && !$GLOBALS['phpgw']->auth->authenticate($this->_account_lid, $this->_passwd) || get_class($accounts->get($accounts->name2id($this->_account_lid))) == phpgwapi_account::CLASS_TYPE_GROUP) { $this->reason = 'bad login or password'; $this->cd_reason = 5; // log unsuccessfull login $this->log_access($this->reason, $login, $user_ip, 0); return false; } if (!$accounts->exists($this->_account_lid) && $GLOBALS['phpgw_info']['server']['auto_create_acct']) { $this->_account_id = $accounts->auto_add($this->_account_lid, $passwd); } else { $this->_account_id = $accounts->name2id($this->_account_lid); } $GLOBALS['phpgw_info']['user']['account_id'] = $this->_account_id; $accounts->set_account($this->_account_id); session_start(); $this->_sessionid = session_id(); if (isset($GLOBALS['phpgw_info']['server']['usecookies']) && $GLOBALS['phpgw_info']['server']['usecookies']) { $this->phpgw_setcookie(session_name(), $this->_sessionid); $this->phpgw_setcookie('domain', $this->_account_domain); } if (isset($GLOBALS['phpgw_info']['server']['usecookies']) && $GLOBALS['phpgw_info']['server']['usecookies'] || isset($_COOKIE['last_loginid'])) { // Create a cookie which expires in 14 days $cookie_expires = $now + 60 * 60 * 24 * 14; $this->phpgw_setcookie('last_loginid', $this->_account_lid, $cookie_expires); $this->phpgw_setcookie('last_domain', $this->_account_domain, $cookie_expires); } /* we kill this for security reasons */ unset($GLOBALS['phpgw_info']['server']['default_domain']); /* init the crypto object */ $this->_key = md5($this->_sessionid . $GLOBALS['phpgw_info']['server']['encryptkey']); $this->_iv = $GLOBALS['phpgw_info']['server']['mcrypt_iv']; $GLOBALS['phpgw']->crypto->init(array($this->_key, $this->_iv)); $this->read_repositories(); if ($this->_data['expires'] != -1 && $this->_data['expires'] < time()) { if (is_object($GLOBALS['phpgw']->log)) { $GLOBALS['phpgw']->log->message(array('text' => 'W-LoginFailure, account loginid %1 is expired', 'p1' => $this->_account_lid, 'line' => __LINE__, 'file' => __FILE__)); $GLOBALS['phpgw']->log->commit(); } $this->cd_reason = 2; return false; } $GLOBALS['phpgw_info']['user'] = $this->_data; // $GLOBALS['phpgw_info']['hooks'] = $this->hooks; phpgwapi_cache::session_set('phpgwapi', 'password', base64_encode($this->_passwd)); if ($GLOBALS['phpgw']->acl->check('anonymous', 1, 'phpgwapi')) { $session_flags = 'A'; } else { $session_flags = 'N'; } $GLOBALS['phpgw']->db->transaction_begin(); $this->register_session($login, $user_ip, $now, $session_flags); $this->log_access($this->_sessionid, $login, $user_ip, $this->_account_id); $GLOBALS['phpgw']->auth->update_lastlogin($this->_account_id, $user_ip); $GLOBALS['phpgw']->db->transaction_commit(); return $this->_sessionid; }
$tmp = $info[$i]['uidnumber'][0]; $account_info[$tmp]['id'] = $info[$i]['uidnumber'][0]; $account_info[$tmp]['lid'] = $info[$i]['uid'][0]; $account_info[$tmp]['firstname'] = $info[$i]['givenname'][0]; $account_info[$tmp]['lastname'] = $info[$i]['sn'][0]; $account_info[$tmp]['password'] = isset($info[$i]['userpassword'][0]) ? $info[$i]['userpassword'][0] : ''; //echo 'password?'; } } $group_info = array(); if ($GLOBALS['phpgw_info']['server']['ldap_group_context']) { $srg = ldap_search($ldap, $config['ldap_group_context'], '(|(cn=*))', array('gidnumber', 'cn', 'memberuid')); $info = ldap_get_entries($ldap, $srg); $tmp = ''; for ($i = 0; $i < $info['count']; ++$i) { if (isset($info[$i]['cn'][0]) && !phpgwapi_globally_denied::user($info[$i]['cn'][0]) && (!isset($account_info[$i][$info[$i]['cn'][0]]) || !$account_info[$i][$info[$i]['cn'][0]])) { $tmp = $info[$i]['gidnumber'][0]; $group_info[$tmp]['id'] = $info[$i]['gidnumber'][0]; $group_info[$tmp]['lid'] = $info[$i]['cn'][0]; $group_info[$tmp]['members'] = $info[$i]['memberuid']; $group_info[$tmp]['firstname'] = $info[$i]['cn'][0]; $group_info[$tmp]['lastname'] = 'Group'; } } } $GLOBALS['phpgw_setup']->db->query("SELECT app_name FROM phpgw_applications WHERE app_enabled!='0' AND app_enabled!='3' ORDER BY app_name", __LINE__, __FILE__); while ($GLOBALS['phpgw_setup']->db->next_record()) { $apps[$GLOBALS['phpgw_setup']->db->f('app_name')] = lang($GLOBALS['phpgw_setup']->db->f('app_name')); } if (isset($_POST['cancel']) && $_POST['cancel']) { Header("Location: ldap.php");