/**
* Definition of the function modifyUser in order to modify the password
*
* @param string $user nick of the user to be changed
* @param array $changes array of field/value pairs to be changed (password will be clear text)
* @return bool true on success, false on error
*/
function modifyUser($user, $changes)
{
// open the connection to the ldap
if (!$this->_openLDAP()) {
$this->_debug('LDAP cannot connect: ' . htmlspecialchars(ldap_error($this->con)), 0, __LINE__, __FILE__);
return false;
}
// find the information about the user, in particular the "dn"
$info = $this->getUserData($user, true);
if (empty($info['dn'])) {
$this->_debug('LDAP cannot find your user dn', 0, __LINE__, __FILE__);
return false;
}
$dn = $info['dn'];
// find the old password of the user
list($loginuser, $loginsticky, $loginpass) = auth_getCookie();
if ($loginuser !== null) {
// the user is currently logged in
$secret = auth_cookiesalt(!$loginsticky, true);
$pass = auth_decrypt($loginpass, $secret);
// bind with the ldap
if (!@ldap_bind($this->con, $dn, $pass)) {
$this->_debug('LDAP user bind failed: ' . htmlspecialchars($dn) . ': ' . htmlspecialchars(ldap_error($this->con)), 0, __LINE__, __FILE__);
return false;
}
} elseif ($this->getConf('binddn') && $this->getConf('bindpw')) {
// we are changing the password on behalf of the user (eg: forgotten password)
// bind with the superuser ldap
if (!@ldap_bind($this->con, $this->getConf('binddn'), conf_decodeString($this->getConf('bindpw')))) {
$this->_debug('LDAP bind as superuser: '******'pass']);
// change the password
if (!@ldap_mod_replace($this->con, $dn, array('userpassword' => $hash))) {
$this->_debug('LDAP mod replace failed: ' . htmlspecialchars($dn) . ': ' . htmlspecialchars(ldap_error($this->con)), 0, __LINE__, __FILE__);
return false;
}
return true;
}
