/** * Definition of the function modifyUser in order to modify the password * * @param string $user nick of the user to be changed * @param array $changes array of field/value pairs to be changed (password will be clear text) * @return bool true on success, false on error */ function modifyUser($user, $changes) { // open the connection to the ldap if (!$this->_openLDAP()) { $this->_debug('LDAP cannot connect: ' . htmlspecialchars(ldap_error($this->con)), 0, __LINE__, __FILE__); return false; } // find the information about the user, in particular the "dn" $info = $this->getUserData($user, true); if (empty($info['dn'])) { $this->_debug('LDAP cannot find your user dn', 0, __LINE__, __FILE__); return false; } $dn = $info['dn']; // find the old password of the user list($loginuser, $loginsticky, $loginpass) = auth_getCookie(); if ($loginuser !== null) { // the user is currently logged in $secret = auth_cookiesalt(!$loginsticky, true); $pass = auth_decrypt($loginpass, $secret); // bind with the ldap if (!@ldap_bind($this->con, $dn, $pass)) { $this->_debug('LDAP user bind failed: ' . htmlspecialchars($dn) . ': ' . htmlspecialchars(ldap_error($this->con)), 0, __LINE__, __FILE__); return false; } } elseif ($this->getConf('binddn') && $this->getConf('bindpw')) { // we are changing the password on behalf of the user (eg: forgotten password) // bind with the superuser ldap if (!@ldap_bind($this->con, $this->getConf('binddn'), conf_decodeString($this->getConf('bindpw')))) { $this->_debug('LDAP bind as superuser: '******'pass']); // change the password if (!@ldap_mod_replace($this->con, $dn, array('userpassword' => $hash))) { $this->_debug('LDAP mod replace failed: ' . htmlspecialchars($dn) . ': ' . htmlspecialchars(ldap_error($this->con)), 0, __LINE__, __FILE__); return false; } return true; }