static function ldapLoginUser()
{
global $ui, $config, $message, $smarty;
/* Login as user, initialize user ACL's */
$ui = ldap_login_user(self::$username, self::$password);
if ($ui === NULL || !$ui) {
if (isset($_SERVER['REMOTE_ADDR'])) {
new log('security', 'login', '', array(), 'Authentication failed for user "' . self::$username . '" [from ' . $_SERVER['REMOTE_ADDR'] . ']');
} else {
new log('security', 'login', '', array(), 'Authentication failed for user "' . self::$username . '"');
}
$message = _('Please check the username/password combination.');
$smarty->assign('nextfield', 'password');
return FALSE;
}
return TRUE;
}
} elseif (empty($current_password)) {
$message[] = _("You need to specify your current password in order to proceed.");
} elseif ($new_password != $repeated_password) {
$message[] = _("The passwords you've entered as 'New password' and 'Repeated new password' do not match.");
} elseif ($new_password == "") {
$message[] = _("The password you've entered as 'New password' is empty.");
} elseif ($check_differ && substr($current_password, 0, $differ) == substr($new_password, 0, $differ)) {
$message[] = _("The password used as new and current are too similar.");
} elseif ($check_length && strlen($new_password) < $length) {
$message[] = _("The password used as new is to short.");
} elseif (!passwordMethod::is_harmless($new_password)) {
$message[] = _("The password contains possibly problematic Unicode characters!");
}
// Connect as the given user and load its ACLs
if (!count($message)) {
$ui = ldap_login_user($uid, $current_password);
if ($ui === NULL) {
$message[] = _("Please check the username/password combination!");
} else {
$tmp = new acl($config, NULL, $ui->dn);
$ui->ocMapping = $tmp->ocMapping;
$ui->loadACL();
$acls = $ui->get_permissions($ui->dn, "users/password");
if (!preg_match("/w/i", $acls)) {
$message[] = _("You have no permissions to change your password!");
}
}
}
// Call external check hook to validate the password change
if (!count($message)) {
$attrs = array();
$ldap->cat(get_ou('lockRDN') . get_ou('fusiondirectoryRDN') . $config->current['BASE'], array('dn'));
$attrs = $ldap->fetch();
if (!count($attrs)) {
$ldap->cd($config->current['BASE']);
$ldap->create_missing_trees(get_ou('lockRDN') . get_ou('fusiondirectoryRDN') . $config->current['BASE']);
}
/* Check for valid input */
$username = trim($_POST['username']);
if (!preg_match("/^[@A-Za-z0-9_.-]+\$/", $username)) {
$message = _("Please specify a valid username!");
} elseif (mb_strlen($_POST["password"], 'UTF-8') == 0) {
$message = _("Please specify your password!");
$smarty->assign('nextfield', 'password');
} else {
/* Login as user, initialize user ACL's */
$ui = ldap_login_user($username, $_POST["password"]);
if ($ui === NULL || !$ui) {
$message = _("Please check the username/password combination.");
$smarty->assign('nextfield', 'password');
session::global_set('config', $config);
if (isset($_SERVER['REMOTE_ADDR'])) {
$ip = $_SERVER['REMOTE_ADDR'];
new log("security", "login", "", array(), "Authentication failed for user \"{$username}\" [from {$ip}]");
} else {
new log("security", "login", "", array(), "Authentication failed for user \"{$username}\"");
}
} else {
/* Remove all locks of this user */
del_user_locks($ui->dn);
/* Save userinfo and plugin structure */
session::global_set('ui', $ui);
} elseif (mb_strlen(get_post("password"), 'UTF-8') == 0) {
$message = _("Please specify your password!");
$smarty->assign('nextfield', 'password');
$ok = false;
}
}
if ($ok) {
/* Login as user, initialize user ACL's */
if ($htaccess_authenticated) {
$ui = ldap_login_user_htaccess($username);
if ($ui === NULL || !$ui) {
msg_dialog::display(_("Authentication error"), _("Cannot retrieve user information for HTTP authentication!"), FATAL_ERROR_DIALOG);
exit;
}
} else {
$ui = ldap_login_user($username, get_post("password"));
}
if ($ui === NULL || !$ui) {
$message = _("Please check the username/password combination!");
$smarty->assign('nextfield', 'password');
session::global_set('config', $config);
new log("security", "login", "", array(), "Authentication failed for a user");
} else {
/* Remove all locks of this user */
del_user_locks($ui->dn);
/* Save userinfo and plugin structure */
session::global_set('ui', $ui);
session::global_set('session_cnt', 0);
/* User data and unit tag available, load servers */
$config->load_servers();
/* Let GOsa trigger a new connection for each POST, save
