static function ldapLoginUser() { global $ui, $config, $message, $smarty; /* Login as user, initialize user ACL's */ $ui = ldap_login_user(self::$username, self::$password); if ($ui === NULL || !$ui) { if (isset($_SERVER['REMOTE_ADDR'])) { new log('security', 'login', '', array(), 'Authentication failed for user "' . self::$username . '" [from ' . $_SERVER['REMOTE_ADDR'] . ']'); } else { new log('security', 'login', '', array(), 'Authentication failed for user "' . self::$username . '"'); } $message = _('Please check the username/password combination.'); $smarty->assign('nextfield', 'password'); return FALSE; } return TRUE; }
} elseif (empty($current_password)) { $message[] = _("You need to specify your current password in order to proceed."); } elseif ($new_password != $repeated_password) { $message[] = _("The passwords you've entered as 'New password' and 'Repeated new password' do not match."); } elseif ($new_password == "") { $message[] = _("The password you've entered as 'New password' is empty."); } elseif ($check_differ && substr($current_password, 0, $differ) == substr($new_password, 0, $differ)) { $message[] = _("The password used as new and current are too similar."); } elseif ($check_length && strlen($new_password) < $length) { $message[] = _("The password used as new is to short."); } elseif (!passwordMethod::is_harmless($new_password)) { $message[] = _("The password contains possibly problematic Unicode characters!"); } // Connect as the given user and load its ACLs if (!count($message)) { $ui = ldap_login_user($uid, $current_password); if ($ui === NULL) { $message[] = _("Please check the username/password combination!"); } else { $tmp = new acl($config, NULL, $ui->dn); $ui->ocMapping = $tmp->ocMapping; $ui->loadACL(); $acls = $ui->get_permissions($ui->dn, "users/password"); if (!preg_match("/w/i", $acls)) { $message[] = _("You have no permissions to change your password!"); } } } // Call external check hook to validate the password change if (!count($message)) { $attrs = array();
$ldap->cat(get_ou('lockRDN') . get_ou('fusiondirectoryRDN') . $config->current['BASE'], array('dn')); $attrs = $ldap->fetch(); if (!count($attrs)) { $ldap->cd($config->current['BASE']); $ldap->create_missing_trees(get_ou('lockRDN') . get_ou('fusiondirectoryRDN') . $config->current['BASE']); } /* Check for valid input */ $username = trim($_POST['username']); if (!preg_match("/^[@A-Za-z0-9_.-]+\$/", $username)) { $message = _("Please specify a valid username!"); } elseif (mb_strlen($_POST["password"], 'UTF-8') == 0) { $message = _("Please specify your password!"); $smarty->assign('nextfield', 'password'); } else { /* Login as user, initialize user ACL's */ $ui = ldap_login_user($username, $_POST["password"]); if ($ui === NULL || !$ui) { $message = _("Please check the username/password combination."); $smarty->assign('nextfield', 'password'); session::global_set('config', $config); if (isset($_SERVER['REMOTE_ADDR'])) { $ip = $_SERVER['REMOTE_ADDR']; new log("security", "login", "", array(), "Authentication failed for user \"{$username}\" [from {$ip}]"); } else { new log("security", "login", "", array(), "Authentication failed for user \"{$username}\""); } } else { /* Remove all locks of this user */ del_user_locks($ui->dn); /* Save userinfo and plugin structure */ session::global_set('ui', $ui);
} elseif (mb_strlen(get_post("password"), 'UTF-8') == 0) { $message = _("Please specify your password!"); $smarty->assign('nextfield', 'password'); $ok = false; } } if ($ok) { /* Login as user, initialize user ACL's */ if ($htaccess_authenticated) { $ui = ldap_login_user_htaccess($username); if ($ui === NULL || !$ui) { msg_dialog::display(_("Authentication error"), _("Cannot retrieve user information for HTTP authentication!"), FATAL_ERROR_DIALOG); exit; } } else { $ui = ldap_login_user($username, get_post("password")); } if ($ui === NULL || !$ui) { $message = _("Please check the username/password combination!"); $smarty->assign('nextfield', 'password'); session::global_set('config', $config); new log("security", "login", "", array(), "Authentication failed for a user"); } else { /* Remove all locks of this user */ del_user_locks($ui->dn); /* Save userinfo and plugin structure */ session::global_set('ui', $ui); session::global_set('session_cnt', 0); /* User data and unit tag available, load servers */ $config->load_servers(); /* Let GOsa trigger a new connection for each POST, save