mirror of
https://github.com/lucaspalomodevelop/core.git
synced 2026-03-15 00:54:41 +00:00
system: allow random password reset; closes #1351
This commit is contained in:
Franco Fichtner
parent
f494289929
commit
66d982fd16
@ -497,10 +497,16 @@ function local_user_del($user)
|
||||
local_group_del_user($user);
|
||||
}
|
||||
|
||||
function local_user_set_password(&$user, $password)
|
||||
function local_user_set_password(&$user, $password = null)
|
||||
{
|
||||
$cost = 10;
|
||||
|
||||
if ($password == null) {
|
||||
/* generate a random password */
|
||||
$bytes = openssl_random_pseudo_bytes(50);
|
||||
$password = pack('H*',bin2hex($bytes));
|
||||
}
|
||||
|
||||
$hash = password_hash($password, PASSWORD_BCRYPT, [ 'cost' => $cost ]);
|
||||
if ($hash !== false) {
|
||||
/*
|
||||
|
||||
@ -232,8 +232,13 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
|
||||
$input_errors[] = gettext("The username is longer than 16 characters.");
|
||||
}
|
||||
|
||||
if (($pconfig['passwordfld1']) && ($pconfig['passwordfld1'] != $pconfig['passwordfld2'])) {
|
||||
$input_errors[] = gettext("The passwords do not match.");
|
||||
if (!empty($pconfig['passwordfld1'])) {
|
||||
if ($pconfig['passwordfld1'] != $pconfig['passwordfld2']) {
|
||||
$input_errors[] = gettext('The passwords do not match.');
|
||||
}
|
||||
if (!empty($pconfig['gen_new_password'])) {
|
||||
$input_errors[] = gettext('Cannot set random password due to explicit input.');
|
||||
}
|
||||
}
|
||||
|
||||
if (!empty($pconfig['disabled']) && $_SESSION['Username'] === $a_user[$id]['name']) {
|
||||
@ -305,6 +310,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
|
||||
/* the user password was modified */
|
||||
if (!empty($pconfig['passwordfld1'])) {
|
||||
local_user_set_password($userent, $pconfig['passwordfld1']);
|
||||
} elseif (!empty($pconfig['gen_new_password'])) {
|
||||
local_user_set_password($userent);
|
||||
}
|
||||
|
||||
isset($pconfig['scope']) ? $userent['scope'] = $pconfig['scope'] : $userent['scope'] = "system";
|
||||
@ -572,8 +579,9 @@ $( document ).ready(function() {
|
||||
<td><i class="fa fa-info-circle text-muted"></i> <?=gettext("Password");?></td>
|
||||
<td>
|
||||
<input name="passwordfld1" type="password" class="formfld pwd" id="passwordfld1" size="20" value="" /><br/>
|
||||
<input name="passwordfld2" type="password" class="formfld pwd" id="passwordfld2" size="20" value="" />
|
||||
<small><?= gettext("(confirmation)"); ?></small>
|
||||
<input name="passwordfld2" type="password" class="formfld pwd" id="passwordfld2" size="20" value="" />
|
||||
<small><?= gettext("(confirmation)"); ?></small><br/><br/>
|
||||
<input type="checkbox" name="gen_new_password"/> <small><?=gettext('Generate new random password') ?></small>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
@ -822,7 +830,7 @@ $( document ).ready(function() {
|
||||
<td><a id="help_for_otp_seed" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("OTP seed");?></td>
|
||||
<td>
|
||||
<input name="otp_seed" type="text" value="<?=$pconfig['otp_seed'];?>"/>
|
||||
<input type="checkbox" name="gen_otp_seed"/> <small><?=gettext("generate new (160bit) secret");?></small>
|
||||
<input type="checkbox" name="gen_otp_seed"/> <small><?= gettext('Generate new secret (160 bit)') ?></small>
|
||||
<div class="hidden" for="help_for_otp_seed">
|
||||
<?=gettext("OTP (base32) seed to use when a one time password authenticator is used");?><br/>
|
||||
<?php
|
||||
|
||||
@ -30,13 +30,10 @@
|
||||
require_once("guiconfig.inc");
|
||||
require_once("auth.inc");
|
||||
|
||||
function add_local_user($username, $userdn, $userfullname) {
|
||||
function add_local_user($username, $userdn, $userfullname)
|
||||
{
|
||||
global $config;
|
||||
|
||||
// generate new random user_password
|
||||
$bytes = openssl_random_pseudo_bytes(50);
|
||||
$user_password = pack('H*',bin2hex($bytes));
|
||||
|
||||
foreach ($config['system']['user'] as &$user) {
|
||||
if ($user['name'] == $username && $user['name'] != 'root') {
|
||||
// link local user to remote server by updating user_dn
|
||||
@ -44,7 +41,7 @@ function add_local_user($username, $userdn, $userfullname) {
|
||||
// trash user password when linking to ldap, avoid accidental login
|
||||
// using fall-back local password. User could still reset it's
|
||||
// local password, but only by choice.
|
||||
local_user_set_password($user, $user_password);
|
||||
local_user_set_password($user);
|
||||
local_user_set($user);
|
||||
return;
|
||||
}
|
||||
@ -55,7 +52,7 @@ function add_local_user($username, $userdn, $userfullname) {
|
||||
$new_user['name'] = $username;
|
||||
$new_user['user_dn'] = $userdn;
|
||||
$new_user['descr'] = $userfullname;
|
||||
local_user_set_password($new_user, $user_password);
|
||||
local_user_set_password($new_user);
|
||||
$new_user['uid'] = $config['system']['nextuid']++;
|
||||
$config['system']['user'][] = $new_user;
|
||||
local_user_set($new_user);
|
||||
|
||||
@ -35,8 +35,8 @@ if (isset($_POST['save'])) {
|
||||
$input_errors = array();
|
||||
/* input validation */
|
||||
|
||||
$reqdfields = explode(" ", "passwordfld0 passwordfld1 passwordfld2");
|
||||
$reqdfieldsn = array(gettext("Password"));
|
||||
$reqdfields = explode(' ', 'passwordfld0 passwordfld1');
|
||||
$reqdfieldsn = array(gettext('Old password'), gettext('New password'));
|
||||
do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
|
||||
|
||||
if ($_POST['passwordfld1'] != $_POST['passwordfld2'] ||
|
||||
@ -49,6 +49,7 @@ if (isset($_POST['save'])) {
|
||||
foreach ($config['system']['user'] as $user) {
|
||||
if ($user['name'] == $username) {
|
||||
$userFound = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
@ -57,7 +58,6 @@ if (isset($_POST['save'])) {
|
||||
}
|
||||
|
||||
if (count($input_errors) == 0) {
|
||||
// all values are okay --> saving changes
|
||||
local_user_set_password($config['system']['user'][$userindex[$username]], $_POST['passwordfld1']);
|
||||
local_user_set($config['system']['user'][$userindex[$username]]);
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user