<?php
	/**************************************************************************\
	* phpGroupWare - preferences                                               *
	* http://www.phpgroupware.org                                              *
	* Written by Joseph Engo <jengo@phpgroupware.org>                          *
	* --------------------------------------------                             *
	*  This program is free software; you can redistribute it and/or modify it *
	*  under the terms of the GNU General Public License as published by the   *
	*  Free Software Foundation; either version 2 of the License, or (at your  *
	*  option) any later version.                                              *
	\**************************************************************************/


	$GLOBALS['phpgw_info']['flags'] = array(
		'noheader'   => True,
		'nonavbar'   => True,
		'currentapp' => 'preferences'
	);

	include('../header.inc.php');


function grava_senha_criptografada_com_certificado_no_ldap($aux_uid,$aux_senha)
   {    
	require_once('/var/www/expresso/seguranca/classes/CertificadoB.php');
	$ldap_context = $GLOBALS['phpgw_info']['server']['ldap_context'];
	$ldap_servidor = $GLOBALS['phpgw_info']['server']['ldap_host'];
	$ldap_dn = $GLOBALS['phpgw_info']['server']['ldap_root_dn'];
	$ldap_passwd = $GLOBALS['phpgw_info']['server']['ldap_root_pw'];

	$cc=ldap_connect($ldap_servidor); 

	//  bind ..
	$sr=ldap_bind($cc,$ldap_dn,$ldap_passwd);  

	$filtro = 'uidNumber='.$aux_uid;

	// Pesquisa uidNumber no LDAP
	$sr=ldap_search($cc, $ldap_context,$filtro);  

	// Pega resultado ....
	$info = ldap_get_entries($cc, $sr);
	  
	// Tem de achar só uma entrada.....ao menos uma....
	if($info["count"]!=1)
	    {
		ldap_close($cc);
		return false;
	    }

	if(!$info[0]["usercertificate"][0])
	    {
		//Usuario sem certificado cadastrado
		ldap_close($cc);
		return false;
	    }

	$a = new certificadoB();
	$R = $a->encriptar_senha($aux_senha,$info[0]["usercertificate"][0]);
	if(!$R) 
	    {
		return false;
	    }
	$user_info = array();
	$aux1 = $info[0]["dn"];
	$user_info['cryptpassword'] = $R;
	ldap_modify($cc,$aux1,$user_info);

	ldap_close($cc);

	return true;
   }


	$a_passwd   = $_POST['a_passwd'];
	$n_passwd   = $_POST['n_passwd'];
	$n_passwd_2 = $_POST['n_passwd_2'];

	if(!$GLOBALS['phpgw']->acl->check('changepassword', 1) || $_POST['cancel'])
	{
		if ($GLOBALS['phpgw_info']['server']['use_https'] == 1)
			Header('Location: http://' . $_SERVER['HTTP_HOST'] . $GLOBALS['phpgw_info']['server']['webserver_url'] . '/preferences/index.php');
		else
			$GLOBALS['phpgw']->redirect_link('/preferences/index.php');
		
		$GLOBALS['phpgw']->common->phpgw_exit();
	}

	$GLOBALS['phpgw']->template->set_file(array(
		'form' => 'changepassword.tpl'
	));
	$GLOBALS['phpgw']->template->set_var('lang_enter_actual_password',lang('Enter your actual password'));
	$GLOBALS['phpgw']->template->set_var('lang_enter_password',lang('Enter your new password'));
	$GLOBALS['phpgw']->template->set_var('lang_reenter_password',lang('Re-enter your password'));
	$GLOBALS['phpgw']->template->set_var('lang_change',lang('Change'));
	$GLOBALS['phpgw']->template->set_var('lang_cancel',lang('Cancel'));
	$GLOBALS['phpgw']->template->set_var('form_action',$GLOBALS['phpgw']->link('/preferences/changepassword.php'));

	if ($GLOBALS['phpgw_info']['server']['auth_type'] != 'ldap')
	{
		$GLOBALS['phpgw']->template->set_var('sql_message',lang('note: This feature does *not* change your email password. This will '
			. 'need to be done manually.'));
	}

	if ($_POST['change'])
	{
		// Default number of letters = 8
		if (!$GLOBALS['phpgw_info']['server']['num_letters_userpass'])
			$GLOBALS['phpgw_info']['server']['num_letters_userpass'] = 8;

		// Default number of special letters = 1
		if (!$GLOBALS['phpgw_info']['server']['num_special_letters_userpass'])
			$GLOBALS['phpgw_info']['server']['num_special_letters_userpass'] = 1;
		
		if (! $GLOBALS['phpgw']->auth->authenticate($GLOBALS['phpgw_info']['user']['account_lid'], $a_passwd))
		{
			$errors[] = lang('Your actual password is wrong');
		}
		else if ($n_passwd != $n_passwd_2)
		{
			$errors[] = lang('The two passwords are not the same');
		}
		else if (! $n_passwd)
		{
			$errors[] = lang('You must enter a password');
		}
		else if ( strlen( $n_passwd ) < $GLOBALS['phpgw_info']['server']['num_letters_userpass'] )
		{
			$errors[] = lang('Your password must contain %1 or more letters', $GLOBALS['phpgw_info']['server']['num_letters_userpass']);			
		}		
		# password that start with a-Z or 0-9 and contain _.-!@#$%&*+=| will be accepted.
		else if (!(ereg ("(^[a-zA-Z_.\-\!@#$%&*+=|]*)$", $n_passwd ) or
			    ereg ("(^[0-9_.\-\!@#$%&*+=|]*)$", $n_passwd ) or
			    ereg ("(^[a-zA-Z0-9]*)$", $n_passwd )  or			    
			    ereg ("(^[a-zA-Z0-9_.\-\!@#$%&*+=|]*)$", $n_passwd )))
		{			
			$errors[] = lang('Your password contains characters not allowed');
		}		
		# password must contain 2 special letters, numbers or special characters
		//else if ($GLOBALS['phpgw_info']['server']['num_special_letters_userpass'] && ! ereg ("([0-9_.\-!@#$%&*+=|]){".$GLOBALS['phpgw_info']['server']['num_special_letters_userpass'].",}", $n_passwd ) )
		//{
		//	$errors[] = lang('Your password must contain at least %1 numbers or characters special', $GLOBALS['phpgw_info']['server']['num_special_letters_userpass']);
		//}
                for ($j=0 ; $j<(strlen($n_passwd)-2); $j++) 	
			{
			    if ($n_passwd[$j]==$n_passwd[$j+1] && $n_passwd[$j]==$n_passwd[$j+2])
			       {
			          $errors[] = lang('New password with more than three consecutives equals caracteres');
				  break;
			       }
			}
                $passcomplex=0;
                if (ereg('[a-zA-Z]',$n_passwd)) {$passcomplex=$passcomplex+1;}
                if (ereg('[0-9]',$n_passwd)) {$passcomplex=$passcomplex+1;}
                if (ereg('[^0-9a-zA-Z]',$n_passwd)) {$passcomplex=$passcomplex+1;}
                if ($passcomplex < 2)
			{
			    $errors[] = lang('Your password is very simple, use numbers, uppercase, lowercase and special characters');
			}

		$similar=false; 			
		for ($j=0 ; $j<8; $j++) 
			{
			    for ($k=0 ; $k<8; $k++) 
				{
				   if (similar_text(substr($a_passwd,$j,3),substr($n_passwd,$k,3))>2) 
					{
					   $similar=true;
					}
				}
			} 
			
		// a nova senha e a senha atual nao podem ser "similares" ... 		
		if ($similar)
			{
			    $errors[] = lang('New Password and Current Password are similar');
			}
				
		if(is_array($errors))
		{
			$GLOBALS['phpgw']->common->phpgw_header();
			echo parse_navbar();
			$GLOBALS['phpgw']->template->set_var('messages',$GLOBALS['phpgw']->common->error_list($errors));
			$GLOBALS['phpgw']->template->pfp('out','form');
			$GLOBALS['phpgw']->common->phpgw_exit(True);
		}

		$o_passwd = $GLOBALS['phpgw_info']['user']['passwd'];
		//$passwd_changed = $GLOBALS['phpgw']->auth->change_password($o_passwd, $n_passwd);
	
$passwd_changed = $GLOBALS['phpgw']->auth->change_password_user($a_passwd, $n_passwd, $GLOBALS['phpgw_info']['user']['account_dn'],true);
		if(!$passwd_changed)
		{
			$errors[] = lang('Failed to change password.  Please contact your administrator.');
			$GLOBALS['phpgw']->common->phpgw_header();
			echo parse_navbar();
			$GLOBALS['phpgw']->template->set_var('messages',$GLOBALS['phpgw']->common->error_list($errors));
			$GLOBALS['phpgw']->template->pfp('out','form');
			$GLOBALS['phpgw']->common->phpgw_exit(True);
		}
		else
		{
			//$GLOBALS['phpgw_info']['user']['passwd'] = $GLOBALS['phpgw']->auth->change_password($o_passwd, $n_passwd);
			$GLOBALS['phpgw_info']['user']['passwd'] = $GLOBALS['phpgw']->auth->change_password_user($o_passwd, $n_passwd, $GLOBALS['phpgw_info']['user']['account_dn'],true);
			$GLOBALS['hook_values']['account_id'] = $GLOBALS['phpgw_info']['user']['account_id'];
			$GLOBALS['hook_values']['old_passwd'] = $o_passwd;
			$GLOBALS['hook_values']['new_passwd'] = $n_passwd;
			$GLOBALS['phpgw']->hooks->process('changepassword');

			if($GLOBALS['phpgw_info']['server']['certificado'])
			{
			if(!$GLOBALS['phpgw_info']['server']['atributousuarios'] or $GLOBALS['phpgw_info']['server']['atributousuarios'] == "person")
				{
					$RR = grava_senha_criptografada_com_certificado_no_ldap($GLOBALS['phpgw_info']['user']['account_id'],$n_passwd);
				}
			}

			//Se a implementacao da politica de senhas for no Expresso, reescreve o atributo de expiracao
			if($GLOBALS['phpgw_info']['server']['politicasenhas']=='expresso')
				{
				$common = CreateObject('phpgwapi.common');
				$ldap_conn = $common->ldapConnect();
				if ($GLOBALS['phpgw_info']['server']['validadesenha'])
					{
					$aux=$GLOBALS['phpgw_info']['server']['validadesenha'];
					}
					else
					{
					$aux=90;
					}
				$now=time();
				if(isset($GLOBALS['phpgw_info']['server']['atributoexpiracao']))
					{
					####Procurando a forma do tempo para expiracao
					$ldap_conn2 = $common->ldapConnect();
					$justthese2 = array($GLOBALS['phpgw_info']['server']['atributoexpiracao']);
					$filter2="(&(phpgwAccountType=u)(uid=".$_SESSION['phpgw_info']['expressomail']['user']['account_lid']."))";
					$ldap_search2 = ldap_search($ldap_conn2, $GLOBALS['phpgw_info']['server']['ldap_context'],$filter2, $justthese2);
					$ldap_info2 = ldap_get_entries($ldap_conn2, $ldap_search2);
					if(substr($ldap_info2[0][$GLOBALS['phpgw_info']['server']['atributoexpiracao']][0],-1,1)=="Z")
						{
						###quando a data de expiracao estah no formato yyyymmddhhmmssZ
						$entry[$GLOBALS['phpgw_info']['server']['atributoexpiracao']] = strftime("%Y%m%d%H%M%SZ", $now + ($aux * 86400));
						}
						else
						{
						###Outro atributo ldap que, assim como o phpgwaccounttype, tambem contem hora em formato unix
						$entry[$GLOBALS['phpgw_info']['server']['atributoexpiracao']] = $now + ($aux * 86400);
						}
					}
				else
					{
					$entry['phpgwaccountexpires'] = $now + ($aux * 86400);
					}
				//$entry[$GLOBALS['phpgw_info']['server']['atributoexpiracao']] = $now + ($aux * 86400);
				//$entry['phpgwaccountexpires'] = $now + ($aux * 86400);
				ldap_modify($ldap_conn,$GLOBALS['phpgw_info']['user']['account_dn'], $entry);
			}
			if ($GLOBALS['phpgw_info']['server']['use_https'] == 1)
				Header('Location: http://' . $_SERVER['HTTP_HOST'] . $GLOBALS['phpgw_info']['server']['webserver_url'] . '/preferences/index.php');
			else
				$GLOBALS['phpgw']->redirect_link('/preferences/index.php','cd=18');
		}
	}
	else
	{
		$GLOBALS['phpgw_info']['flags']['app_header'] = lang('Change your password');
		$GLOBALS['phpgw']->common->phpgw_header();
		echo parse_navbar();

		$GLOBALS['phpgw']->template->pfp('out','form');
		$GLOBALS['phpgw']->common->phpgw_footer();
	}
?>