Context Navigation

source: trunk/preferences/changepassword.php @ 35

Revision 35, 5.6 KB checked in by niltonneto, 17 years ago (diff)
Melhoria na segurança, na parte de alteração de senha.
Property svn:eol-style set to `native` Property svn:executable set to ``*

Line
1	<?php
2	/**************************************************************************\
3	* phpGroupWare - preferences *
4	* http://www.phpgroupware.org *
5	* Written by Joseph Engo <jengo@phpgroupware.org> *
6	* -------------------------------------------- *
7	* This program is free software; you can redistribute it and/or modify it *
8	* under the terms of the GNU General Public License as published by the *
9	* Free Software Foundation; either version 2 of the License, or (at your *
10	* option) any later version. *
11	\**************************************************************************/
12
13
14	$GLOBALS['phpgw_info']['flags'] = array(
15	'noheader' => True,
16	'nonavbar' => True,
17	'currentapp' => 'preferences'
18	);
19
20	include('../header.inc.php');
21
22	$a_passwd = $_POST['a_passwd'];
23	$n_passwd = $_POST['n_passwd'];
24	$n_passwd_2 = $_POST['n_passwd_2'];
25
26	if(!$GLOBALS['phpgw']->acl->check('changepassword', 1) \|\| $_POST['cancel'])
27	{
28	if ($GLOBALS['phpgw_info']['server']['use_https'] == 1)
29	Header('Location: http://' . $_SERVER['HTTP_HOST'] . $GLOBALS['phpgw_info']['server']['webserver_url'] . '/preferences/index.php');
30	else
31	$GLOBALS['phpgw']->redirect_link('/preferences/index.php');
32
33	$GLOBALS['phpgw']->common->phpgw_exit();
34	}
35
36	$GLOBALS['phpgw']->template->set_file(array(
37	'form' => 'changepassword.tpl'
38	));
39	$GLOBALS['phpgw']->template->set_var('lang_enter_actual_password',lang('Enter your actual password'));
40	$GLOBALS['phpgw']->template->set_var('lang_enter_password',lang('Enter your new password'));
41	$GLOBALS['phpgw']->template->set_var('lang_reenter_password',lang('Re-enter your password'));
42	$GLOBALS['phpgw']->template->set_var('lang_change',lang('Change'));
43	$GLOBALS['phpgw']->template->set_var('lang_cancel',lang('Cancel'));
44	$GLOBALS['phpgw']->template->set_var('form_action',$GLOBALS['phpgw']->link('/preferences/changepassword.php'));
45
46	if ($GLOBALS['phpgw_info']['server']['auth_type'] != 'ldap')
47	{
48	$GLOBALS['phpgw']->template->set_var('sql_message',lang('note: This feature does not change your email password. This will '
49	. 'need to be done manually.'));
50	}
51
52	if ($_POST['change'])
53	{
54	// Default number of letters = 3
55	if (!$GLOBALS['phpgw_info']['server']['num_letters_userpass'])
56	$GLOBALS['phpgw_info']['server']['num_letters_userpass'] = 3;
57	// Default number of special letters = 0
58	if (!$GLOBALS['phpgw_info']['server']['num_special_letters_userpass'])
59	$GLOBALS['phpgw_info']['server']['num_special_letters_userpass'] = 0;
60	if (! $GLOBALS['phpgw']->auth->authenticate($GLOBALS['phpgw_info']['user']['account_lid'], $a_passwd))
61	{
62	$errors[] = lang('Your actual password is wrong');
63	}
64	else if ($n_passwd != $n_passwd_2)
65	{
66	$errors[] = lang('The two passwords are not the same');
67	}
68	else if (! $n_passwd)
69	{
70	$errors[] = lang('You must enter a password');
71	}
72	else if ( strlen( $n_passwd ) < $GLOBALS['phpgw_info']['server']['num_letters_userpass'] )
73	{
74	$errors[] = lang('Your password must contain %1 or more letters', $GLOBALS['phpgw_info']['server']['num_letters_userpass']);
75	}
76	# password that start with a-Z or 0-9 and contain _.-!@#$%&*+=\| will be accepted.
77	else if (! ereg ("(^[a-zA-Z0-9_.\-\!@#$%&+=\|])$", $n_passwd ) )
78	{
79	$errors[] = lang('Your password contains characters not allowed');
80	}
81	# password must contain 2 special letters, numbers or special characters
82	else if ($GLOBALS['phpgw_info']['server']['num_special_letters_userpass'] && ! ereg ("([0-9_.\-!@#$%&*+=\|]){".$GLOBALS['phpgw_info']['server']['num_special_letters_userpass'].",}", $n_passwd ) )
83	{
84	$errors[] = lang('Your password must contain at least %1 numbers or characters special', $GLOBALS['phpgw_info']['server']['num_special_letters_userpass']);
85	}
86
87	if(is_array($errors))
88	{
89	$GLOBALS['phpgw']->common->phpgw_header();
90	echo parse_navbar();
91	$GLOBALS['phpgw']->template->set_var('messages',$GLOBALS['phpgw']->common->error_list($errors));
92	$GLOBALS['phpgw']->template->pfp('out','form');
93	$GLOBALS['phpgw']->common->phpgw_exit(True);
94	}
95
96	$o_passwd = $GLOBALS['phpgw_info']['user']['passwd'];
97	$passwd_changed = $GLOBALS['phpgw']->auth->change_password($o_passwd, $n_passwd);
98	if(!$passwd_changed)
99	{
100	$errors[] = lang('Failed to change password. Please contact your administrator.');
101	$GLOBALS['phpgw']->common->phpgw_header();
102	echo parse_navbar();
103	$GLOBALS['phpgw']->template->set_var('messages',$GLOBALS['phpgw']->common->error_list($errors));
104	$GLOBALS['phpgw']->template->pfp('out','form');
105	$GLOBALS['phpgw']->common->phpgw_exit(True);
106	}
107	else
108	{
109	$GLOBALS['phpgw_info']['user']['passwd'] = $GLOBALS['phpgw']->auth->change_password($o_passwd, $n_passwd);
110	$GLOBALS['hook_values']['account_id'] = $GLOBALS['phpgw_info']['user']['account_id'];
111	$GLOBALS['hook_values']['old_passwd'] = $o_passwd;
112	$GLOBALS['hook_values']['new_passwd'] = $n_passwd;
113	$GLOBALS['phpgw']->hooks->process('changepassword');
114
115	if ($GLOBALS['phpgw_info']['server']['use_https'] == 1)
116	Header('Location: http://' . $_SERVER['HTTP_HOST'] . $GLOBALS['phpgw_info']['server']['webserver_url'] . '/preferences/index.php');
117	else
118	$GLOBALS['phpgw']->redirect_link('/preferences/index.php','cd=18');
119	}
120	}
121	else
122	{
123	$GLOBALS['phpgw_info']['flags']['app_header'] = lang('Change your password');
124	$GLOBALS['phpgw']->common->phpgw_header();
125	echo parse_navbar();
126
127	$GLOBALS['phpgw']->template->pfp('out','form');
128	$GLOBALS['phpgw']->common->phpgw_footer();
129	}
130	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: