| 35 |
35 |
$logging_level = LOG_WARNING;
|
| 36 |
36 |
$logging_prefix = gettext("Local User Database");
|
| 37 |
37 |
|
| 38 |
|
$pgtitle = array(gettext("System"), gettext("User Password"));
|
|
38 |
$pgtitle = array(gettext("System"), gettext("User Password Manager"));
|
|
39 |
|
|
40 |
$password_extra_help = sprintf(gettext('%1$sThe password cannot be identical to the username.'), '<br/>');
|
|
41 |
|
|
42 |
unset($input_errors);
|
|
43 |
$input_errors = [];
|
|
44 |
|
|
45 |
phpsession_begin();
|
|
46 |
$guiuser = getUserEntry($_SESSION['Username']);
|
|
47 |
$read_only = (is_array($guiuser) && userHasPrivilege($guiuser, "user-config-readonly"));
|
|
48 |
/* Determine if the current user authenticated locally */
|
|
49 |
$islocal = false;
|
|
50 |
foreach (config_get_path('system/user', []) as $user) {
|
|
51 |
if ($user['name'] == $_SESSION['Username']) {
|
|
52 |
$islocal = true;
|
|
53 |
}
|
|
54 |
}
|
|
55 |
phpsession_end(true);
|
| 39 |
56 |
|
| 40 |
57 |
if (isset($_POST['save'])) {
|
| 41 |
|
unset($input_errors);
|
| 42 |
|
/* input validation */
|
|
58 |
/* Input validation */
|
|
59 |
if (!$islocal) {
|
|
60 |
$input_errors[] = gettext("This page cannot change passwords for non-local users.");
|
|
61 |
}
|
|
62 |
if ($read_only) {
|
|
63 |
$input_errors[] = gettext("The current user is read-only and cannot change the configuration.");
|
|
64 |
}
|
| 43 |
65 |
|
| 44 |
66 |
$reqdfields = explode(" ", "passwordfld1");
|
| 45 |
67 |
$reqdfieldsn = array(gettext("Password"));
|
| ... | ... | |
| 53 |
75 |
$input_errors[] = gettext("Could not locate this user.");
|
| 54 |
76 |
}
|
| 55 |
77 |
|
|
78 |
$input_errors = array_merge($input_errors, validate_password($_SESSION['Username'], $_POST['passwordfld1']));
|
|
79 |
|
| 56 |
80 |
if (!$input_errors) {
|
| 57 |
81 |
phpsession_begin();
|
| 58 |
|
// all values are okay --> saving changes
|
|
82 |
// Save changes to the current user
|
| 59 |
83 |
$userent =& $config['system']['user'][$userindex[$_SESSION['Username']]];
|
| 60 |
84 |
local_user_set_password($userent, $_POST['passwordfld1']);
|
| 61 |
85 |
local_user_set($userent);
|
| ... | ... | |
| 68 |
92 |
}
|
| 69 |
93 |
}
|
| 70 |
94 |
|
| 71 |
|
phpsession_begin();
|
| 72 |
|
|
| 73 |
|
/* determine if user is not local to system */
|
| 74 |
|
$islocal = false;
|
| 75 |
|
foreach (config_get_path('system/user', []) as $user) {
|
| 76 |
|
if ($user['name'] == $_SESSION['Username']) {
|
| 77 |
|
$islocal = true;
|
| 78 |
|
}
|
| 79 |
|
}
|
| 80 |
|
|
| 81 |
|
phpsession_end(true);
|
| 82 |
|
|
| 83 |
95 |
include("head.inc");
|
| 84 |
96 |
|
| 85 |
97 |
if ($input_errors) {
|
| 86 |
98 |
print_input_errors($input_errors);
|
| 87 |
99 |
}
|
| 88 |
100 |
|
|
101 |
if (!$islocal) {
|
|
102 |
print_info_box(gettext("This page cannot change passwords for non-local users."), 'danger');
|
|
103 |
}
|
|
104 |
if ($read_only) {
|
|
105 |
print_info_box(gettext("The current user is read-only and cannot change the configuration."), 'danger');
|
|
106 |
}
|
|
107 |
|
| 89 |
108 |
if ($savemsg) {
|
| 90 |
109 |
print_info_box($savemsg, 'success');
|
| 91 |
110 |
}
|
| 92 |
111 |
|
| 93 |
112 |
$tab_array = array();
|
| 94 |
|
$tab_array[] = array(gettext("User Password"), true, "system_usermanager_passwordmg.php");
|
|
113 |
$tab_array[] = array(gettext("Change Password"), true, "system_usermanager_passwordmg.php");
|
| 95 |
114 |
$tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php");
|
| 96 |
115 |
$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
|
| 97 |
116 |
$tab_array[] = array(gettext("Authentication Servers"), false, "system_authservers.php");
|
| 98 |
117 |
display_top_tabs($tab_array);
|
| 99 |
118 |
|
| 100 |
|
if ($islocal == false) {
|
| 101 |
|
echo gettext("The password cannot be changed for a non-local user.");
|
| 102 |
|
include("foot.inc");
|
| 103 |
|
exit;
|
| 104 |
|
}
|
| 105 |
|
|
| 106 |
119 |
$form = new Form();
|
| 107 |
120 |
|
| 108 |
|
$section = new Form_Section('Update Password');
|
|
121 |
$section = new Form_Section('Change Password');
|
| 109 |
122 |
|
| 110 |
|
$section->addInput(new Form_Input(
|
| 111 |
|
'passwordfld1',
|
| 112 |
|
'*Password',
|
| 113 |
|
'password',
|
| 114 |
|
null,
|
| 115 |
|
['autocomplete' => 'new-password']
|
|
123 |
$section->addInput(new Form_StaticText(
|
|
124 |
'',
|
|
125 |
'This page changes the password for the current user in the local configuration. ' .
|
|
126 |
'This affects all services which utilize the Local Authentication database ' .
|
|
127 |
'(User Manager).' .
|
|
128 |
'<br/><br/>' .
|
|
129 |
'This page cannot change passwords for users from other authentication ' .
|
|
130 |
'sources such as LDAP or RADIUS.'
|
| 116 |
131 |
));
|
| 117 |
132 |
|
| 118 |
|
$section->addInput(new Form_Input(
|
| 119 |
|
'passwordfld2',
|
| 120 |
|
'*Confirmation',
|
| 121 |
|
'password',
|
| 122 |
|
null,
|
| 123 |
|
['autocomplete' => 'new-password']
|
| 124 |
|
))->setHelp('Select a new password');
|
|
133 |
/* Only display password change fields for local users. */
|
|
134 |
if ($islocal &&
|
|
135 |
!$read_only) {
|
|
136 |
$section->addInput(new Form_StaticText(
|
|
137 |
'Database',
|
|
138 |
'Local Authentication'
|
|
139 |
));
|
|
140 |
|
|
141 |
$section->addInput(new Form_StaticText(
|
|
142 |
'Username',
|
|
143 |
$_SESSION['Username']
|
|
144 |
));
|
|
145 |
|
|
146 |
$section->addInput(new Form_Input(
|
|
147 |
'passwordfld1',
|
|
148 |
'*Password',
|
|
149 |
'password',
|
|
150 |
null,
|
|
151 |
['autocomplete' => 'new-password']
|
|
152 |
))->setHelp('Enter a new password.' .
|
|
153 |
'%1$s%1$s' .
|
|
154 |
'Hints:%1$s' .
|
|
155 |
'Current NIST guidelines prioritize password length over complexity.' .
|
|
156 |
' %2$s', '<br/>', $password_extra_help);
|
|
157 |
|
|
158 |
$section->addInput(new Form_Input(
|
|
159 |
'passwordfld2',
|
|
160 |
'*Confirmation',
|
|
161 |
'password',
|
|
162 |
null,
|
|
163 |
['autocomplete' => 'new-password']
|
|
164 |
))->setHelp('Type the new password again for confirmation.');
|
|
165 |
}
|
| 125 |
166 |
|
| 126 |
167 |
$form->add($section);
|
| 127 |
168 |
print($form);
|
Added by Jim Pingle over 1 year ago
Password management changes. Part of issue #15266
and to handle password validation.