35 |
35 |
$logging_level = LOG_WARNING;
|
36 |
36 |
$logging_prefix = gettext("Local User Database");
|
37 |
37 |
|
38 |
|
$pgtitle = array(gettext("System"), gettext("User Password"));
|
|
38 |
$pgtitle = array(gettext("System"), gettext("User Password Manager"));
|
|
39 |
|
|
40 |
$password_extra_help = sprintf(gettext('%1$sThe password cannot be identical to the username.'), '<br/>');
|
|
41 |
|
|
42 |
unset($input_errors);
|
|
43 |
$input_errors = [];
|
|
44 |
|
|
45 |
phpsession_begin();
|
|
46 |
$guiuser = getUserEntry($_SESSION['Username']);
|
|
47 |
$read_only = (is_array($guiuser) && userHasPrivilege($guiuser, "user-config-readonly"));
|
|
48 |
/* Determine if the current user authenticated locally */
|
|
49 |
$islocal = false;
|
|
50 |
foreach (config_get_path('system/user', []) as $user) {
|
|
51 |
if ($user['name'] == $_SESSION['Username']) {
|
|
52 |
$islocal = true;
|
|
53 |
}
|
|
54 |
}
|
|
55 |
phpsession_end(true);
|
39 |
56 |
|
40 |
57 |
if (isset($_POST['save'])) {
|
41 |
|
unset($input_errors);
|
42 |
|
/* input validation */
|
|
58 |
/* Input validation */
|
|
59 |
if (!$islocal) {
|
|
60 |
$input_errors[] = gettext("This page cannot change passwords for non-local users.");
|
|
61 |
}
|
|
62 |
if ($read_only) {
|
|
63 |
$input_errors[] = gettext("The current user is read-only and cannot change the configuration.");
|
|
64 |
}
|
43 |
65 |
|
44 |
66 |
$reqdfields = explode(" ", "passwordfld1");
|
45 |
67 |
$reqdfieldsn = array(gettext("Password"));
|
... | ... | |
53 |
75 |
$input_errors[] = gettext("Could not locate this user.");
|
54 |
76 |
}
|
55 |
77 |
|
|
78 |
$input_errors = array_merge($input_errors, validate_password($_SESSION['Username'], $_POST['passwordfld1']));
|
|
79 |
|
56 |
80 |
if (!$input_errors) {
|
57 |
81 |
phpsession_begin();
|
58 |
|
// all values are okay --> saving changes
|
|
82 |
// Save changes to the current user
|
59 |
83 |
$userent =& $config['system']['user'][$userindex[$_SESSION['Username']]];
|
60 |
84 |
local_user_set_password($userent, $_POST['passwordfld1']);
|
61 |
85 |
local_user_set($userent);
|
... | ... | |
68 |
92 |
}
|
69 |
93 |
}
|
70 |
94 |
|
71 |
|
phpsession_begin();
|
72 |
|
|
73 |
|
/* determine if user is not local to system */
|
74 |
|
$islocal = false;
|
75 |
|
foreach (config_get_path('system/user', []) as $user) {
|
76 |
|
if ($user['name'] == $_SESSION['Username']) {
|
77 |
|
$islocal = true;
|
78 |
|
}
|
79 |
|
}
|
80 |
|
|
81 |
|
phpsession_end(true);
|
82 |
|
|
83 |
95 |
include("head.inc");
|
84 |
96 |
|
85 |
97 |
if ($input_errors) {
|
86 |
98 |
print_input_errors($input_errors);
|
87 |
99 |
}
|
88 |
100 |
|
|
101 |
if (!$islocal) {
|
|
102 |
print_info_box(gettext("This page cannot change passwords for non-local users."), 'danger');
|
|
103 |
}
|
|
104 |
if ($read_only) {
|
|
105 |
print_info_box(gettext("The current user is read-only and cannot change the configuration."), 'danger');
|
|
106 |
}
|
|
107 |
|
89 |
108 |
if ($savemsg) {
|
90 |
109 |
print_info_box($savemsg, 'success');
|
91 |
110 |
}
|
92 |
111 |
|
93 |
112 |
$tab_array = array();
|
94 |
|
$tab_array[] = array(gettext("User Password"), true, "system_usermanager_passwordmg.php");
|
|
113 |
$tab_array[] = array(gettext("Change Password"), true, "system_usermanager_passwordmg.php");
|
95 |
114 |
$tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php");
|
96 |
115 |
$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
|
97 |
116 |
$tab_array[] = array(gettext("Authentication Servers"), false, "system_authservers.php");
|
98 |
117 |
display_top_tabs($tab_array);
|
99 |
118 |
|
100 |
|
if ($islocal == false) {
|
101 |
|
echo gettext("The password cannot be changed for a non-local user.");
|
102 |
|
include("foot.inc");
|
103 |
|
exit;
|
104 |
|
}
|
105 |
|
|
106 |
119 |
$form = new Form();
|
107 |
120 |
|
108 |
|
$section = new Form_Section('Update Password');
|
|
121 |
$section = new Form_Section('Change Password');
|
109 |
122 |
|
110 |
|
$section->addInput(new Form_Input(
|
111 |
|
'passwordfld1',
|
112 |
|
'*Password',
|
113 |
|
'password',
|
114 |
|
null,
|
115 |
|
['autocomplete' => 'new-password']
|
|
123 |
$section->addInput(new Form_StaticText(
|
|
124 |
'',
|
|
125 |
'This page changes the password for the current user in the local configuration. ' .
|
|
126 |
'This affects all services which utilize the Local Authentication database ' .
|
|
127 |
'(User Manager).' .
|
|
128 |
'<br/><br/>' .
|
|
129 |
'This page cannot change passwords for users from other authentication ' .
|
|
130 |
'sources such as LDAP or RADIUS.'
|
116 |
131 |
));
|
117 |
132 |
|
118 |
|
$section->addInput(new Form_Input(
|
119 |
|
'passwordfld2',
|
120 |
|
'*Confirmation',
|
121 |
|
'password',
|
122 |
|
null,
|
123 |
|
['autocomplete' => 'new-password']
|
124 |
|
))->setHelp('Select a new password');
|
|
133 |
/* Only display password change fields for local users. */
|
|
134 |
if ($islocal &&
|
|
135 |
!$read_only) {
|
|
136 |
$section->addInput(new Form_StaticText(
|
|
137 |
'Database',
|
|
138 |
'Local Authentication'
|
|
139 |
));
|
|
140 |
|
|
141 |
$section->addInput(new Form_StaticText(
|
|
142 |
'Username',
|
|
143 |
$_SESSION['Username']
|
|
144 |
));
|
|
145 |
|
|
146 |
$section->addInput(new Form_Input(
|
|
147 |
'passwordfld1',
|
|
148 |
'*Password',
|
|
149 |
'password',
|
|
150 |
null,
|
|
151 |
['autocomplete' => 'new-password']
|
|
152 |
))->setHelp('Enter a new password.' .
|
|
153 |
'%1$s%1$s' .
|
|
154 |
'Hints:%1$s' .
|
|
155 |
'Current NIST guidelines prioritize password length over complexity.' .
|
|
156 |
' %2$s', '<br/>', $password_extra_help);
|
|
157 |
|
|
158 |
$section->addInput(new Form_Input(
|
|
159 |
'passwordfld2',
|
|
160 |
'*Confirmation',
|
|
161 |
'password',
|
|
162 |
null,
|
|
163 |
['autocomplete' => 'new-password']
|
|
164 |
))->setHelp('Type the new password again for confirmation.');
|
|
165 |
}
|
125 |
166 |
|
126 |
167 |
$form->add($section);
|
127 |
168 |
print($form);
|
Password management changes. Part of issue #15266
and to handle password validation.