Caravel CMS PHP Cross Reference Content Management Systems

Source: /apps/Options/Password.php - 260 lines - 9793 bytes - Summary - Text - Print

   1  <?
   2  
   3  require_once (T_CODE_BASE . 'Session.php');
   4  require_once (T_CODE_BASE . 'Auth.php');
   5  
   6  class Options_Personal_Password extends App {
   7      function getContent()
   8      {
   9  
  10      if (!isset($_SESSION)) {
  11          Session::startSession();
  12      }
  13  
  14      # for m.net
  15      $from_sqmail = isset($_REQUEST['squirrel']) ? 1 : 0;
  16      if ($from_sqmail) {
  17          print '<h2>Please update your password...</h2>' . Widget::getWizardHelp("As part of a review of security practices, Mennonite.net now requires that passwords meet a set of requirements
  18          to ensure that they cannot be easily compromised.<br /><br />Your current password does not meet all of the criteria.  Please take a moment to
  19          select a suitable password, and then you will able to log into to webmail.");
  20      }
  21  
  22      $f = FormWidget::init('', strtolower(get_class($this)) == 'options' ? 'form.noformtag.tpl.html' : C_DEFAULT_FORM_TEMPLATE);
  23      
  24      $f->html('<div id="pw_form_div">');
  25      
  26      $f->section();
  27      $f->field('You are logged in as:');
  28      $f->html('<b>' . $_SESSION['auth']->username . '</b>');
  29      $f->field('Current password:');
  30      $f->password('current');
  31  
  32      $f->field();
  33      $f->html('<br />');
  34      $f->field();
  35      $f->html('<div style="border: solid 1px #000000; background-color: #eeeeee; padding: 0.5em; line-height: 16px;"><div id="pw_info"></div><div id="pw_crack"></div></div>');
  36      $f->field();
  37      $f->html('<br />');
  38  
  39      $f->field('New password:');
  40      $f->password('new', null, null, array('onkeyup' => 'check_password(this.value);', 'onchange' => 'check_password(this.value);'));
  41      $f->field('Confirm new password:');
  42      $f->password('confirm', null, null, array('onkeyup' => 'confirm_password();', 'onchange' => 'confirm_password();'));
  43      
  44      $f->field();
  45      $f->html('<div id="pw_confirm" style="display: none; border: solid 1px #000000; background-color: #eeeeee; padding: 0.5em;"><img src="/.cWimg/icons/close_16.png" align="absmiddle">The two passwords you entered do not match.</div>');
  46      $f->field();
  47      $f->html('<br />');
  48  
  49      $prefix = $this->paramName('');
  50      $ajax_url = $this->httpRequestUrl('options_personal_password');
  51      $js = <<<END
  52  <script language="Javascript">
  53      var check = '<img src="/.cWimg/icons/opts_16.png" align="absmiddle" style="position: absolute; left: -18px;">';
  54      var fail = '<img src="/.cWimg/icons/close_16.png" align="absmiddle">';
  55      var pw_ok = false;
  56      var cracklib_ok = false;
  57      var match_ok = false;
  58      function check_password(pw) {
  59          doHttpRequest('$ajax_url', { 'check': pw }, 'updateCracklibStatus', false, 'POST');
  60      
  61          var o = 'To ensure that your new password is suitably secure, it must meet the following criteria:';
  62          o += '<div style="margin-left: 3em; position: relative;">';
  63          
  64          var test = 0;
  65          
  66          if (pw.length >= 8) {
  67              o += check;
  68              test++;
  69          }
  70          o += 'Minimum of 8 characters';
  71          
  72          o += '<br />';
  73          var m1 = pw.match(/[A-Z]/g);
  74          if (m1 && m1.length >= 1) {
  75              o += check;
  76              test++;
  77          }
  78          o += 'At least 1 capital letter';
  79  
  80          o += '<br />';
  81          var m2 = pw.match(/[0-9]/g);
  82          if (m2 && m2.length >= 2) {
  83              o += check;
  84              test++;
  85          }
  86          o += 'At least 2 digits';
  87  
  88          o += '<br />';
  89          var m3 = pw.match(/[\W_]/g);
  90          if (m3 && m3.length >= 1) {
  91              o += check;
  92              test++;
  93          }
  94          o += 'At least 1 punctuation mark';
  95  
  96          o += '</div>';
  97          document.getElementById('pw_info').innerHTML = o;
  98          pw_ok = (test == 4);
  99          updateSubmitButton();
 100      }
 101      check_password('');
 102      
 103      function confirm_password() {
 104          var pw1 = document.forms[0].$prefix}new.value;
 105          var pw2 = document.forms[0].$prefix}confirm.value;
 106          match_ok = (pw1 == pw2);
 107          document.getElementById('pw_confirm').style.display = match_ok ? 'none' : 'block';
 108          updateSubmitButton();
 109      }
 110      
 111      function updateCracklibStatus(http) {
 112          var o = '<div style="margin-left: 3em; position: relative;">';
 113          cracklib_ok = false;
 114          if (http.responseText[0] == 1) {
 115              o += check;
 116              cracklib_ok = true;
 117          }
 118          o += 'No dictionary words</div>';
 119          document.getElementById('pw_crack').innerHTML = o;
 120          updateSubmitButton();
 121      }
 122  
 123      function updatePwChangeStatus(http) {
 124          var status = parseInt(http.responseText);
 125          var status_area = document.getElementById('pw_status');
 126          if (status == 0 && http.responseText[0] == '0') {
 127              document.getElementById('pw_form_div').innerHTML = check + 'Congratulations, you have successfully changed your password.';
 128              if ($from_sqmail)
 129                  document.getElementById('pw_form_div').innerHTML += '<br /><br /><a href="https://secure.mennonite.net/webmail/src/login.php">Return to webmail...</a>';
 130          } else if (status == 1) {
 131              status_area.innerHTML = fail + 'You must correctly enter your current password in order to change it.';
 132              status_area.style.display = 'block';
 133          } else if (status == -1) {
 134              status_area.innerHTML = fail + 'There was a database error while trying to change the password.  Please contact the system administrator.';
 135              status_area.style.display = 'block';
 136          } else if (status == -2) {
 137              status_area.innerHTML = fail + 'The new password does not meet all the criteria.';
 138              status_area.style.display = 'block';
 139          } else {
 140              alert("Unknown error!\\n" + http.responseText);
 141          }
 142      }
 143      
 144      function updateSubmitButton() {
 145          document.getElementById('$prefix}change').disabled = !(pw_ok && cracklib_ok && match_ok);
 146      }
 147  </script>
 148  END;
 149      $f->html($js);
 150      
 151      $f->field();
 152      $f->hidden('change', '');
 153      $f->button('change_button', 'Change password', "document.getElementById('pw_status').style.display = 'none'; doHttpRequest('$ajax_url', { 'old': $prefix}current.value, 'new': $prefix}new.value }, 'updatePwChangeStatus', false, 'POST')", array('disabled', 'id' => $prefix . 'change'));
 154  
 155      # pw change status area
 156      $f->field();
 157      $f->html('<div id="pw_status" style="display: none; border: solid 1px #000000; background-color: #eeeeee; padding: 0.5em;"><img src="/.cWimg/icons/close_16.png" align="absmiddle"></div>');
 158      $f->field();
 159      $f->html('<br />');
 160  
 161      $f->endSection();
 162      $f->html('</div>');
 163      return $f->get();
 164     
 165      }
 166      
 167      function checkCracklib($pw) {
 168          $pw = escapeshellarg($pw);
 169          $res =  `echo $pw | cracklib-check`;
 170          $res = explode(': ', $res);
 171          return ereg('OK', $res[count($res) - 1]) ? 1 : 0;
 172      }
 173      
 174      function hashPassword($pw) {
 175          if(strtolower(T_LDAP_HASH_SCHEME) == 'md5')
 176              $pwhash = "{MD5}".base64_encode(pack("H*",md5($pw)));
 177          else if(strtolower(T_LDAP_HASH_SCHEME) == 'ssha')
 178              {
 179              mt_srand((double)microtime()*1000000);
 180              $salt = mhash_keygen_s2k(MHASH_SHA1, $password, substr(pack('h*', md5(mt_rand())), 0, 8), 4);
 181              $pwhash = "{SSHA}".base64_encode(mhash(MHASH_SHA1, $pw.$salt).$salt);
 182              }
 183          else if(strtolower(T_LDAP_HASH_SCHEME) == 'crypt')
 184              $pwhash = "{CRYPT}".crypt($pw);
 185          else if(strtolower(T_LDAP_HASH_SCHEME) == 'clear')
 186              $pwhash = $pw;
 187          else
 188              $pwhash = $pw;
 189              
 190          return rtrim($pwhash);   
 191      }
 192      
 193      function checkPassword($pw) {
 194          # minimum of 8 characters
 195          if (strlen($pw) < 8)
 196              return false;
 197              
 198          # at least 1 capital letter
 199          if (!preg_match_all('/[A-Z]/', $pw, $foo))
 200              return false;
 201              
 202          # at least 2 digits
 203          if (preg_match_all('/[0-9]/', $pw, $foo) < 2)
 204              return false;
 205          
 206          # at least 1 punctuation character
 207          if (!preg_match_all('/[\W_]/', $pw, $foo))
 208              return false;
 209              
 210          # finally, the cracklib check
 211          return Options_Personal_Password::checkCracklib($pw);
 212      }
 213      
 214      function changePassword(&$ldap, $user_dn, $pw) {
 215          # do sanity checks
 216          if (!Options_Personal_Password::checkPassword($pw)) {
 217              return -2;
 218          }
 219  
 220          # connect to LDAP
 221          $res = $ldap->bind(T_LDAP_ROOT_UID, T_LDAP_ROOT_PASSWD);
 222          if (mnError::isError($res)) return new mnError('Options_Personal_Password::changePassword(): ' . $res->getMessage(), __FILE__, __LINE__);  
 223          
 224          # attempt to change the password
 225          require_once (T_CODE_BASE . 'Structures/mnUser.php');
 226          $user = mnUser::load($ldap, $user_dn);
 227          if (mnError::isError($user)) return -1;
 228          $pwhash = Options_Personal_Password::hashPassword($pw);
 229          $res = $user->update(array('userpassword' => $pwhash));
 230          if (mnError::isError($res)) return -1;
 231  
 232          # record the new password in the logged-in session, and make sure it will get saved
 233          $_SESSION['auth']->password = $pw;
 234          $_SESSION['timestamp'] = time();
 235          return 0;
 236      }
 237      
 238      function doAjax() {
 239          if (isset($_REQUEST['check']))
 240              return Options_Personal_Password::checkCrackLib($_REQUEST['check']);
 241  
 242  
 243          if (!isset($_SESSION)) {
 244              Session::startSession();
 245          }
 246          
 247          # connect to LDAP
 248          $ldap = mnLDAP::create(T_LDAP_URI);
 249          
 250          # make sure they entered the current password correctly    
 251          $old_pw = $_REQUEST['old'];
 252          if (!$ldap->bind($_SESSION['auth']->userDN, $old_pw)) {
 253              return 1;
 254          }
 255  
 256          $new = $_REQUEST['new'];
 257          return Options_Personal_Password::changePassword($ldap, $_SESSION['auth']->userDN, $new);
 258      }
 259  }
 260  ?>

title

Description

title

Description

title

Description

title

title

Body