]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - modules/private/websites/tools/tools/landing/ldap_password.php
projects / perso / Immae / Config / Nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Migrate dilion to ZFS
[perso/Immae/Config/Nix.git] / modules / private / websites / tools / tools / landing / ldap_password.php
1 <?php
2
3 /**
4 * LDAP PHP Change Password Webpage
5 * @author: Matt Rude <http://mattrude.com>
6 * @website: http://technology.mattrude.com/2010/11/ldap-php-change-password-webpage/
7 *
8 *
9 * GNU GENERAL PUBLIC LICENSE
10 * Version 2, June 1991
11 *
12 * Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
13 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
14 * Everyone is permitted to copy and distribute verbatim copies
15 * of this license document, but changing it is not allowed.
16 */
17
18 $message = array();
19 $message_css = "";
20
21 function changePassword($user,$oldPassword,$newPassword,$newPasswordCnf){
22 global $message;
23 global $message_css;
24
25 $server = "ldaps://ldap.immae.eu";
26
27 error_reporting(0);
28 $con = ldap_connect($server);
29 ldap_set_option($con, LDAP_OPT_PROTOCOL_VERSION, 3);
30
31 $user_dn = "uid=$user,ou=users,dc=immae,dc=eu";
32
33 if (ldap_bind($con, $user_dn, $oldPassword) === false) {
34 $user_dn = "uid=$user,ou=group_users,dc=immae,dc=eu";
35 if (ldap_bind($con, $user_dn, $oldPassword) === false) {
36 $message[] = "Error E101 - Current Username or Password is wrong.";
37 return false;
38 }
39 }
40 if ($newPassword != $newPasswordCnf ) {
41 $message[] = "Error E102 - Your New passwords do not match!";
42 return false;
43 }
44 if (strlen($newPassword) < 6 ) {
45 $message[] = "Error E103 - Your new password is too short.<br/>Your password must be at least 6 characters long.";
46 return false;
47 }
48
49 $salt = substr(str_shuffle(str_repeat('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789',4)),0,4);
50 $encoded_newPassword = "{SSHA}" . base64_encode(pack("H*", sha1($newPassword.$salt)).$salt);
51
52 $user_search = ldap_search($con,"dc=immae,dc=eu","(uid=$user)");
53 $auth_entry = ldap_first_entry($con, $user_search);
54
55 $mail_addresses = ldap_get_values($con, $auth_entry, "mail");
56 $given_names = ldap_get_values($con, $auth_entry, "givenName");
57 $mail_address = $mail_addresses[0];
58 $first_name = $given_names[0];
59
60 /* And Finally, Change the password */
61 $entry = array();
62 $entry["userPassword"] = "$encoded_newPassword";
63
64 if (ldap_modify($con,$user_dn,$entry) === false){
65 $error = ldap_error($con);
66 $errno = ldap_errno($con);
67 $message[] = "E201 - Your password cannot be changed, please contact the administrator.";
68 $message[] = "$errno - $error";
69 } else {
70 $message_css = "yes";
71 mail($mail_address,"Password change notice","Dear $first_name,
72 Your password on https://tools.immae.eu/ldap_password.php for account $user was just changed.
73 If you did not make this change, please contact me.
74 If you were the one who changed your password, you may disregard this message.
75
76 Thanks
77 --
78 Immae / Ismaƫl", "From: " . getenv("CONTACT_EMAIL"));
79 $message[] = "The password for $user has been changed.<br/>An informational email has been sent to $mail_address.<br/>Your new password is now fully active.";
80 }
81 }
82
83 ?>
84 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
85 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
86 <head>
87 <title>Password Change Page</title>
88 <meta name="viewport" content="width=device-width, initial-scale=1" />
89 <link rel="stylesheet" href="https://assets.immae.eu/skeleton/2.0.4/skeleton.min.css" integrity="sha256-2YQRJMXD7pIAPHiXr0s+vlRWA7GYJEK0ARns7k2sbHY=" crossorigin="anonymous" />
90 <style type="text/css">
91 body { font-family: Verdana,Arial,Courier New; margin: auto; }
92
93 .msg_yes { margin: 0 auto; text-align: center; color: green; background: #D4EAD4; border: 1px solid green; border-radius: 10px; margin: 2px; }
94 .msg_no { margin: 0 auto; text-align: center; color: red; background: #FFF0F0; border: 1px solid red; border-radius: 10px; margin: 2px; }
95 </style>
96 <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
97 </head>
98 <body>
99 <div class="container">
100 <form action="<?php print $_SERVER['PHP_SELF']; ?>" name="passwordChange" method="post">
101 <h3>Password Change Page</h3>
102 <?php
103 if (isset($_POST["submitted"])) {
104 echo '<div class="row">';
105 changePassword($_POST['username'],$_POST['oldPassword'],$_POST['newPassword1'],$_POST['newPassword2']);
106 global $message_css;
107 if ($message_css == "yes") {
108 echo '<div class="msg_yes">';
109 } else {
110 echo '<div class="msg_no">';
111 $message[] = "Your password was not changed.";
112 }
113 foreach ( $message as $one ) { echo "<p>$one</p>"; }
114 ?></div></div><?php
115 } ?>
116 <div class="row">
117 <div class="one-third column"><label for="username">Username</label></div>
118 <div class="two-thirds column"><input id="username" name="username" type="text" autocomplete="off" /></div>
119 </div>
120 <div class="row">
121 <div class="one-third column"><label for="oldPassword">Current password</label></div>
122 <div class="two-thirds column"><input id="oldPassword" name="oldPassword" type="password" /></div>
123 </div>
124 <div class="row">
125 <div class="one-third column"><label for="newPassword1">New password</label></div>
126 <div class="two-thirds column"><input id="newPassword1" name="newPassword1" type="password" /></div>
127 </div>
128 <div class="row">
129 <div class="one-third column"><label for="newPassword2">New password (again)</label></div>
130 <div class="two-thirds column"><input id="newPassword2" name="newPassword2" type="password" /></div>
131 </div>
132 <div class="row">
133 <div class="column">
134 <input name="submitted" type="submit" value="Change Password"/>
135 </div>
136 </div>
137 </form>
138 </div>
139 </body>
140 </html>
My infrastructure configuration