$message = array();
$message_css = "";
+function changePasswordLDAP($con, $user_dn, $newPassword){
+ global $message;
+ $salt = substr(str_shuffle(str_repeat('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789',4)),0,4);
+ $encoded_newPassword = "{SSHA}" . base64_encode(pack("H*", sha1($newPassword.$salt)).$salt);
+
+ $entry = array();
+ $entry["userPassword"] = "$encoded_newPassword";
+
+ if (ldap_modify($con,$user_dn,$entry) === false){
+ $error = ldap_error($con);
+ $errno = ldap_errno($con);
+ $message[] = "$errno - $error";
+ return false;
+ } else {
+ return true;
+ }
+}
+
+function changePasswordSQL($user_realm, $newPassword) {
+ global $message;
+
+ foreach(["PGUSER", "PGPASSWORD", "PGDATABASE", "PGHOST"] as $k) {
+ if (isset($_SERVER[$k]) && !isset($_ENV[$k])) {
+ putenv("${k}=" . $_SERVER[$k]);
+ }
+ }
+ $con = pg_connect("");
+ $result = pg_query_params($con, "WITH newsalt as (SELECT gen_random_bytes(4)) UPDATE ldap_users SET password = encode(digest( $1 || (SELECT * FROM newsalt), 'sha1'), 'hex'), mechanism = 'SSHA', salt = (SELECT * FROM newsalt) where login || '@' || realm = $2", array($newPassword, $user_realm));
+ if (!$result) {
+ $message[] = "Error when accessing database";
+ return false;
+ } else {
+ return true;
+ }
+}
+
function changePassword($user,$oldPassword,$newPassword,$newPasswordCnf){
global $message;
global $message_css;
return false;
}
- $salt = substr(str_shuffle(str_repeat('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789',4)),0,4);
- $encoded_newPassword = "{SSHA}" . base64_encode(pack("H*", sha1($newPassword.$salt)).$salt);
-
$user_search = ldap_search($con,"dc=immae,dc=eu","(uid=$user)");
$auth_entry = ldap_first_entry($con, $user_search);
- $mail_addresses = ldap_get_values($con, $auth_entry, "mail");
- $given_names = ldap_get_values($con, $auth_entry, "givenName");
- $mail_address = $mail_addresses[0];
- $first_name = $given_names[0];
-
- /* And Finally, Change the password */
- $entry = array();
- $entry["userPassword"] = "$encoded_newPassword";
+ $mail_address = ldap_get_values($con, $auth_entry, "mail")[0];
+ $first_name = ldap_get_values($con, $auth_entry, "givenName")[0];
+ $existing_password = ldap_get_values($con, $auth_entry, "userPassword")[0];
+ if (substr($existing_password, 0, 6) == "{SASL}") {
+ $result = changePasswordSQL(substr($existing_password, 6), $newPassword);
+ } else {
+ $result = changePasswordLDAP($con, $user_dn, $newPassword);
+ }
- if (ldap_modify($con,$user_dn,$entry) === false){
- $error = ldap_error($con);
- $errno = ldap_errno($con);
+ if (!$result) {
$message[] = "E201 - Your password cannot be changed, please contact the administrator.";
- $message[] = "$errno - $error";
} else {
$message_css = "yes";
mail($mail_address,"Password change notice","Dear $first_name,
projects / perso / Immae / Config / Nix.git / blobdiff