X-Git-Url: https://git.immae.eu/?p=perso%2FImmae%2FConfig%2FNix.git;a=blobdiff_plain;f=systems%2Feldiron%2Fwebsites%2Ftools%2Flanding%2Fldap_password.php;fp=modules%2Fprivate%2Fwebsites%2Ftools%2Ftools%2Flanding%2Fldap_password.php;h=efb4f578f8b5dfdfc9124f51974f2d575237f900;hp=b6079e5449840098cceedc77e55f9732c606175c;hb=1a64deeb894dc95e2645a75771732c6cc53a79ad;hpb=fa25ffd4583cc362075cd5e1b4130f33306103f0

diff --git a/modules/private/websites/tools/tools/landing/ldap_password.php b/systems/eldiron/websites/tools/landing/ldap_password.php
similarity index 80%
rename from modules/private/websites/tools/tools/landing/ldap_password.php
rename to systems/eldiron/websites/tools/landing/ldap_password.php
index b6079e5..efb4f57 100644
--- a/modules/private/websites/tools/tools/landing/ldap_password.php
+++ b/systems/eldiron/websites/tools/landing/ldap_password.php
@@ -18,6 +18,42 @@
 $message = array();
 $message_css = "";
 
+function changePasswordLDAP($con, $user_dn, $newPassword){
+  global $message;
+  $salt = substr(str_shuffle(str_repeat('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789',4)),0,4); 
+  $encoded_newPassword = "{SSHA}" . base64_encode(pack("H*", sha1($newPassword.$salt)).$salt);
+
+  $entry = array();
+  $entry["userPassword"] = "$encoded_newPassword";
+
+  if (ldap_modify($con,$user_dn,$entry) === false){
+    $error = ldap_error($con);
+    $errno = ldap_errno($con);
+    $message[] = "$errno - $error";
+    return false;
+  } else {
+    return true;
+  }
+}
+
+function changePasswordSQL($user_realm, $newPassword) {
+  global $message;
+
+  foreach(["PGUSER", "PGPASSWORD", "PGDATABASE", "PGHOST"] as $k) {
+    if (isset($_SERVER[$k]) && !isset($_ENV[$k])) {
+      putenv("${k}=" . $_SERVER[$k]);
+    }
+  }
+  $con = pg_connect("");
+  $result = pg_query_params($con, "WITH newsalt as (SELECT gen_random_bytes(4)) UPDATE ldap_users SET password = encode(digest( $1 || (SELECT * FROM newsalt), 'sha1'), 'hex'), mechanism = 'SSHA', salt = (SELECT * FROM newsalt) where login || '@' || realm = $2", array($newPassword, $user_realm));
+  if (!$result) {
+    $message[] = "Error when accessing database";
+    return false;
+  } else {
+    return true;
+  }
+}
+
 function changePassword($user,$oldPassword,$newPassword,$newPasswordCnf){
   global $message;
   global $message_css;
@@ -46,26 +82,20 @@ function changePassword($user,$oldPassword,$newPassword,$newPasswordCnf){
     return false;
   }
 
-  $salt = substr(str_shuffle(str_repeat('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789',4)),0,4); 
-  $encoded_newPassword = "{SSHA}" . base64_encode(pack("H*", sha1($newPassword.$salt)).$salt);
-
   $user_search = ldap_search($con,"dc=immae,dc=eu","(uid=$user)");
   $auth_entry = ldap_first_entry($con, $user_search);
 
-  $mail_addresses = ldap_get_values($con, $auth_entry, "mail");
-  $given_names = ldap_get_values($con, $auth_entry, "givenName");
-  $mail_address = $mail_addresses[0];
-  $first_name = $given_names[0];
-
-  /* And Finally, Change the password */
-  $entry = array();
-  $entry["userPassword"] = "$encoded_newPassword";
+  $mail_address = ldap_get_values($con, $auth_entry, "mail")[0];
+  $first_name = ldap_get_values($con, $auth_entry, "givenName")[0];
+  $existing_password = ldap_get_values($con, $auth_entry, "userPassword")[0];
+  if (substr($existing_password, 0, 6) == "{SASL}") {
+    $result = changePasswordSQL(substr($existing_password, 6), $newPassword);
+  } else {
+    $result = changePasswordLDAP($con, $user_dn, $newPassword);
+  }
 
-  if (ldap_modify($con,$user_dn,$entry) === false){
-    $error = ldap_error($con);
-    $errno = ldap_errno($con);
+  if (!$result) {
     $message[] = "E201 - Your password cannot be changed, please contact the administrator.";
-    $message[] = "$errno - $error";
   } else {
     $message_css = "yes";
     mail($mail_address,"Password change notice","Dear $first_name,