mirror of
https://github.com/FH-Complete/FHC-Core.git
synced 2026-07-19 16:02:15 +00:00
- Beim ändern des Passwortes muss sich das neue Passwort vom alten unterscheiden
- Wenn das Passwort länger als ein Jahr nicht geändert wurde, kann jetzt automatisch nach dem CIS Login auf die Passwort-Ändern-Seite umgeleitet werden
This commit is contained in:
+53
-14
@@ -22,12 +22,48 @@
|
||||
*
|
||||
*/
|
||||
require_once('../config/cis.config.inc.php');
|
||||
require_once('../config/global.config.inc.php');
|
||||
require_once('../include/functions.inc.php');
|
||||
require_once('../include/sprache.class.php');
|
||||
require_once('../include/phrasen.class.php');
|
||||
require_once('../include/mail.class.php');
|
||||
require_once('../include/student.class.php');
|
||||
|
||||
$redirectPasswordChange=false;
|
||||
if(defined('CIS_CHECK_PASSWORD_CHANGE') && CIS_CHECK_PASSWORD_CHANGE==true)
|
||||
{
|
||||
require_once('../addons/ldap/vilesci/ldap.class.php');
|
||||
$user = get_uid();
|
||||
$password = $_SERVER['PHP_AUTH_PW'];
|
||||
$ldap = new ldap();
|
||||
$ldap->connect();
|
||||
$userdn = $ldap->GetUserDN($user);
|
||||
$ldap = new ldap();
|
||||
if($ldap->connect(LDAP_SERVER, LDAP_PORT, $userdn, $password))
|
||||
{
|
||||
$lastchange = $ldap->getEntry($user,'shadowLastChange');
|
||||
if(isset($lastchange[0])
|
||||
&& isset($lastchange[0]['shadowlastchange'])
|
||||
&& isset($lastchange[0]['shadowlastchange'][0]))
|
||||
{
|
||||
$shadowlastchange = $lastchange[0]['shadowlastchange'][0];
|
||||
}
|
||||
else
|
||||
$shadowlastchange = 0;
|
||||
|
||||
// get unix timestamp 1 year ago
|
||||
$dt = new DateTime();
|
||||
$dt1year = $dt->sub(new DateInterval('P12M'));
|
||||
$ux1year = $dt1year->format('U');
|
||||
|
||||
if($shadowlastchange <= $ux1year)
|
||||
$redirectPasswordChange = true;
|
||||
else
|
||||
$redirectPasswordChange = false;
|
||||
}
|
||||
else
|
||||
die('Bind Failed'.$ldap->errormsg);
|
||||
}
|
||||
/**
|
||||
* Prueft die URL damit keine boesen URLS uebergeben werden koennen
|
||||
* @param $param
|
||||
@@ -46,9 +82,9 @@ function validURLCheck($param)
|
||||
$text.="\nFolgende URL wurde versucht aufzurufen: \n".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
|
||||
$text.="\n\nIP des Aufrufers: ".$_SERVER['REMOTE_ADDR'];
|
||||
$text.="\n\nUserAgent: ".$_SERVER['HTTP_USER_AGENT'];
|
||||
|
||||
|
||||
$text.="\n\nAuffälliger Value: $param";
|
||||
|
||||
|
||||
$mail = new mail(MAIL_ADMIN, 'no-reply@'.DOMAIN, 'Versuchte XSS Attacke', $text);
|
||||
$mail->send();
|
||||
die('Invalid URL detected');
|
||||
@@ -74,7 +110,7 @@ if(isset($_GET['content_id']))
|
||||
}
|
||||
else
|
||||
$id = '';
|
||||
|
||||
|
||||
if(isset($_GET['menu']))
|
||||
{
|
||||
$menu = $_GET['menu'];
|
||||
@@ -82,7 +118,7 @@ if(isset($_GET['menu']))
|
||||
}
|
||||
else
|
||||
$menu = 'menu.php?content_id='.$id;
|
||||
|
||||
|
||||
$user = get_uid();
|
||||
$student = new student();
|
||||
if($student->load($user))
|
||||
@@ -113,14 +149,17 @@ else
|
||||
else
|
||||
$content = '../cms/news.php?studiengang_kz='.$studiengang_kz.'&semester='.$semester.'';
|
||||
}
|
||||
|
||||
|
||||
if($redirectPasswordChange)
|
||||
$content = '../cis/private/profile/change_password.php?requiredtochange=true';
|
||||
|
||||
$sprache = getSprache();
|
||||
$p = new phrasen($sprache);
|
||||
$db = new basis_db();
|
||||
?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
|
||||
<html>
|
||||
<head>
|
||||
<meta http-equiv="X-UA-Compatible" content="IE=9"/>
|
||||
<meta http-equiv="X-UA-Compatible" content="IE=9"/>
|
||||
<title>CIS - <?php echo CAMPUS_NAME; ?></title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
|
||||
<link rel="stylesheet" href="../skin/jquery.css" type="text/css">
|
||||
@@ -137,7 +176,7 @@ function changeSprache(sprache)
|
||||
content = document.getElementById('content').contentWindow.location.href;
|
||||
menu = escape(menu);
|
||||
content = escape(content);
|
||||
|
||||
|
||||
window.location.href="index.php?sprache="+sprache+"&content_id=<?php echo $db->convert_html_chars($id);?>&menu="+menu+"&content="+content;
|
||||
}
|
||||
function gettimestamp()
|
||||
@@ -163,20 +202,20 @@ function loadampel()
|
||||
<tr>
|
||||
<td valign="top" align="left" style="background-image: url(<?php echo APP_ROOT.'skin/styles/'.DEFAULT_STYLE.'/header.png'; ?>); background-position: top; background-repeat: repeat-x;">
|
||||
<a href="index.php"><img class="header_logo" src="<?php echo APP_ROOT.'skin/styles/'.DEFAULT_STYLE.'/logo_250x130.png'; ?>" alt="logo"></a>
|
||||
<!--<img class="header" src="<?php echo APP_ROOT.'skin/styles/'.DEFAULT_STYLE.'/header.png'; ?>" alt="header">-->
|
||||
<!--<img class="header" src="<?php echo APP_ROOT.'skin/styles/'.DEFAULT_STYLE.'/header.png'; ?>" alt="header">-->
|
||||
<table class="header_content" cellpadding="0">
|
||||
<tr>
|
||||
<td width="20%" align="center">
|
||||
</td>
|
||||
<td valign="middle" align="center">
|
||||
<form name="searchform" action="private/tools/suche.php" method="GET" target="content" style="display:inline">
|
||||
<form name="searchform" action="private/tools/suche.php" method="GET" target="content" style="display:inline">
|
||||
<input id="globalsearch" type="search" size="55" name="search" placeholder=" <?php echo $p->t('menu/suchePersonOrtDokumentInhalt');?> ..." title="<?php echo $p->t('menu/suchePersonOrtDokumentInhaltLang');?>"/>
|
||||
<img src="../skin/images/search.png" onclick="document.searchform.submit()" class="suchicon"/>
|
||||
</form>
|
||||
</td>
|
||||
<td align="right" valign="top" style="width: 20%; padding-right: 10px; padding-top: 10px;">
|
||||
<nobr><span style="vertical-align:top;" id="ampel"></span><a href="private/lvplan/stpl_week.php?pers_uid=<?php echo $user; ?>" target="_blank"><?php echo $p->t('lvplan/lvPlan'); ?></a> <span style="color: #A5AFB6">|</span>
|
||||
<?php
|
||||
<?php
|
||||
$sprache = new sprache();
|
||||
$sprache->getAll(true);
|
||||
foreach($sprache->result as $row)
|
||||
@@ -187,12 +226,12 @@ function loadampel()
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign="top" align="left">
|
||||
|
||||
|
||||
<iframe id="menue" src="<?php echo $db->convert_html_chars($menu); ?>" name="menu" frameborder="0">
|
||||
No iFrames
|
||||
</iframe>
|
||||
@@ -231,8 +270,8 @@ function loadampel()
|
||||
<td><img src="../skin/images/aufklappen.png" /></td>
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
</table>
|
||||
|
||||
</table>
|
||||
</div>
|
||||
</div>
|
||||
</div>-->';*/
|
||||
|
||||
@@ -1,22 +1,22 @@
|
||||
<?php
|
||||
/*
|
||||
* Copyright 2013 fhcomplete.org
|
||||
*
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
|
||||
* MA 02110-1301, USA.
|
||||
*
|
||||
*
|
||||
*
|
||||
* Authors: Andreas Österreicher <andreas.oesterreicher@technikum-wien.at>
|
||||
* Alexander Nimmervoll <alexander.nimmervoll@technikum-wien.at>
|
||||
@@ -52,12 +52,15 @@ echo '<h1>'.$p->t('passwort/PasswortAenderFuer',array($db->convert_html_chars($b
|
||||
|
||||
if(!isset($_SERVER['HTTPS']) || (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='off'))
|
||||
{
|
||||
|
||||
|
||||
$httpspath = str_replace('http://','https://',APP_ROOT).'cis/private/profile/change_password.php';
|
||||
echo '<div style="border: 2px solid red; text-align:center">'.$p->t('passwort/NoHttps').'<br>
|
||||
<a href="'.$httpspath.'">'.$p->t('passwort/ZuHttpsWechseln').'</a></div><br>';
|
||||
}
|
||||
|
||||
if(isset($_GET['requiredtochange']))
|
||||
{
|
||||
echo '<span class="error">'.$p->t('passwort/RequiredToChangeInfo').'</span><br><br>';
|
||||
}
|
||||
echo $p->t('passwort/InfotextPolicy').'
|
||||
<br>
|
||||
<br>
|
||||
@@ -84,7 +87,7 @@ echo $p->t('passwort/InfotextPolicy').'
|
||||
|
||||
if(isset($_POST['change']))
|
||||
{
|
||||
if(!isset($_POST['passwort_alt'])
|
||||
if(!isset($_POST['passwort_alt'])
|
||||
|| !isset($_POST['passwort_neu'])
|
||||
|| !isset($_POST['passwort_neu_check']))
|
||||
{
|
||||
@@ -99,7 +102,7 @@ if(isset($_POST['change']))
|
||||
if($passwort_neu==$passwort_neu_check)
|
||||
{
|
||||
// Passwort Policy pruefen
|
||||
if(($errormsg = check_policy($passwort_neu, $p))===true)
|
||||
if(($errormsg = check_policy($passwort_neu, $p, $passwort_alt))===true)
|
||||
{
|
||||
// Passwort aendern
|
||||
if(($msg = change_password($passwort_alt, $passwort_neu, $uid))===true)
|
||||
|
||||
@@ -47,6 +47,10 @@ define('CIS_LVALISTE_NOTENEINGABE_ANZEIGEN',true);
|
||||
// Anzeige des LV-Plan Links bei globaler Suche
|
||||
define('CIS_SUCHE_LVPLAN_ANZEIGEN',true);
|
||||
|
||||
// Soll geprueft werden ob das Passwort innerhalb des letzten Jahres geaendert wurde true|false
|
||||
// Wenn dies nicht geaendert wurde wird nach dem Login auf die Passwort aendern Seite umgeleitet
|
||||
define('CIS_CHECK_PASSWORD_CHANGE',false);
|
||||
|
||||
// Link zu den Excel Notenlisten im CIS Anzeigen
|
||||
define('CIS_ANWESENHEITSLISTE_NOTENLISTE_ANZEIGEN',true);
|
||||
|
||||
|
||||
@@ -31,7 +31,7 @@ $passwort_addons = new addon();
|
||||
foreach($passwort_addons->aktive_addons as $addon)
|
||||
{
|
||||
$passwort_addon_filename = dirname(__FILE__).'/../../addons/'.$addon.'/vilesci/passwort.inc.php';
|
||||
|
||||
|
||||
if(file_exists($passwort_addon_filename))
|
||||
{
|
||||
include($passwort_addon_filename);
|
||||
@@ -42,7 +42,7 @@ foreach($passwort_addons->aktive_addons as $addon)
|
||||
|
||||
if(!$passwort_addon_found)
|
||||
{
|
||||
|
||||
|
||||
/**
|
||||
* Prueft die Passwort Policy
|
||||
* Das Passwort muss zumindest 8 Zeichen enthalten, davon mindestens 1 Großbuchstabe,
|
||||
@@ -52,9 +52,10 @@ if(!$passwort_addon_found)
|
||||
*
|
||||
* @param $passwort_neu das neue Passwort
|
||||
* @param $p Phrasen Objekt - Wenn nicht uebergeben werden die Fehler in der Default Langauge angezeigt
|
||||
* @param $passwort_alt Altes Passwort bei Passwortaenderung
|
||||
* @return errormsg wenn Policy nicht erfuellt ist oder true wenn ok
|
||||
*/
|
||||
function check_policy($passwort_neu, $p=null)
|
||||
function check_policy($passwort_neu, $p=null, $passwort_alt=null)
|
||||
{
|
||||
if(is_null($p))
|
||||
$p = new phrase(DEFAULT_LANGUAGE);
|
||||
@@ -69,6 +70,15 @@ if(!$passwort_addon_found)
|
||||
$errormsg .= $p->t('passwort/MinLaenge');
|
||||
}
|
||||
|
||||
// Altes Passwort darf nicht gleich dem neuen sein
|
||||
if(!is_null($passwort_alt) && $passwort_alt!='')
|
||||
{
|
||||
if($passwort_neu == $passwort_alt)
|
||||
{
|
||||
$error=true;
|
||||
$errormsg .= $p->t('passwort/nichtGleich');
|
||||
}
|
||||
}
|
||||
// Mindestens 1 Großbuchstabe
|
||||
if(!preg_match('/[A-Z]/', $passwort_neu))
|
||||
{
|
||||
@@ -115,7 +125,7 @@ if(!$passwort_addon_found)
|
||||
else
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Aendert das Passwort im LDAP
|
||||
* @param $passwort_alt Altes (aktuelles) Passwort
|
||||
@@ -145,7 +155,7 @@ if(!$passwort_addon_found)
|
||||
$encrypted = base64_encode(pack('H*',hash('sha1',$passwort_neu.$salt)).$salt);
|
||||
$ssha_password = '{SSHA}'.$encrypted;
|
||||
|
||||
// LM und NT
|
||||
// LM und NT
|
||||
//$hash = new Crypt_CHAP_MSv2();
|
||||
//$hash->password = $passwort_neu;
|
||||
// $lm_password = strtoupper(bin2hex($hash->lmPasswordHash()));
|
||||
|
||||
@@ -30,4 +30,7 @@ $this->phrasen['passwort/CodeOderUsernameFalsch']='Code oder Username falsch';
|
||||
$this->phrasen['passwort/CaptchaCodeFalsch']='Captcha Code falsch';
|
||||
$this->phrasen['passwort/AccountErfolgreichAktiviert']='Ihr Account wurde erfolgreich aktiviert';
|
||||
$this->phrasen['passwort/WeiterZumLogin']='Weiter zum Login';
|
||||
$this->phrasen['passwort/RequiredToChangeInfo']='Sie haben Ihr Passwort seit über einem Jahr nicht mehr geändert.
|
||||
Bitte ändern Sie umgehend Ihr Passwort';
|
||||
$this->phrasen['passwort/nichtGleich']='Das neue Passwort muss sich vom alten Passwort unterscheiden.';
|
||||
?>
|
||||
|
||||
@@ -30,5 +30,7 @@ $this->phrasen['passwort/CodeOderUsernameFalsch']='Code or Username wrong';
|
||||
$this->phrasen['passwort/CaptchaCodeFalsch']='Captcha Code wrong';
|
||||
$this->phrasen['passwort/AccountErfolgreichAktiviert']='Account has been activated successfully';
|
||||
$this->phrasen['passwort/WeiterZumLogin']='Proceed to Login';
|
||||
|
||||
$this->phrasen['passwort/RequiredToChangeInfo']='You have not changed your password for over a year.
|
||||
Please change your password immediately';
|
||||
$this->phrasen['passwort/nichtGleich']='The new password must be different from the old password.';
|
||||
?>
|
||||
|
||||
Reference in New Issue
Block a user