Logo

User Account Password Form

--- * --- ammended 20030625 by S C Rigler --- * * @param int $length The length of the salt string to generate. * @return string The generated salt string. */ function random_salt( $length ) { $possible = '0123456789'. 'abcdefghijklmnopqrstuvwxyz'. 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'. './'; $str = ""; mt_srand((double)microtime() * 1000000); while( strlen( $str ) < $length ) $str .= substr( $possible, ( rand() % strlen( $possible ) ), 1 ); /** * Commented out following line because of problem * with crypt function in update.php * --- 20030625 by S C Rigler --- */ //$str = "\$1\$".$str."\$"; return $str; } /** * Hashes a password and returns the hash based on the specified enc_type. * * @param string $password_clear The password to hash in clear text. * @param string $enc_type Standard LDAP encryption type which must be one of * crypt, ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, or clear. * @return string The hashed password. */ function password_hash( $password_clear, $enc_type ) { global $lang; $enc_type = strtolower( $enc_type ); switch( $enc_type ) { case 'crypt': $new_value = '{CRYPT}' . crypt( $password_clear, random_salt(2) ); break; case 'ext_des': // extended des crypt. see OpenBSD crypt man page. if ( ! defined( 'CRYPT_EXT_DES' ) || CRYPT_EXT_DES == 0 ) pla_error( $lang['install_not_support_ext_des'] ); $new_value = '{CRYPT}' . crypt( $password_clear, '_' . random_salt(8) ); break; case 'md5crypt': if( ! defined( 'CRYPT_MD5' ) || CRYPT_MD5 == 0 ) pla_error( $lang['install_not_support_md5crypt'] ); $new_value = '{CRYPT}' . crypt( $password_clear , '$1$' . random_salt(9) ); break; case 'blowfish': if( ! defined( 'CRYPT_BLOWFISH' ) || CRYPT_BLOWFISH == 0 ) pla_error( $lang['install_not_support_blowfish'] ); // hardcoded to second blowfish version and set number of rounds $new_value = '{CRYPT}' . crypt( $password_clear , '$2a$12$' . random_salt(13) ); break; case 'md5': $new_value = '{MD5}' . base64_encode( pack( 'H*' , md5( $password_clear) ) ); break; case 'sha': if( function_exists('sha1') ) { // use php 4.3.0+ sha1 function, if it is available. $new_value = '{SHA}' . base64_encode( pack( 'H*' , sha1( $password_clear) ) ); } elseif( function_exists( 'mhash' ) ) { $new_value = '{SHA}' . base64_encode( mhash( MHASH_SHA1, $password_clear) ); } else { pla_error( $lang['install_no_mash'] ); } break; case 'ssha': if( function_exists( 'mhash' ) && function_exists( 'mhash_keygen_s2k' ) ) { mt_srand( (double) microtime() * 1000000 ); $salt = mhash_keygen_s2k( MHASH_SHA1, $password_clear, substr( pack( "h*", md5( mt_rand() ) ), 0, 8 ), 4 ); $new_value = "{SSHA}".base64_encode( mhash( MHASH_SHA1, $password_clear.$salt ).$salt ); } else { pla_error( $lang['install_no_mash'] ); } break; case 'smd5': if( function_exists( 'mhash' ) && function_exists( 'mhash_keygen_s2k' ) ) { mt_srand( (double) microtime() * 1000000 ); $salt = mhash_keygen_s2k( MHASH_MD5, $password_clear, substr( pack( "h*", md5( mt_rand() ) ), 0, 8 ), 4 ); $new_value = "{SMD5}".base64_encode( mhash( MHASH_MD5, $password_clear.$salt ).$salt ); } else { pla_error( $lang['install_no_mash'] ); } break; case 'clear': default: $new_value = $password_clear; } return $new_value; } function samba_crypt($password) { global $mkntpwdCommand; if (file_exists($mkntpwdCommand) && is_executable($mkntpwdCommand)) { if ($sambaPassCommandOutput = shell_exec($mkntpwdCommand . " " . escapeshellcmd($password))) { $result[0] = trim(substr($sambaPassCommandOutput, 0, strPos($sambaPassCommandOutput, ':'))); $result[1] = trim(substr($sambaPassCommandOutput, strPos($sambaPassCommandOutput, ':') + 1)); return $result; } } return; } if (isset($_POST['user'])) { $rdn = "uid={$_POST['user']},$people"; $password = $_POST['newpass1']; $pwd_length = strlen($password); if ($_POST['newpass1'] == $_POST['newpass2']) { if ($pwd_length >= $pwd_minlength) { if (!$use_cracklib || (dl("crack.so") && crack_check($password))) { if ($ldap = ldap_connect($ldap_host)) { if (!ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3)) echo "Using deprecated protocol version"; if (@ldap_bind($ldap, $rdn, $_POST['oldpass']) or @ldap_bind($ldap, $rootdn, $_POST['oldpass'])) { $isSambaAccount = false; # Check for Samba account if ($result = ldap_search($ldap, $rdn, 'objectClass=SambaSamAccount', array()) and $entries = ldap_get_entries($ldap, $result) and $entries["count"] == 1) { $isSambaAccount = true; $lmnt = samba_crypt($password); if (isset($lmnt)) { // LMPassword is totally unsecure! //$attrs['sambaLMPassword'] = $lmnt[0]; $attrs['sambaNTPassword'] = $lmnt[1]; } else error("Can't crypt Samba passwords."); } if ($result = ldap_read($ldap, $rdn, 'objectClass=shadowAccount', array('shadowExpire', 'shadowLastChange', 'shadowMax', 'homeDirectory')) and $entries = ldap_get_entries($ldap, $result) and $entries['count'] == 1) { # WARNING: returned attribute names are lowercased! if (!isset($entries[0]['shadowexpire'][0]) || $entries[0]['shadowexpire'][0] === "-1") { $attrs['userPassword'] = password_hash($password, "md5crypt"); if (!isset($entries[0]['shadowmax'][0]) or $entries[0]['shadowmax'][0] < 1 or $entries[0]['shadowmax'][0] > 1000) { # Reset to a sane default $shadowmax = 180; $attrs['shadowMax'] = $shadowmax; } else $shadowmax = $entries[0]['shadowmax'][0]; $today = intval(time() / (24 * 3600)); $expire = $today + $shadowmax; $attrs['shadowLastChange'] = "$today"; if($isSambaAccount) { $smb_today = time(); $smb_expire = $smb_today + $shadowmax * (24 * 3600); $attrs['sambaPwdMustChange'] = "$smb_expire"; $attrs['sambaPwdCanChange'] = "$smb_today"; $attrs['sambaPwdLastSet'] = "$smb_today"; } success('Your new UNIX password will expire on ' . date(DATE_RFC2822, $expire * (3600 * 24))); } else error("Your UNIX account is expired since " . date(DATE_RFC2822, $entries[0]['shadowexpire'][0] * 24*3600) . " - please contact $contact ."); } else $attrs['userPassword'] = password_hash($password, "md5crypt"); if (ldap_modify($ldap, $rdn, $attrs)) { if (isset($attrs['userPassword'])) success('UNIX password changed successfully.'); if (isset($attrs['sambaNTPassword'])) success('NT password changed successfully.'); $home = $entries[0]['homedirectory'][0]; if (file_exists("$home/.ssh/id_rsa")) warning("Remember to change password of your SSH RSA secret key(s)."); if (file_exists("$home/.ssh/id_dsa")) warning("Remember to change password of your SSH DSA secret key."); if (file_exists("$home/.gnupg")) warning("Remember to change password of your GnuPG secret key(s)."); if (file_exists("$home/.gnome2/keyrings")) warning("Remember to change password of your Gnome Keyring."); if (file_exists("$home/.kde/share/apps/kwallet")) warning("Remember to change password of your KDE Wallet."); //if (file_exists("$home")) // warning("Remember to change password of your MacOS X Keychain."); //if (file_exists("$home/.mozilla/firefox")) // warning("Remember to change password of your Firefox master password."); //if (file_exists("$home/.thunderbird")) // warning("Remember to change password of your Thunderbird master password."); } else error("Can't modify LDAP information."); } else error("Wrong username or password."); } else error("Can't connect to ldap server."); } else error("Password policy error: ".crack_getlastmessage()); } else error("New password must be at least $pwd_minlength characters long."); } else error("New password mismatch."); } ?>
Username: 
Old Password:(or LDAP manager password)
New Password: 
Confirm Password: