system_usermanager_passwordmg.php 5.69 KB
Newer Older
Ad Schellevis's avatar
Ad Schellevis committed
1
<?php
2

Ad Schellevis's avatar
Ad Schellevis committed
3
/*
4
    Copyright (C) 2014-2015 Deciso B.V.
Ad Schellevis's avatar
Ad Schellevis committed
5
    Copyright (C) 2011 Ermal Luçi
6
    All rights reserved.
Ad Schellevis's avatar
Ad Schellevis committed
7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34

    Redistribution and use in source and binary forms, with or without
    modification, are permitted provided that the following conditions are met:

    1. Redistributions of source code must retain the above copyright notice,
       this list of conditions and the following disclaimer.

    2. Redistributions in binary form must reproduce the above copyright
       notice, this list of conditions and the following disclaimer in the
       documentation and/or other materials provided with the distribution.

    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
    POSSIBILITY OF SUCH DAMAGE.
*/

require_once("certs.inc");
require_once("guiconfig.inc");

$pgtitle = array(gettext("System"),gettext("User Password"));

35 36 37
if (session_status() == PHP_SESSION_NONE) {
    session_start();
}
38
$username = $_SESSION['Username'];
39

Ad Schellevis's avatar
Ad Schellevis committed
40
if (isset($_POST['save'])) {
41 42 43
    unset($input_errors);
    /* input validation */

44
    $reqdfields = explode(" ", "passwordfld0 passwordfld1 passwordfld2");
45 46 47
    $reqdfieldsn = array(gettext("Password"));
    do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);

48
    if ($_POST['passwordfld1'] != $_POST['passwordfld2'] ||
49
        $config['system']['user'][$userindex[$username]]['password'] != crypt($_POST['passwordfld0'], '$6$')) {
50 51 52 53 54
        $input_errors[] = gettext("The passwords do not match.");
    }

    if (!$input_errors) {
        // all values are okay --> saving changes
55 56
        $config['system']['user'][$userindex[$username]]['password'] = crypt($_POST['passwordfld1'], '$6$');
        local_user_set($config['system']['user'][$userindex[$username]]);
57 58 59 60 61

        write_config();

        $savemsg = gettext("Password successfully changed") . "<br />";
    }
Ad Schellevis's avatar
Ad Schellevis committed
62 63
}

64 65
session_write_close();

Ad Schellevis's avatar
Ad Schellevis committed
66 67
/* determine if user is not local to system */
$islocal = false;
68
foreach ($config['system']['user'] as $user) {
69
    if ($user['name'] == $username) {
70 71 72
        $islocal = true;
    }
}
Ad Schellevis's avatar
Ad Schellevis committed
73 74 75 76 77 78


include("head.inc");

?>

79
<body>
Ad Schellevis's avatar
Ad Schellevis committed
80 81 82 83 84
<?php include("fbegin.inc"); ?>

	<section class="page-content-main">

		<div class="container-fluid">
85 86

			<div class="row">
Ad Schellevis's avatar
Ad Schellevis committed
87
				<?
88

89
                if (isset($input_errors) && count($input_errors) > 0) {
90 91
                    print_input_errors($input_errors);
                }
92
                if (isset($savemsg)) {
93 94
                    print_info_box($savemsg);
                }
95

96 97
                if ($islocal == false) {
                    echo gettext("Sorry, you cannot change the password for a non-local user.");
Ad Schellevis's avatar
Ad Schellevis committed
98
                                        include("foot.inc");
99 100
                    exit;
                }
101

102
                ?>
Ad Schellevis's avatar
Ad Schellevis committed
103
			    <section class="col-xs-12">
104 105 106 107 108 109 110

				<div class="content-box">

		                        <form action="system_usermanager_passwordmg.php" method="post" name="iform" id="iform">

						<div class="table-responsive">
							<table class="table table-striped table-sort">
Ad Schellevis's avatar
Ad Schellevis committed
111
			                                <tr>
112
			                                        <td colspan="2" valign="top" class="listtopic"><?=$username?>'s <?=gettext("Password"); ?></td>
Ad Schellevis's avatar
Ad Schellevis committed
113 114
			                                </tr>
			                                <tr>
115 116 117 118 119 120 121
			                                        <td width="22%" valign="top" class="vncell"><?=gettext("Old password"); ?></td>
			                                        <td width="78%" class="vtable">
			                                                <input name="passwordfld0" type="password" class="formfld pwd" id="passwordfld0" size="20" />
			                                        </td>
			                                </tr>
			                                <tr>
			                                        <td width="22%" valign="top" class="vncell"><?=gettext("New password"); ?></td>
Ad Schellevis's avatar
Ad Schellevis committed
122 123 124 125 126
			                                        <td width="78%" class="vtable">
			                                                <input name="passwordfld1" type="password" class="formfld pwd" id="passwordfld1" size="20" />
			                                        </td>
			                                </tr>
			                                <tr>
127
									<td width="22%" valign="top" class="vncell"><?=gettext("Confirmation");?></td>
Ad Schellevis's avatar
Ad Schellevis committed
128 129 130 131 132 133 134 135 136 137 138
			                                        <td width="78%" class="vtable">
			                                                <input name="passwordfld2" type="password" class="formfld pwd" id="passwordfld2" size="20" />
			                                        </td>
			                                </tr>
			                                <tr>
			                                        <td width="22%" valign="top">&nbsp;</td>
			                                        <td width="78%">
			                                                <input name="save" type="submit" class="btn btn-primary" value="<?=gettext("Save");?>" />
			                                        </td>
			                                </tr>
			                        </table>
139
						</div>
Ad Schellevis's avatar
Ad Schellevis committed
140
		                        </form>
141
				</div>
Ad Schellevis's avatar
Ad Schellevis committed
142 143 144 145
			    </section>
			</div>
		</div>
	</section>
146
<?php include("foot.inc");