diff options
| author | Axel Angel <axel+git@vneko.ch> | 2014-05-04 11:46:35 +0200 |
|---|---|---|
| committer | Axel Angel <axel+git@vneko.ch> | 2014-05-08 12:21:33 +0200 |
| commit | 06da270e039cf517a6bd847ca0cd4a7819c9f879 (patch) | |
| tree | 58d33ae68a3af78c69ea53d6776bbcc6d20f7214 /lib/plugins/authldap/auth.php | |
| parent | e4897e9e4e93c61486656b8329fabaa1f8b9dc75 (diff) | |
| download | rpg-06da270e039cf517a6bd847ca0cd4a7819c9f879.tar.gz rpg-06da270e039cf517a6bd847ca0cd4a7819c9f879.tar.bz2 | |
Authldap: implement change password in modifyUser
Diffstat (limited to 'lib/plugins/authldap/auth.php')
| -rw-r--r-- | lib/plugins/authldap/auth.php | 55 |
1 files changed, 53 insertions, 2 deletions
diff --git a/lib/plugins/authldap/auth.php b/lib/plugins/authldap/auth.php index 6c3637e15..13ffb8be2 100644 --- a/lib/plugins/authldap/auth.php +++ b/lib/plugins/authldap/auth.php @@ -36,8 +36,8 @@ class auth_plugin_authldap extends DokuWiki_Auth_Plugin { return; } - // auth_ldap currently just handles authentication, so no - // capabilities are set + // Add the capabilities to change the password + $this->cando['modPass'] = true; } /** @@ -264,6 +264,57 @@ class auth_plugin_authldap extends DokuWiki_Auth_Plugin { } /** + * Definition of the function modifyUser in order to modify the password + */ + + function modifyUser($user,$changes){ + + // open the connection to the ldap + if(!$this->_openLDAP()){ + msg('LDAP cannot connect: '. htmlspecialchars(ldap_error($this->con))); + return false; + } + + // find the information about the user, in particular the "dn" + $info = $this->getUserData($user,true); + if(empty($info['dn'])) { + msg('LDAP cannot find your user dn: '. htmlspecialchars($info['dn'])); + return false; + } else { + $dn = $info['dn']; + } + + // find the new password and encrypt it whit SSHA + if(empty($changes['pass'])) { + msg('The new password is not allow because it\'s empty'); + return false; + } else { + mt_srand((double)microtime()*1000000); + $salt = pack("CCCC", mt_rand(), mt_rand(), mt_rand(), mt_rand()); + $hash = "{SSHA}" . base64_encode(pack("H*", sha1($changes['pass'] . $salt)) . $salt); + } + + // find the old password of the user + list($loginuser,$loginsticky,$loginpass) = auth_getCookie(); + $secret = auth_cookiesalt(!$sticky, true); //bind non-sticky to session + $pass = auth_decrypt($loginpass, $secret); + + // bind with the ldap + if(!@ldap_bind($this->con,$dn,$pass)){ + msg('LDAP user bind failed: '. htmlspecialchars($dn) .': '.htmlspecialchars(ldap_error($this->con)), 0, __LINE__, __FILE__); + return false; + } + + // change the password + if(!@ldap_mod_replace($this->con, $dn,array('userpassword' => $hash))){ + msg('LDAP mod replace failed: '. htmlspecialchars($dn) .': '.htmlspecialchars(ldap_error($this->con))); + return false; + } + + return true; + } + + /** * Most values in LDAP are case-insensitive * * @return bool |