From 6ed3476b11fe6e9c4625fb28e8953ac26e8160fb Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Sat, 15 Feb 2014 20:59:06 +0000 Subject: fixes possibility of a user password change being sent out when a password couldn't be/wasn't changed --- lib/plugins/usermanager/admin.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/plugins/usermanager/admin.php b/lib/plugins/usermanager/admin.php index 156037f09..b9199e586 100644 --- a/lib/plugins/usermanager/admin.php +++ b/lib/plugins/usermanager/admin.php @@ -643,9 +643,9 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin { if ($ok = $this->_auth->triggerUserMod('modify', array($olduser, $changes))) { msg($this->lang['update_ok'],1); - if ($INPUT->has('usernotify') && $newpass) { + if ($INPUT->has('usernotify') && !empty($changes['pass'])) { $notify = empty($changes['user']) ? $olduser : $newuser; - $this->_notifyUser($notify,$newpass); + $this->_notifyUser($notify,$changes['pass']); } // invalidate all sessions -- cgit v1.2.3 From 40d72af6467f899f09d3b282922f861482e8228f Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Sat, 15 Feb 2014 21:00:08 +0000 Subject: add braces and indentation per coding standards --- lib/plugins/usermanager/admin.php | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) (limited to 'lib') diff --git a/lib/plugins/usermanager/admin.php b/lib/plugins/usermanager/admin.php index b9199e586..4b94440b0 100644 --- a/lib/plugins/usermanager/admin.php +++ b/lib/plugins/usermanager/admin.php @@ -631,14 +631,15 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin { $newpass = auth_pwgen($olduser); } - if (!empty($newpass) && $this->_auth->canDo('modPass')) - $changes['pass'] = $newpass; - if (!empty($newname) && $this->_auth->canDo('modName') && $newname != $oldinfo['name']) - $changes['name'] = $newname; - if (!empty($newmail) && $this->_auth->canDo('modMail') && $newmail != $oldinfo['mail']) - $changes['mail'] = $newmail; - if (!empty($newgrps) && $this->_auth->canDo('modGroups') && $newgrps != $oldinfo['grps']) - $changes['grps'] = $newgrps; + if (!empty($newname) && $this->_auth->canDo('modName') && $newname != $oldinfo['name']) { + $changes['name'] = $newname; + } + if (!empty($newmail) && $this->_auth->canDo('modMail') && $newmail != $oldinfo['mail']) { + $changes['mail'] = $newmail; + } + if (!empty($newgrps) && $this->_auth->canDo('modGroups') && $newgrps != $oldinfo['grps']) { + $changes['grps'] = $newgrps; + } if ($ok = $this->_auth->triggerUserMod('modify', array($olduser, $changes))) { msg($this->lang['update_ok'],1); -- cgit v1.2.3 From 359e941731104cd989739d789f476590011eb518 Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Sat, 15 Feb 2014 21:00:50 +0000 Subject: add password confirmation field when setting password in the usermanager --- lib/plugins/usermanager/admin.php | 54 +++++++++++++++++++++++++++----- lib/plugins/usermanager/lang/en/lang.php | 3 ++ 2 files changed, 50 insertions(+), 7 deletions(-) (limited to 'lib') diff --git a/lib/plugins/usermanager/admin.php b/lib/plugins/usermanager/admin.php index 4b94440b0..faa4b8d31 100644 --- a/lib/plugins/usermanager/admin.php +++ b/lib/plugins/usermanager/admin.php @@ -299,6 +299,7 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin { $this->_htmlInputField($cmd."_userid", "userid", $this->lang["user_id"], $user, $this->_auth->canDo("modLogin"), $indent+6); $this->_htmlInputField($cmd."_userpass", "userpass", $this->lang["user_pass"], "", $this->_auth->canDo("modPass"), $indent+6); + $this->_htmlInputField($cmd."_userpass2", "userpass2", $this->lang["user_passconfirm"], "", $this->_auth->canDo("modPass"), $indent+6); $this->_htmlInputField($cmd."_username", "username", $this->lang["user_name"], $name, $this->_auth->canDo("modName"), $indent+6); $this->_htmlInputField($cmd."_usermail", "usermail", $this->lang["user_mail"], $mail, $this->_auth->canDo("modMail"), $indent+6); $this->_htmlInputField($cmd."_usergroups","usergroups",$this->lang["user_groups"],$groups,$this->_auth->canDo("modGroups"),$indent+6); @@ -358,7 +359,7 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin { $class = $cando ? '' : ' class="disabled"'; echo str_pad('',$indent); - if($name == 'userpass'){ + if($name == 'userpass' || $name == 'userpass2'){ $fieldtype = 'password'; $autocomp = 'autocomplete="off"'; }elseif($name == 'usermail'){ @@ -475,7 +476,7 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin { if (!checkSecurityToken()) return false; if (!$this->_auth->canDo('addUser')) return false; - list($user,$pass,$name,$mail,$grps) = $this->_retrieveUser(); + list($user,$pass,$name,$mail,$grps,$passconfirm) = $this->_retrieveUser(); if (empty($user)) return false; if ($this->_auth->canDo('modPass')){ @@ -486,6 +487,10 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin { msg($this->lang['add_fail'], -1); return false; } + } else { + if (!$this->_verifyPassword($pass,$passconfirm)) { + return false; + } } } else { if (!empty($pass)){ @@ -606,7 +611,7 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin { $oldinfo = $this->_auth->getUserData($olduser); // get new user data subject to change - list($newuser,$newpass,$newname,$newmail,$newgrps) = $this->_retrieveUser(); + list($newuser,$newpass,$newname,$newmail,$newgrps,$passconfirm) = $this->_retrieveUser(); if (empty($newuser)) return false; $changes = array(); @@ -625,10 +630,19 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin { $changes['user'] = $newuser; } } - - // generate password if left empty and notification is on - if($INPUT->has('usernotify') && empty($newpass)){ - $newpass = auth_pwgen($olduser); + if ($this->_auth->canDo('modPass')) { + if ($newpass || $confirm) { + if ($this->_verifyPassword($newpass,$passconfirm)) { + $changes['pass'] = $newpass; + } else { + return false; + } + } else { + // no new password supplied, check if we need to generate one (or it stays unchanged) + if ($INPUT->has('usernotify')) { + $changes['pass'] = auth_pwgen($olduser); + } + } } if (!empty($newname) && $this->_auth->canDo('modName') && $newname != $oldinfo['name']) { @@ -686,6 +700,31 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin { return $sent; } + /** + * Verify password meets minimum requirements + * :TODO: extend to support password strength + * + * @param string $password candidate string for new password + * @param string $confirm repeated password for confirmation + * @return bool true if meets requirements, false otherwise + */ + protected function _verifyPassword($password, $confirm) { + + if (empty($password)) { + return false; + } + + if ($password !== $confirm) { + msg($this->lang['pass_confirm_fail'], -1); + return false; + } + + // :TODO: test password for required strength + + // if we make it this far the password is good + return true; + } + /** * Retrieve & clean user data from the form * @@ -702,6 +741,7 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin { $user[2] = $INPUT->str('username'); $user[3] = $INPUT->str('usermail'); $user[4] = explode(',',$INPUT->str('usergroups')); + $user[5] = $INPUT->str('userpass2'); // repeated password for confirmation $user[4] = array_map('trim',$user[4]); if($clean) $user[4] = array_map(array($auth,'cleanGroup'),$user[4]); diff --git a/lib/plugins/usermanager/lang/en/lang.php b/lib/plugins/usermanager/lang/en/lang.php index f87c77afb..c18b5d684 100644 --- a/lib/plugins/usermanager/lang/en/lang.php +++ b/lib/plugins/usermanager/lang/en/lang.php @@ -76,4 +76,7 @@ $lang['import_error_create'] = 'Unable to create the user'; $lang['import_notify_fail'] = 'Notification message could not be sent for imported user, %s with email %s.'; $lang['import_downloadfailures'] = 'Download Failures as CSV for correction'; +// added 2014-02 +$lang['user_passconfirm'] = 'Confirm Password'; +$lang['pass_confirm_fail'] = 'Passwords do not match'; -- cgit v1.2.3 From be9008d3e4137a2456222098dfe45589e23ee3cf Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Sun, 16 Feb 2014 17:54:48 +0000 Subject: user global strings for password confirmation prompt & error --- lib/plugins/usermanager/admin.php | 6 ++++-- lib/plugins/usermanager/lang/en/lang.php | 4 ---- 2 files changed, 4 insertions(+), 6 deletions(-) (limited to 'lib') diff --git a/lib/plugins/usermanager/admin.php b/lib/plugins/usermanager/admin.php index faa4b8d31..aac2da605 100644 --- a/lib/plugins/usermanager/admin.php +++ b/lib/plugins/usermanager/admin.php @@ -277,6 +277,7 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin { protected function _htmlUserForm($cmd,$user='',$userdata=array(),$indent=0) { global $conf; global $ID; + global $lang; $name = $mail = $groups = ''; $notes = array(); @@ -299,7 +300,7 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin { $this->_htmlInputField($cmd."_userid", "userid", $this->lang["user_id"], $user, $this->_auth->canDo("modLogin"), $indent+6); $this->_htmlInputField($cmd."_userpass", "userpass", $this->lang["user_pass"], "", $this->_auth->canDo("modPass"), $indent+6); - $this->_htmlInputField($cmd."_userpass2", "userpass2", $this->lang["user_passconfirm"], "", $this->_auth->canDo("modPass"), $indent+6); + $this->_htmlInputField($cmd."_userpass2", "userpass2", $lang["passchk"], "", $this->_auth->canDo("modPass"), $indent+6); $this->_htmlInputField($cmd."_username", "username", $this->lang["user_name"], $name, $this->_auth->canDo("modName"), $indent+6); $this->_htmlInputField($cmd."_usermail", "usermail", $this->lang["user_mail"], $mail, $this->_auth->canDo("modMail"), $indent+6); $this->_htmlInputField($cmd."_usergroups","usergroups",$this->lang["user_groups"],$groups,$this->_auth->canDo("modGroups"),$indent+6); @@ -709,13 +710,14 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin { * @return bool true if meets requirements, false otherwise */ protected function _verifyPassword($password, $confirm) { + global $lang; if (empty($password)) { return false; } if ($password !== $confirm) { - msg($this->lang['pass_confirm_fail'], -1); + msg($lang['regbadpass'], -1); return false; } diff --git a/lib/plugins/usermanager/lang/en/lang.php b/lib/plugins/usermanager/lang/en/lang.php index c18b5d684..b55ecc998 100644 --- a/lib/plugins/usermanager/lang/en/lang.php +++ b/lib/plugins/usermanager/lang/en/lang.php @@ -76,7 +76,3 @@ $lang['import_error_create'] = 'Unable to create the user'; $lang['import_notify_fail'] = 'Notification message could not be sent for imported user, %s with email %s.'; $lang['import_downloadfailures'] = 'Download Failures as CSV for correction'; -// added 2014-02 -$lang['user_passconfirm'] = 'Confirm Password'; -$lang['pass_confirm_fail'] = 'Passwords do not match'; - -- cgit v1.2.3