ldap-user-manager/www/change_password/index.php

<?php

set_include_path( ".:" . __DIR__ . "/../includes/");

include_once "web_functions.inc.php";
include_once "ldap_functions.inc.php";

set_page_access("user");

if (isset($_POST['change_password'])) {

 if (!$_POST['password']) { $not_strong_enough = 1; }
 if ((!is_numeric($_POST['pass_score']) or $_POST['pass_score'] < 3) and $ACCEPT_WEAK_PASSWORDS != TRUE) { $not_strong_enough = 1; }
 if (preg_match("/\"|'/",$_POST['password'])) { $invalid_chars = 1; }
 if ($_POST['password'] != $_POST['password_match']) { $mismatched = 1; }

 if (!isset($mismatched) and !isset($not_strong_enough) and !isset($invalid_chars) ) {

  $ldap_connection = open_ldap_connection();
  ldap_change_password($ldap_connection,$USER_ID,$_POST['password']) or die("change_ldap_password() failed.");

  render_header("$ORGANISATION_NAME account manager - password changed");
  ?>
  <div class="container">
    <div class="col-sm-6 col-sm-offset-3">
      <div class="panel panel-success">
        <div class="panel-heading">Success</div>
        <div class="panel-body">
          Your password has been updated.
        </div>
      </div>
    </div>
  </div>
  <?php
  render_footer();
  exit(0);
 }

}

render_header("Change your $ORGANISATION_NAME password");

if (isset($not_strong_enough)) {  ?>
<div class="alert alert-warning">
 <p class="text-center">The password wasn't strong enough.</p>
</div>
<?php }

if (isset($invalid_chars)) {  ?>
<div class="alert alert-warning">
 <p class="text-center">The password contained invalid characters.</p>
</div>
<?php }

if (isset($mismatched)) {  ?>
<div class="alert alert-warning">
 <p class="text-center">The passwords didn't match.</p>
</div>
<?php }

?>

<script src="<?php print $SERVER_PATH; ?>js/zxcvbn.min.js"></script>
<script type="text/javascript" src="<?php print $SERVER_PATH; ?>js/zxcvbn-bootstrap-strength-meter.js"></script>
<script type="text/javascript">$(document).ready(function(){	$("#StrengthProgressBar").zxcvbnProgressBar({ passwordInput: "#password" });});</script>

<div class="container">
 <div class="col-sm-6 col-sm-offset-3">

  <div class="panel panel-default">
   <div class="panel-heading text-center">Change your password</div>

   <ul class="list-group">
    <li class="list-group-item">Use this form to change your <?php print $ORGANISATION_NAME; ?> password.  When you start typing your new password the gauge at the bottom will show its security strength.
    Enter your password again in the <b>confirm</b> field.  If the passwords don't match then both fields will be bordered with red.</li>
   </ul>

   <div class="panel-body text-center">
   
    <form class="form-horizontal" action='' method='post'>

     <input type='hidden' id="change_password" name="change_password">
     <input type='hidden' id="pass_score" value="0" name="pass_score">
     
     <div class="form-group" id="password_div">
      <label for="password" class="col-sm-4 control-label">Password</label>
      <div class="col-sm-6">
       <input type="password" class="form-control" id="password" name="password">
      </div>
     </div>

     <script>
      function check_passwords_match() {

        if (document.getElementById('password').value != document.getElementById('confirm').value ) {
            document.getElementById('password_div').classList.add("has-error");
            document.getElementById('confirm_div').classList.add("has-error");
        }
        else {
         document.getElementById('password_div').classList.remove("has-error");
         document.getElementById('confirm_div').classList.remove("has-error");
        }
       }
     </script>

     <div class="form-group" id="confirm_div">
      <label for="password" class="col-sm-4 control-label">Confirm</label>
      <div class="col-sm-6">
       <input type="password" class="form-control" id="confirm" name="password_match" onkeyup="check_passwords_match()">
      </div>
     </div>

     <div class="form-group">
       <button type="submit" class="btn btn-default">Change password</button>
     </div>
     
    </form>

    <div class="progress">
     <div id="StrengthProgressBar" class="progress progress-bar"></div>
    </div>

   </div>
  </div>

 </div>
</div>
<?php

render_footer();

?>
Initial functioning version, pre-docker. 2018-06-01 17:10:45 +01:00			`<?php`

Code tidy, encode URLs and add no-https option 2020-01-10 12:01:31 +00:00			`set_include_path( ".:" . __DIR__ . "/../includes/");`

			`include_once "web_functions.inc.php";`
			`include_once "ldap_functions.inc.php";`
Initial functioning version, pre-docker. 2018-06-01 17:10:45 +01:00
			`set_page_access("user");`

			`if (isset($_POST['change_password'])) {`

Fix change empty password with accept weak passwords. (#141) 2022-03-03 14:39:42 +01:00			`if (!$_POST['password']) { $not_strong_enough = 1; }`
Hashing (#22) * Added ALLOW_WEAK_PASSWORDS and PASSWORD_HASH options, some bug and log format fixes * Fixed incorrect variable name in check for password hash setting. 2020-05-22 11:03:23 +01:00			`if ((!is_numeric($_POST['pass_score']) or $_POST['pass_score'] < 3) and $ACCEPT_WEAK_PASSWORDS != TRUE) { $not_strong_enough = 1; }`
Initial functioning version, pre-docker. 2018-06-01 17:10:45 +01:00			`if (preg_match("/\"\|'/",$_POST['password'])) { $invalid_chars = 1; }`
			`if ($_POST['password'] != $_POST['password_match']) { $mismatched = 1; }`

			`if (!isset($mismatched) and !isset($not_strong_enough) and !isset($invalid_chars) ) {`

			`$ldap_connection = open_ldap_connection();`
			`ldap_change_password($ldap_connection,$USER_ID,$_POST['password']) or die("change_ldap_password() failed.");`

Next release (#107) * Custom email body (#51) * get email body from ENV * read subject from env * html mail * replace special string with username and password * missing ; * more str_replace * utf8 in mail * typo * docs * fix var * count accounts * fix print * Add the ability to set the server path. Get directed to the appropriate module when you log in. * Fixes to allow overriding attribute labels properly * Fix server_path in various places, update to cookies use 'samesite', include boostrap and queryjs files so LUM can run without internet access. Co-authored-by: Monsieur X <xgaia@gmx.com> 2021-07-22 09:12:55 +01:00			`render_header("$ORGANISATION_NAME account manager - password changed");`
Initial functioning version, pre-docker. 2018-06-01 17:10:45 +01:00			`?>`
Next release (#151) * Custom email body (#51) * get email body from ENV * read subject from env * html mail * replace special string with username and password * missing ; * more str_replace * utf8 in mail * typo * docs * fix var * count accounts * fix print * Add the ability to set the server path. Get directed to the appropriate module when you log in. * Fixes to allow overriding attribute labels properly * Fix server_path in various places, update to cookies use 'samesite', include boostrap and queryjs files so LUM can run without internet access. * Add support for consuming docker / kubernetes secrets passed as _FILE environment variables (#136) * mod: condense Dockerfile * add: _FILE feature add: list of sensitive env_vars * mod: sorted env_var list * add: complete current env_var list * fix: formatting * mod: revert Dockerfile to prev. version * mod: updated comment to be more descriptive mod: rename variables to be more descriptive * rem: list of env_var; no longer needed. mod: env_file_replace function ^ search for all <env_var>_FILE variables and replace ^ <env_var> if the file exists and is not empty mod: env_file_replace comment Co-authored-by: pyunramura <jeremy.cummings@live.com> * Update the README with information on using _FILE * Change username regex variables * Named server certs, as suggested by @huzvar * Update LDAP filter method as suggested by @xgaia * Feature/http header username (#120) * Implement Remote Headers Auth * Hide Logout on Remote Sessions * Add Explanation for REMOTRE_HTTP_HEADERS_LOGIN settiing Co-authored-by: Damian Galli <damian.galli@galli.site> * Updated Readme, fixed random number generation for ARM systems, fixed JS to generate the username * Fix issues #124 and #126 * Change badges to buttons for list counts * Don't secretly set displayName * Add Group Additional (#113) * Add doku Group additional. * Read Group additional configuration. * New group add Additional objectclasses * Allow for attributes that take multiple values. * Updated README * Formatting fixes, fix parsing params from account requests, initial code for the simple interface flag. * Add attribute fields for groups and allow user-defined attributes to be displayed. Move alert banner JS to a function. * Update entries with any missing additional objectclasses when updating entries. Update README to describe changes. Initial work to allow file uploads for attributes. * Functionality to upload binary files and display them in the form it's a JPEG. Added a new page to download existing binary content. * Bugfixes for compatibility with older osixia/openldap versions. Change SIMPLE_INTERFACE to SHOW_POSIX_ATTRIBUTES. * Update version number in README. Co-authored-by: Monsieur X <xgaia@gmx.com> Co-authored-by: pyunramura <35285259+pyunramura@users.noreply.github.com> Co-authored-by: pyunramura <jeremy.cummings@live.com> Co-authored-by: Damian Galli <da.ga@live.de> Co-authored-by: Damian Galli <damian.galli@galli.site> Co-authored-by: huzvar <89766648+huzvar@users.noreply.github.com> 2022-04-12 15:43:21 +01:00			`<div class="container">`
			`<div class="col-sm-6 col-sm-offset-3">`
			`<div class="panel panel-success">`
			`<div class="panel-heading">Success</div>`
			`<div class="panel-body">`
			`Your password has been updated.`
			`</div>`
			`</div>`
			`</div>`
Initial functioning version, pre-docker. 2018-06-01 17:10:45 +01:00			`</div>`
			`<?php`
			`render_footer();`
			`exit(0);`
			`}`

			`}`

Next release (#107) * Custom email body (#51) * get email body from ENV * read subject from env * html mail * replace special string with username and password * missing ; * more str_replace * utf8 in mail * typo * docs * fix var * count accounts * fix print * Add the ability to set the server path. Get directed to the appropriate module when you log in. * Fixes to allow overriding attribute labels properly * Fix server_path in various places, update to cookies use 'samesite', include boostrap and queryjs files so LUM can run without internet access. Co-authored-by: Monsieur X <xgaia@gmx.com> 2021-07-22 09:12:55 +01:00			`render_header("Change your $ORGANISATION_NAME password");`
Initial functioning version, pre-docker. 2018-06-01 17:10:45 +01:00
Hashing (#22) * Added ALLOW_WEAK_PASSWORDS and PASSWORD_HASH options, some bug and log format fixes * Fixed incorrect variable name in check for password hash setting. 2020-05-22 11:03:23 +01:00			`if (isset($not_strong_enough)) { ?>`
Initial functioning version, pre-docker. 2018-06-01 17:10:45 +01:00			`<div class="alert alert-warning">`
			`<p class="text-center">The password wasn't strong enough.</p>`
			`</div>`
			`<?php }`

			`if (isset($invalid_chars)) { ?>`
			`<div class="alert alert-warning">`
			`<p class="text-center">The password contained invalid characters.</p>`
			`</div>`
			`<?php }`

			`if (isset($mismatched)) { ?>`
			`<div class="alert alert-warning">`
			`<p class="text-center">The passwords didn't match.</p>`
			`</div>`
			`<?php }`

			`?>`

Next release (#107) * Custom email body (#51) * get email body from ENV * read subject from env * html mail * replace special string with username and password * missing ; * more str_replace * utf8 in mail * typo * docs * fix var * count accounts * fix print * Add the ability to set the server path. Get directed to the appropriate module when you log in. * Fixes to allow overriding attribute labels properly * Fix server_path in various places, update to cookies use 'samesite', include boostrap and queryjs files so LUM can run without internet access. Co-authored-by: Monsieur X <xgaia@gmx.com> 2021-07-22 09:12:55 +01:00			`<script src="<?php print $SERVER_PATH; ?>js/zxcvbn.min.js"></script>`
			`<script type="text/javascript" src="<?php print $SERVER_PATH; ?>js/zxcvbn-bootstrap-strength-meter.js"></script>`
Initial functioning version, pre-docker. 2018-06-01 17:10:45 +01:00			`<script type="text/javascript">$(document).ready(function(){ $("#StrengthProgressBar").zxcvbnProgressBar({ passwordInput: "#password" });});</script>`

Next release (#107) * Custom email body (#51) * get email body from ENV * read subject from env * html mail * replace special string with username and password * missing ; * more str_replace * utf8 in mail * typo * docs * fix var * count accounts * fix print * Add the ability to set the server path. Get directed to the appropriate module when you log in. * Fixes to allow overriding attribute labels properly * Fix server_path in various places, update to cookies use 'samesite', include boostrap and queryjs files so LUM can run without internet access. Co-authored-by: Monsieur X <xgaia@gmx.com> 2021-07-22 09:12:55 +01:00			`<div class="container">`
Next release (#151) * Custom email body (#51) * get email body from ENV * read subject from env * html mail * replace special string with username and password * missing ; * more str_replace * utf8 in mail * typo * docs * fix var * count accounts * fix print * Add the ability to set the server path. Get directed to the appropriate module when you log in. * Fixes to allow overriding attribute labels properly * Fix server_path in various places, update to cookies use 'samesite', include boostrap and queryjs files so LUM can run without internet access. * Add support for consuming docker / kubernetes secrets passed as _FILE environment variables (#136) * mod: condense Dockerfile * add: _FILE feature add: list of sensitive env_vars * mod: sorted env_var list * add: complete current env_var list * fix: formatting * mod: revert Dockerfile to prev. version * mod: updated comment to be more descriptive mod: rename variables to be more descriptive * rem: list of env_var; no longer needed. mod: env_file_replace function ^ search for all <env_var>_FILE variables and replace ^ <env_var> if the file exists and is not empty mod: env_file_replace comment Co-authored-by: pyunramura <jeremy.cummings@live.com> * Update the README with information on using _FILE * Change username regex variables * Named server certs, as suggested by @huzvar * Update LDAP filter method as suggested by @xgaia * Feature/http header username (#120) * Implement Remote Headers Auth * Hide Logout on Remote Sessions * Add Explanation for REMOTRE_HTTP_HEADERS_LOGIN settiing Co-authored-by: Damian Galli <damian.galli@galli.site> * Updated Readme, fixed random number generation for ARM systems, fixed JS to generate the username * Fix issues #124 and #126 * Change badges to buttons for list counts * Don't secretly set displayName * Add Group Additional (#113) * Add doku Group additional. * Read Group additional configuration. * New group add Additional objectclasses * Allow for attributes that take multiple values. * Updated README * Formatting fixes, fix parsing params from account requests, initial code for the simple interface flag. * Add attribute fields for groups and allow user-defined attributes to be displayed. Move alert banner JS to a function. * Update entries with any missing additional objectclasses when updating entries. Update README to describe changes. Initial work to allow file uploads for attributes. * Functionality to upload binary files and display them in the form it's a JPEG. Added a new page to download existing binary content. * Bugfixes for compatibility with older osixia/openldap versions. Change SIMPLE_INTERFACE to SHOW_POSIX_ATTRIBUTES. * Update version number in README. Co-authored-by: Monsieur X <xgaia@gmx.com> Co-authored-by: pyunramura <35285259+pyunramura@users.noreply.github.com> Co-authored-by: pyunramura <jeremy.cummings@live.com> Co-authored-by: Damian Galli <da.ga@live.de> Co-authored-by: Damian Galli <damian.galli@galli.site> Co-authored-by: huzvar <89766648+huzvar@users.noreply.github.com> 2022-04-12 15:43:21 +01:00			`<div class="col-sm-6 col-sm-offset-3">`
Initial functioning version, pre-docker. 2018-06-01 17:10:45 +01:00
Next release (#107) * Custom email body (#51) * get email body from ENV * read subject from env * html mail * replace special string with username and password * missing ; * more str_replace * utf8 in mail * typo * docs * fix var * count accounts * fix print * Add the ability to set the server path. Get directed to the appropriate module when you log in. * Fixes to allow overriding attribute labels properly * Fix server_path in various places, update to cookies use 'samesite', include boostrap and queryjs files so LUM can run without internet access. Co-authored-by: Monsieur X <xgaia@gmx.com> 2021-07-22 09:12:55 +01:00			`<div class="panel panel-default">`
			`<div class="panel-heading text-center">Change your password</div>`
Fix style description change password. (#114) 2021-10-05 16:11:26 +02:00
			`<ul class="list-group">`
			`<li class="list-group-item">Use this form to change your <?php print $ORGANISATION_NAME; ?> password. When you start typing your new password the gauge at the bottom will show its security strength.`
			`Enter your password again in the <b>confirm</b> field. If the passwords don't match then both fields will be bordered with red.</li>`
			`</ul>`

Initial functioning version, pre-docker. 2018-06-01 17:10:45 +01:00			`<div class="panel-body text-center">`

			`<form class="form-horizontal" action='' method='post'>`

			`<input type='hidden' id="change_password" name="change_password">`
			`<input type='hidden' id="pass_score" value="0" name="pass_score">`

			`<div class="form-group" id="password_div">`
			`<label for="password" class="col-sm-4 control-label">Password</label>`
			`<div class="col-sm-6">`
			`<input type="password" class="form-control" id="password" name="password">`
			`</div>`
			`</div>`

			`<script>`
			`function check_passwords_match() {`

			`if (document.getElementById('password').value != document.getElementById('confirm').value ) {`
			`document.getElementById('password_div').classList.add("has-error");`
			`document.getElementById('confirm_div').classList.add("has-error");`
			`}`
			`else {`
			`document.getElementById('password_div').classList.remove("has-error");`
			`document.getElementById('confirm_div').classList.remove("has-error");`
			`}`
			`}`
			`</script>`

			`<div class="form-group" id="confirm_div">`
			`<label for="password" class="col-sm-4 control-label">Confirm</label>`
			`<div class="col-sm-6">`
			`<input type="password" class="form-control" id="confirm" name="password_match" onkeyup="check_passwords_match()">`
			`</div>`
			`</div>`

			`<div class="form-group">`
			`<button type="submit" class="btn btn-default">Change password</button>`
			`</div>`

			`</form>`

			`<div class="progress">`
			`<div id="StrengthProgressBar" class="progress progress-bar"></div>`
			`</div>`

			`</div>`
			`</div>`

			`</div>`
			`</div>`
			`<?php`

			`render_footer();`

			`?>`