Brian Lycett 57af7c4e9c
Next release (#151)
* Custom email body (#51)

* get email body from ENV

* read subject from env

* html mail

* replace special string with username and password

* missing ;

* more str_replace

* utf8 in mail

* typo

* docs

* fix var

* count accounts

* fix print

* Add the ability to set the server path.  Get directed to the appropriate module when you log in.

* Fixes to allow overriding attribute labels properly

* Fix server_path in various places, update to cookies use 'samesite', include boostrap and queryjs files so LUM can run without internet access.

* Add support for consuming docker / kubernetes secrets passed as _FILE environment variables (#136)

* mod: condense Dockerfile

* add: _FILE feature
add: list of sensitive env_vars

* mod: sorted env_var list

* add: complete current env_var list

* fix: formatting

* mod: revert Dockerfile to prev. version

* mod: updated comment to be more descriptive
mod: rename variables to be more descriptive

* rem: list of env_var; no longer needed.
mod: env_file_replace function
^ search for all <env_var>_FILE variables and replace
^ <env_var> if the file exists and is not empty
mod: env_file_replace comment

Co-authored-by: pyunramura <jeremy.cummings@live.com>

* Update the README with information on using _FILE

* Change username regex variables

* Named server certs, as suggested by @huzvar

* Update LDAP filter method as suggested by @xgaia

* Feature/http header username (#120)

* Implement Remote Headers Auth

* Hide Logout on Remote Sessions

* Add Explanation for REMOTRE_HTTP_HEADERS_LOGIN settiing

Co-authored-by: Damian Galli <damian.galli@galli.site>

* Updated Readme, fixed random number generation for ARM systems, fixed JS to generate the username

* Fix issues #124 and #126

* Change badges to buttons for list counts

* Don't secretly set displayName

* Add Group Additional (#113)

* Add doku Group additional.

* Read Group additional configuration.

* New group add Additional objectclasses

* Allow for attributes that take multiple values.

* Updated README

* Formatting fixes, fix parsing params from account requests, initial code for the simple interface flag.

* Add attribute fields for groups and allow user-defined attributes to be displayed.  Move alert banner JS to a function.

* Update entries with any missing additional objectclasses when updating entries.  Update README to describe changes. Initial work to allow file uploads for attributes.

* Functionality to upload binary files and display them in the form it's a JPEG.  Added a new page to download existing binary content.

* Bugfixes for compatibility with older osixia/openldap versions.  Change SIMPLE_INTERFACE to SHOW_POSIX_ATTRIBUTES.

* Update version number in README.

Co-authored-by: Monsieur X <xgaia@gmx.com>
Co-authored-by: pyunramura <35285259+pyunramura@users.noreply.github.com>
Co-authored-by: pyunramura <jeremy.cummings@live.com>
Co-authored-by: Damian Galli <da.ga@live.de>
Co-authored-by: Damian Galli <damian.galli@galli.site>
Co-authored-by: huzvar <89766648+huzvar@users.noreply.github.com>
2022-04-12 15:43:21 +01:00

134 lines
4.1 KiB
PHP

<?php
set_include_path( ".:" . __DIR__ . "/../includes/");
include_once "web_functions.inc.php";
include_once "ldap_functions.inc.php";
set_page_access("user");
if (isset($_POST['change_password'])) {
if (!$_POST['password']) { $not_strong_enough = 1; }
if ((!is_numeric($_POST['pass_score']) or $_POST['pass_score'] < 3) and $ACCEPT_WEAK_PASSWORDS != TRUE) { $not_strong_enough = 1; }
if (preg_match("/\"|'/",$_POST['password'])) { $invalid_chars = 1; }
if ($_POST['password'] != $_POST['password_match']) { $mismatched = 1; }
if (!isset($mismatched) and !isset($not_strong_enough) and !isset($invalid_chars) ) {
$ldap_connection = open_ldap_connection();
ldap_change_password($ldap_connection,$USER_ID,$_POST['password']) or die("change_ldap_password() failed.");
render_header("$ORGANISATION_NAME account manager - password changed");
?>
<div class="container">
<div class="col-sm-6 col-sm-offset-3">
<div class="panel panel-success">
<div class="panel-heading">Success</div>
<div class="panel-body">
Your password has been updated.
</div>
</div>
</div>
</div>
<?php
render_footer();
exit(0);
}
}
render_header("Change your $ORGANISATION_NAME password");
if (isset($not_strong_enough)) { ?>
<div class="alert alert-warning">
<p class="text-center">The password wasn't strong enough.</p>
</div>
<?php }
if (isset($invalid_chars)) { ?>
<div class="alert alert-warning">
<p class="text-center">The password contained invalid characters.</p>
</div>
<?php }
if (isset($mismatched)) { ?>
<div class="alert alert-warning">
<p class="text-center">The passwords didn't match.</p>
</div>
<?php }
?>
<script src="<?php print $SERVER_PATH; ?>js/zxcvbn.min.js"></script>
<script type="text/javascript" src="<?php print $SERVER_PATH; ?>js/zxcvbn-bootstrap-strength-meter.js"></script>
<script type="text/javascript">$(document).ready(function(){ $("#StrengthProgressBar").zxcvbnProgressBar({ passwordInput: "#password" });});</script>
<div class="container">
<div class="col-sm-6 col-sm-offset-3">
<div class="panel panel-default">
<div class="panel-heading text-center">Change your password</div>
<ul class="list-group">
<li class="list-group-item">Use this form to change your <?php print $ORGANISATION_NAME; ?> password. When you start typing your new password the gauge at the bottom will show its security strength.
Enter your password again in the <b>confirm</b> field. If the passwords don't match then both fields will be bordered with red.</li>
</ul>
<div class="panel-body text-center">
<form class="form-horizontal" action='' method='post'>
<input type='hidden' id="change_password" name="change_password">
<input type='hidden' id="pass_score" value="0" name="pass_score">
<div class="form-group" id="password_div">
<label for="password" class="col-sm-4 control-label">Password</label>
<div class="col-sm-6">
<input type="password" class="form-control" id="password" name="password">
</div>
</div>
<script>
function check_passwords_match() {
if (document.getElementById('password').value != document.getElementById('confirm').value ) {
document.getElementById('password_div').classList.add("has-error");
document.getElementById('confirm_div').classList.add("has-error");
}
else {
document.getElementById('password_div').classList.remove("has-error");
document.getElementById('confirm_div').classList.remove("has-error");
}
}
</script>
<div class="form-group" id="confirm_div">
<label for="password" class="col-sm-4 control-label">Confirm</label>
<div class="col-sm-6">
<input type="password" class="form-control" id="confirm" name="password_match" onkeyup="check_passwords_match()">
</div>
</div>
<div class="form-group">
<button type="submit" class="btn btn-default">Change password</button>
</div>
</form>
<div class="progress">
<div id="StrengthProgressBar" class="progress progress-bar"></div>
</div>
</div>
</div>
</div>
</div>
<?php
render_footer();
?>