gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-05-10 05:26:06 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

- calculate password strength

Browse Source 
- take into account new settings for disabling a user
This commit is contained in:
steinm 2012-08-28 06:27:22 +00:00
parent d2692de44a
commit 134b9becb5
1 changed files with 189 additions and 162 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

351
op/op.UsrMgr.php
View File

@ -1,73 +1,78 @@
<?php <?php
// MyDMS. Document Management System // MyDMS. Document Management System
// Copyright (C) 2002-2005 Markus Westphal // Copyright (C) 2002-2005 Markus Westphal
// Copyright (C) 2006-2008 Malcolm Cowe // Copyright (C) 2006-2008 Malcolm Cowe
// Copyright (C) 2010 Matteo Lucarelli // Copyright (C) 2010 Matteo Lucarelli
// // Copyright (C) 2010-2012 Uwe Steinmann
// This program is free software; you can redistribute it and/or modify //
// it under the terms of the GNU General Public License as published by // This program is free software; you can redistribute it and/or modify
// the Free Software Foundation; either version 2 of the License, or // it under the terms of the GNU General Public License as published by
// (at your option) any later version. // the Free Software Foundation; either version 2 of the License, or
// // (at your option) any later version.
// This program is distributed in the hope that it will be useful, //
// but WITHOUT ANY WARRANTY; without even the implied warranty of // This program is distributed in the hope that it will be useful,
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // but WITHOUT ANY WARRANTY; without even the implied warranty of
// GNU General Public License for more details. // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// // GNU General Public License for more details.
// You should have received a copy of the GNU General Public License //
// along with this program; if not, write to the Free Software // You should have received a copy of the GNU General Public License
// Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. // along with this program; if not, write to the Free Software
// Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
include("../inc/inc.Settings.php");
include("../inc/inc.LogInit.php");
include("../inc/inc.Utils.php");
include("../inc/inc.DBInit.php");
include("../inc/inc.Language.php");
include("../inc/inc.ClassUI.php");
include("../inc/inc.Authentication.php");
if (!$user->isAdmin()) { include("../inc/inc.Settings.php");
UI::exitError(getMLText("admin_tools"),getMLText("access_denied")); include("../inc/inc.LogInit.php");
include("../inc/inc.Utils.php");
include("../inc/inc.DBInit.php");
include("../inc/inc.Language.php");
include("../inc/inc.ClassUI.php");
include("../inc/inc.Authentication.php");
include("../inc/inc.ClassPasswordStrength.php");
if (!$user->isAdmin()) {
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
} }
if (isset($_POST["action"])) $action=$_POST["action"]; if (isset($_POST["action"])) $action=$_POST["action"];
else if (isset($_GET["action"])) $action=$_GET["action"]; else if (isset($_GET["action"])) $action=$_GET["action"];
else $action=NULL; else $action=NULL;
//Neuen Benutzer anlegen -------------------------------------------------------------------------- //Neuen Benutzer anlegen --------------------------------------------------------------------------
if ($action == "adduser") { if ($action == "adduser") {
$login = $_POST["login"]; $login = $_POST["login"];
$name = $_POST["name"]; $pwd = $_POST["pwd"];
$email = $_POST["email"]; $pwdexpiration = $_POST["pwdexpiration"];
$comment = $_POST["comment"]; $name = $_POST["name"];
$role = preg_replace('/[^0-2]+/', '', $_POST["role"]); $email = $_POST["email"];
$isHidden = (isset($_POST["ishidden"]) && $_POST["ishidden"]==1 ? 1 : 0); $comment = $_POST["comment"];
$role = preg_replace('/[^0-2]+/', '', $_POST["role"]);
$isHidden = (isset($_POST["ishidden"]) && $_POST["ishidden"]==1 ? 1 : 0);
$isDisabled = (isset($_POST["isdisabled"]) && $_POST["isdisabled"]==1 ? 1 : 0);
if (is_object($dms->getUserByLogin($login))) { if (is_object($dms->getUserByLogin($login))) {
UI::exitError(getMLText("admin_tools"),getMLText("user_exists")); UI::exitError(getMLText("admin_tools"),getMLText("user_exists"));
} }
$newUser = $dms->addUser($login, md5($_POST["pwd"]), $name, $email, $settings->_language, $settings->_theme, $comment, $role, $isHidden); $newUser = $dms->addUser($login, md5($pwd), $name, $email, $settings->_language, $settings->_theme, $comment, $role, $isHidden, $isDisabled, $pwdexpiration);
if ($newUser) { if ($newUser) {
if (isset($_FILES["userfile"]) && is_uploaded_file($_FILES["userfile"]["tmp_name"]) && $_FILES["userfile"]["size"] > 0 && $_FILES['userfile']['error']==0) if (isset($_FILES["userfile"]) && is_uploaded_file($_FILES["userfile"]["tmp_name"]) && $_FILES["userfile"]["size"] > 0 && $_FILES['userfile']['error']==0)
{ {
$userfiletype = $_FILES["userfile"]["type"]; $userfiletype = $_FILES["userfile"]["type"];
$userfilename = $_FILES["userfile"]["name"]; $userfilename = $_FILES["userfile"]["name"];
$lastDotIndex = strrpos(basename($userfilename), "."); $lastDotIndex = strrpos(basename($userfilename), ".");
$fileType = substr($userfilename, $lastDotIndex); $fileType = substr($userfilename, $lastDotIndex);
if ($fileType != ".jpg" && $filetype != ".jpeg") if ($fileType != ".jpg" && $filetype != ".jpeg")
{ {
UI::exitError(getMLText("admin_tools"),getMLText("only_jpg_user_images")); UI::exitError(getMLText("admin_tools"),getMLText("only_jpg_user_images"));
} }
else else
{ {
resizeImage($_FILES["userfile"]["tmp_name"]); resizeImage($_FILES["userfile"]["tmp_name"]);
$newUser->setImage($_FILES["userfile"]["tmp_name"], $userfiletype); $newUser->setImage($_FILES["userfile"]["tmp_name"], $userfiletype);
} }
} }
} }
else UI::exitError(getMLText("admin_tools"),getMLText("access_denied")); else UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
if (isset($_POST["usrReviewers"])){ if (isset($_POST["usrReviewers"])){
@ -92,95 +97,117 @@ if ($action == "adduser") {
$userid=$newUser->getID(); $userid=$newUser->getID();
add_log_line(".php&action=adduser&login=".$login); add_log_line(".php&action=adduser&login=".$login);
} }
//Benutzer löschen -------------------------------------------------------------------------------- //Benutzer löschen --------------------------------------------------------------------------------
else if ($action == "removeuser") { else if ($action == "removeuser") {
if (isset($_POST["userid"])) { if (isset($_POST["userid"])) {
$userid = $_POST["userid"]; $userid = $_POST["userid"];
} }
else if (isset($_GET["userid"])) { else if (isset($_GET["userid"])) {
$userid = $_GET["userid"]; $userid = $_GET["userid"];
} }
if (!isset($userid) || !is_numeric($userid) || intval($userid)<1) { if (!isset($userid) || !is_numeric($userid) || intval($userid)<1) {
UI::exitError(getMLText("admin_tools"),getMLText("invalid_user_id")); UI::exitError(getMLText("admin_tools"),getMLText("invalid_user_id"));
} }
/* This used to be a check if an admin is deleted. Now it checks if one /* This used to be a check if an admin is deleted. Now it checks if one
* wants to delete herself. * wants to delete herself.
*/ */
if ($userid==$user->getID()) { if ($userid==$user->getID()) {
UI::exitError(getMLText("admin_tools"),getMLText("cannot_delete_yourself")); UI::exitError(getMLText("admin_tools"),getMLText("cannot_delete_yourself"));
} }
$userToRemove = $dms->getUser($userid); $userToRemove = $dms->getUser($userid);
if (!is_object($userToRemove)) { if (!is_object($userToRemove)) {
UI::exitError(getMLText("admin_tools"),getMLText("invalid_user_id")); UI::exitError(getMLText("admin_tools"),getMLText("invalid_user_id"));
} }
$userToAssign = $dms->getUser($_POST["assignTo"]); $userToAssign = $dms->getUser($_POST["assignTo"]);
if (!$userToRemove->remove($user, $userToAssign)) { if (!$userToRemove->remove($user, $userToAssign)) {
UI::exitError(getMLText("admin_tools"),getMLText("error_occured")); UI::exitError(getMLText("admin_tools"),getMLText("error_occured"));
} }
add_log_line(".php&action=removeuser&userid=".$userid); add_log_line(".php&action=removeuser&userid=".$userid);
$userid=-1; $userid=-1;
} }
//Benutzer bearbeiten -----------------------------------------------------------------------------
else if ($action == "edituser") {
if (!isset($_POST["userid"]) || !is_numeric($_POST["userid"]) || intval($_POST["userid"])<1) { //Benutzer bearbeiten -----------------------------------------------------------------------------
UI::exitError(getMLText("admin_tools"),getMLText("invalid_user_id")); else if ($action == "edituser") {
if (!isset($_POST["userid"]) || !is_numeric($_POST["userid"]) || intval($_POST["userid"])<1) {
UI::exitError(getMLText("admin_tools"),getMLText("invalid_user_id"));
} }
$userid=$_POST["userid"]; $userid=$_POST["userid"];
$editedUser = $dms->getUser($userid); $editedUser = $dms->getUser($userid);
if (!is_object($editedUser)) { if (!is_object($editedUser)) {
UI::exitError(getMLText("admin_tools"),getMLText("invalid_user_id")); UI::exitError(getMLText("admin_tools"),getMLText("invalid_user_id"));
} }
$login = $_POST["login"]; $login = $_POST["login"];
$pwd = $_POST["pwd"]; $pwd = $_POST["pwd"];
$name = $_POST["name"]; $pwdexpiration = $_POST["pwdexpiration"];
$email = $_POST["email"]; $name = $_POST["name"];
$comment = $_POST["comment"]; $email = $_POST["email"];
$role = preg_replace('/[^0-2]+/', '', $_POST["role"]); $comment = $_POST["comment"];
$isHidden = (isset($_POST["ishidden"]) && $_POST["ishidden"]==1 ? 1 : 0); $role = preg_replace('/[^0-2]+/', '', $_POST["role"]);
$isHidden = (isset($_POST["ishidden"]) && $_POST["ishidden"]==1 ? 1 : 0);
if ($editedUser->getLogin() != $login) $isDisabled = (isset($_POST["isdisabled"]) && $_POST["isdisabled"]==1 ? 1 : 0);
$editedUser->setLogin($login);
if (isset($pwd) && ($pwd != "")) if ($editedUser->getLogin() != $login)
$editedUser->setPwd(md5($pwd)); $editedUser->setLogin($login);
if ($editedUser->getFullName() != $name) if (isset($pwd) && ($pwd != "")) {
$editedUser->setFullName($name); if($settings->_passwordStrength) {
if ($editedUser->getEmail() != $email) $ps = new Password_Strength();
$editedUser->setEmail($email); $ps->set_password($_POST["pwd"]);
if ($editedUser->getComment() != $comment) $ps->calculate();
$editedUser->setComment($comment); $score = $ps->get_score();
if ($editedUser->getRole() != $role) if($score > $settings->_passwordStrength) {
$editedUser->setRole($role); $editedUser->setPwd(md5($pwd));
if ($editedUser->isHidden() != $isHidden) $editedUser->setPwdExpiration($pwdexpiration);
$editedUser->setHidden($isHidden); } else {
UI::exitError(getMLText("set_password"),getMLText("password_strength_insuffient"));
if (isset($_FILES['userfile']) && is_uploaded_file($_FILES["userfile"]["tmp_name"]) && $_FILES["userfile"]["size"] > 0 && $_FILES['userfile']['error']==0) }
{ } else {
$userfiletype = $_FILES["userfile"]["type"]; $editedUser->setPwd(md5($pwd));
$userfilename = $_FILES["userfile"]["name"]; $editedUser->setPwdExpiration($pwdexpiration);
$lastDotIndex = strrpos(basename($userfilename), "."); }
$fileType = substr($userfilename, $lastDotIndex); }
if ($fileType != ".jpg" && $filetype != ".jpeg") { if ($editedUser->getFullName() != $name)
UI::exitError(getMLText("admin_tools"),getMLText("only_jpg_user_images")); $editedUser->setFullName($name);
} if ($editedUser->getEmail() != $email)
else { $editedUser->setEmail($email);
resizeImage($_FILES["userfile"]["tmp_name"]); if ($editedUser->getComment() != $comment)
$editedUser->setImage($_FILES["userfile"]["tmp_name"], $userfiletype); $editedUser->setComment($comment);
} if ($editedUser->getRole() != $role)
$editedUser->setRole($role);
if ($editedUser->isHidden() != $isHidden)
$editedUser->setHidden($isHidden);
if ($editedUser->isDisabled() != $isDisabled) {
$editedUser->setDisabled($isDisabled);
if(!$isDisabled)
$editedUser->clearLoginFailures();
}
if (isset($_FILES['userfile']) && is_uploaded_file($_FILES["userfile"]["tmp_name"]) && $_FILES["userfile"]["size"] > 0 && $_FILES['userfile']['error']==0)
{
$userfiletype = $_FILES["userfile"]["type"];
$userfilename = $_FILES["userfile"]["name"];
$lastDotIndex = strrpos(basename($userfilename), ".");
$fileType = substr($userfilename, $lastDotIndex);
if ($fileType != ".jpg" && $filetype != ".jpeg") {
UI::exitError(getMLText("admin_tools"),getMLText("only_jpg_user_images"));
}
else {
resizeImage($_FILES["userfile"]["tmp_name"]);
$editedUser->setImage($_FILES["userfile"]["tmp_name"], $userfiletype);
}
} }
$editedUser->delMandatoryReviewers(); $editedUser->delMandatoryReviewers();
@ -201,35 +228,35 @@ else if ($action == "edituser") {
add_log_line(".php&action=edituser&userid=".$userid); add_log_line(".php&action=edituser&userid=".$userid);
} }
else UI::exitError(getMLText("admin_tools"),getMLText("unknown_command")); else UI::exitError(getMLText("admin_tools"),getMLText("unknown_command"));
function resizeImage($imageFile) { function resizeImage($imageFile) {
// Not perfect. Creates a new image even if the old one is acceptable, // Not perfect. Creates a new image even if the old one is acceptable,
// and the output quality is low. Now uses the function imagecreatetruecolor(), // and the output quality is low. Now uses the function imagecreatetruecolor(),
// though, so at least the pictures are in colour. // though, so at least the pictures are in colour.
// Originalbild einlesen // Originalbild einlesen
$origImg = imagecreatefromjpeg($imageFile); $origImg = imagecreatefromjpeg($imageFile);
$width = imagesx($origImg); $width = imagesx($origImg);
$height = imagesy($origImg); $height = imagesy($origImg);
// Thumbnail im Speicher erzeugen // Thumbnail im Speicher erzeugen
$newHeight = 150; $newHeight = 150;
$newWidth = ($width/$height) * $newHeight; $newWidth = ($width/$height) * $newHeight;
$newImg = imagecreatetruecolor($newWidth, $newHeight); $newImg = imagecreatetruecolor($newWidth, $newHeight);
// Verkleinern // Verkleinern
imagecopyresized($newImg, $origImg, 0, 0, 0, 0, $newWidth, $newHeight, $width, $height); imagecopyresized($newImg, $origImg, 0, 0, 0, 0, $newWidth, $newHeight, $width, $height);
// In File speichern // In File speichern
imagejpeg($newImg, $imageFile); imagejpeg($newImg, $imageFile);
// Aufräumen // Aufräumen
imagedestroy($origImg); imagedestroy($origImg);
imagedestroy($newImg); imagedestroy($newImg);
return true; return true;
} }
header("Location:../out/out.UsrMgr.php?userid=".$userid); header("Location:../out/out.UsrMgr.php?userid=".$userid);
?> ?>