diff --git a/CHANGELOG b/CHANGELOG index 718a85ab6..22b119c2a 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -367,6 +367,10 @@ - fix utilities which require translations - fix potential XSS attack when deleting a folder/document - links to operations on folders/documents can be put into a dropdown menu +- check for secure password when adding a new user +- secure password check can be turned off for admins +- simple password strength algorithmn takes length of password into account, + if length is greater than 8 -------------------------------------------------------------------------------- Changes in version 5.1.44 diff --git a/inc/inc.ClassEmailNotify.php b/inc/inc.ClassEmailNotify.php index fbd9c2ad9..a1181e54d 100644 --- a/inc/inc.ClassEmailNotify.php +++ b/inc/inc.ClassEmailNotify.php @@ -54,6 +54,8 @@ class SeedDMS_EmailNotify extends SeedDMS_Notify { protected $debug; + public $errmsg; + function __construct($dms, $translator, $from_address='', $smtp_server='', $smtp_port='', $smtp_username='', $smtp_password='', $lazy_ssl=true, $force_from=false) { /* {{{ */ $this->_dms = $dms; $this->_translator = $translator; @@ -65,6 +67,7 @@ class SeedDMS_EmailNotify extends SeedDMS_Notify { $this->lazy_ssl = $lazy_ssl; $this->force_from = $force_from; $this->debug = false; + $this->errmsg = ''; } /* }}} */ public function setDebug($debug=true) { /* {{{ */ @@ -250,6 +253,7 @@ class SeedDMS_EmailNotify extends SeedDMS_Notify { } $result = $mail->send($to, $hdrs, $message); if (PEAR::isError($result)) { + $this->errmsg = $result->getMessage(); if($this->debug) echo "\n".$result->getMessage(); return false; diff --git a/inc/inc.ClassPasswordStrength.php b/inc/inc.ClassPasswordStrength.php index ef45d6da8..8e26c41c8 100644 --- a/inc/inc.ClassPasswordStrength.php +++ b/inc/inc.ClassPasswordStrength.php @@ -63,7 +63,7 @@ class Password_Strength { $score += 25; if(preg_match('/[^0-9a-zA-Z]+/', $password)) $score += 25; - if($this->password_length < 8) +// if($this->password_length < 8) $score *= ($this->password_length/8); $this->password_info['total_score'] = $score; diff --git a/inc/inc.ClassSettings.php b/inc/inc.ClassSettings.php index 45262f745..fdcc7fbce 100644 --- a/inc/inc.ClassSettings.php +++ b/inc/inc.ClassSettings.php @@ -68,6 +68,8 @@ class Settings { /* {{{ */ var $_passwordExpiration = 10; // Number of different passwords before a password can be reused var $_passwordHistory = 10; + // Allow to set unsecure passwords by admin + var $_allowUnsecurePassword = false; // Number of failed logins before account is disabled var $_loginFailure = 0; // User id that is automatically logged if nobody is logged in @@ -742,6 +744,7 @@ class Settings { /* {{{ */ $this->_passwordStrengthAlgorithm = strval($tab["passwordStrengthAlgorithm"]); $this->_passwordExpiration = intval($tab["passwordExpiration"]); $this->_passwordHistory = intval($tab["passwordHistory"]); + $this->_allowUnsecurePassword = Settings::boolVal($tab["allowUnsecurePassword"]); $this->_loginFailure = intval($tab["loginFailure"]); $this->_autoLoginUser = intval($tab["autoLoginUser"]); $this->_quota = intval($tab["quota"]); @@ -1166,6 +1169,7 @@ class Settings { /* {{{ */ $this->setXMLAttributValue($node, "passwordStrengthAlgorithm", $this->_passwordStrengthAlgorithm); $this->setXMLAttributValue($node, "passwordExpiration", $this->_passwordExpiration); $this->setXMLAttributValue($node, "passwordHistory", $this->_passwordHistory); + $this->setXMLAttributValue($node, "allowUnsecurePassword", $this->_allowUnsecurePassword); $this->setXMLAttributValue($node, "loginFailure", $this->_loginFailure); $this->setXMLAttributValue($node, "autoLoginUser", $this->_autoLoginUser); $this->setXMLAttributValue($node, "quota", $this->_quota); diff --git a/inc/inc.Extension.php b/inc/inc.Extension.php index dc94f9ee7..a72ff8269 100644 --- a/inc/inc.Extension.php +++ b/inc/inc.Extension.php @@ -28,6 +28,7 @@ class_alias('Seeddms\Seeddms\ExtensionBase', 'SeedDMS_ExtBase'); $extmgr = new ExtensionMgr($settings->_rootDir."/ext", $settings->_cacheDir, $settings->_repositoryUrl, $settings->_proxyUrl, $settings->_proxyUser, $settings->_proxyPassword); foreach($extmgr->getExtensionConfiguration() as $extname=>$extconf) { + /* Check if conf.php already disables the extension */ if($extconf['disable']) { $settings->disableExtension($extname); continue; diff --git a/op/op.Settings.php b/op/op.Settings.php index 3054759e6..a6f513d1d 100644 --- a/op/op.Settings.php +++ b/op/op.Settings.php @@ -213,6 +213,7 @@ if ($action == "saveSettings") setStrValue("passwordStrengthAlgorithm"); setIntValue("passwordExpiration"); setIntValue("passwordHistory"); + setBoolValue("allowUnsecurePassword"); setIntValue("loginFailure"); setIntValue("autoLoginUser"); setIntValue("quota"); diff --git a/op/op.UsrMgr.php b/op/op.UsrMgr.php index c128ed427..94b36eb5a 100644 --- a/op/op.UsrMgr.php +++ b/op/op.UsrMgr.php @@ -75,6 +75,20 @@ if ($action == "adduser") { $homefolder = (isset($_POST["homefolder"]) ? $_POST["homefolder"] : 0); $quota = (isset($_POST["quota"]) ? (int) $_POST["quota"] : 0); + if (isset($pwd) && ($pwd != "")) { + if($settings->_passwordStrength && (!$user->isAdmin() || !$settings->_allowUnsecurePassword)) { + $ps = new Password_Strength(); + $ps->set_password($pwd); + if($settings->_passwordStrengthAlgorithm == 'simple') + $ps->simple_calculate(); + else + $ps->calculate(); + $score = $ps->get_score(); + if($score < $settings->_passwordStrength) { + UI::exitError(getMLText("set_password"),getMLText("password_strength_insuffient")); + } + } + } if (is_object($dms->getUserByLogin($login))) { UI::exitError(getMLText("admin_tools"),getMLText("user_exists")); } @@ -112,7 +126,7 @@ if ($action == "adduser") { } } } - else UI::exitError(getMLText("admin_tools"),getMLText("access_denied")); + else UI::exitError(getMLText("admin_tools"),getMLText("error_occured")); if(isset($_POST["workflows"]) && $_POST["workflows"]) { $workflows = array(); @@ -378,7 +392,7 @@ else if ($action == "edituser") { $quota = (isset($_POST["quota"]) ? (int) $_POST["quota"] : 0); if (isset($pwd) && ($pwd != "")) { - if($settings->_passwordStrength) { + if($settings->_passwordStrength && (!$user->isAdmin() || !$settings->_allowUnsecurePassword)) { $ps = new Password_Strength(); $ps->set_password($pwd); if($settings->_passwordStrengthAlgorithm == 'simple') diff --git a/views/bootstrap/class.Settings.php b/views/bootstrap/class.Settings.php index 110676797..9cacd0f57 100644 --- a/views/bootstrap/class.Settings.php +++ b/views/bootstrap/class.Settings.php @@ -782,6 +782,7 @@ if(($kkk = $this->callHook('getFullSearchEngine')) && is_array($kkk)) showConfigOption('settings_passwordStrengthAlgorithm', 'passwordStrengthAlgorithm', array('simple'=>'settings_passwordStrengthAlgorithm_valsimple', 'advanced'=>'settings_passwordStrengthAlgorithm_valadvanced'), false, true); ?> showConfigText('settings_passwordExpiration', 'passwordExpiration'); ?> showConfigText('settings_passwordHistory', 'passwordHistory'); ?> +showConfigCheckbox('settings_allowUnsecurePassword', 'allowUnsecurePassword'); ?> showConfigText('settings_loginFailure', 'loginFailure'); ?> showConfigUser('settings_autoLoginUser', 'autoLoginUser', true); ?> showConfigText('settings_quota', 'quota'); ?>