mirror of
https://git.code.sf.net/p/seeddms/code
synced 2026-02-02 06:31:56 +00:00
check for secure password when adding a new user, secure password check can be turned off for admins
This commit is contained in:
Uwe Steinmann
parent
8f07b8ca50
commit
e033268576
|
|
@ -6,6 +6,8 @@
|
|||
- fix utilities which require translations
|
||||
- fix potential XSS attack when deleting a folder/document
|
||||
- links to operations on folders/documents can be put into a dropdown menu
|
||||
- check for secure password when adding a new user
|
||||
- secure password check can be turned off for admins
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
Changes in version 5.1.44
|
||||
|
|
|
|||
|
|
@ -66,6 +66,8 @@ class Settings { /* {{{ */
|
|||
var $_passwordExpiration = 10;
|
||||
// Number of different passwords before a password can be reused
|
||||
var $_passwordHistory = 10;
|
||||
// Allow to set unsecure passwords by admin
|
||||
var $_allowUnsecurePassword = false;
|
||||
// Number of failed logins before account is disabled
|
||||
var $_loginFailure = 0;
|
||||
// User id that is automatically logged if nobody is logged in
|
||||
|
|
@ -682,6 +684,7 @@ class Settings { /* {{{ */
|
|||
$this->_passwordStrengthAlgorithm = strval($tab["passwordStrengthAlgorithm"]);
|
||||
$this->_passwordExpiration = intval($tab["passwordExpiration"]);
|
||||
$this->_passwordHistory = intval($tab["passwordHistory"]);
|
||||
$this->_allowUnsecurePassword = Settings::boolVal($tab["allowUnsecurePassword"]);
|
||||
$this->_loginFailure = intval($tab["loginFailure"]);
|
||||
$this->_autoLoginUser = intval($tab["autoLoginUser"]);
|
||||
$this->_quota = intval($tab["quota"]);
|
||||
|
|
@ -1084,6 +1087,7 @@ class Settings { /* {{{ */
|
|||
$this->setXMLAttributValue($node, "passwordStrengthAlgorithm", $this->_passwordStrengthAlgorithm);
|
||||
$this->setXMLAttributValue($node, "passwordExpiration", $this->_passwordExpiration);
|
||||
$this->setXMLAttributValue($node, "passwordHistory", $this->_passwordHistory);
|
||||
$this->setXMLAttributValue($node, "allowUnsecurePassword", $this->_allowUnsecurePassword);
|
||||
$this->setXMLAttributValue($node, "loginFailure", $this->_loginFailure);
|
||||
$this->setXMLAttributValue($node, "autoLoginUser", $this->_autoLoginUser);
|
||||
$this->setXMLAttributValue($node, "quota", $this->_quota);
|
||||
|
|
|
|||
|
|
@ -207,6 +207,7 @@ if ($action == "saveSettings")
|
|||
setStrValue("passwordStrengthAlgorithm");
|
||||
setIntValue("passwordExpiration");
|
||||
setIntValue("passwordHistory");
|
||||
setBoolValue("allowUnsecurePassword");
|
||||
setIntValue("loginFailure");
|
||||
setIntValue("autoLoginUser");
|
||||
setIntValue("quota");
|
||||
|
|
|
|||
|
|
@ -75,6 +75,20 @@ if ($action == "adduser") {
|
|||
$homefolder = (isset($_POST["homefolder"]) ? $_POST["homefolder"] : 0);
|
||||
$quota = (isset($_POST["quota"]) ? (int) $_POST["quota"] : 0);
|
||||
|
||||
if (isset($pwd) && ($pwd != "")) {
|
||||
if($settings->_passwordStrength && (!$user->isAdmin() || !$settings->_allowUnsecurePassword)) {
|
||||
$ps = new Password_Strength();
|
||||
$ps->set_password($pwd);
|
||||
if($settings->_passwordStrengthAlgorithm == 'simple')
|
||||
$ps->simple_calculate();
|
||||
else
|
||||
$ps->calculate();
|
||||
$score = $ps->get_score();
|
||||
if($score < $settings->_passwordStrength) {
|
||||
UI::exitError(getMLText("set_password"),getMLText("password_strength_insuffient"));
|
||||
}
|
||||
}
|
||||
}
|
||||
if (is_object($dms->getUserByLogin($login))) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("user_exists"));
|
||||
}
|
||||
|
|
@ -104,7 +118,7 @@ if ($action == "adduser") {
|
|||
}
|
||||
}
|
||||
}
|
||||
else UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
else UI::exitError(getMLText("admin_tools"),getMLText("error_occured"));
|
||||
|
||||
if(isset($_POST["workflows"]) && $_POST["workflows"]) {
|
||||
$workflows = array();
|
||||
|
|
@ -366,7 +380,7 @@ else if ($action == "edituser") {
|
|||
$quota = (isset($_POST["quota"]) ? (int) $_POST["quota"] : 0);
|
||||
|
||||
if (isset($pwd) && ($pwd != "")) {
|
||||
if($settings->_passwordStrength) {
|
||||
if($settings->_passwordStrength && (!$user->isAdmin() || !$settings->_allowUnsecurePassword)) {
|
||||
$ps = new Password_Strength();
|
||||
$ps->set_password($pwd);
|
||||
if($settings->_passwordStrengthAlgorithm == 'simple')
|
||||
|
|
|
|||
|
|
@ -774,6 +774,7 @@ if(($kkk = $this->callHook('getFullSearchEngine')) && is_array($kkk))
|
|||
<?php $this->showConfigOption('settings_passwordStrengthAlgorithm', 'passwordStrengthAlgorithm', array('simple'=>'settings_passwordStrengthAlgorithm_valsimple', 'advanced'=>'settings_passwordStrengthAlgorithm_valadvanced'), false, true); ?>
|
||||
<?php $this->showConfigText('settings_passwordExpiration', 'passwordExpiration'); ?>
|
||||
<?php $this->showConfigText('settings_passwordHistory', 'passwordHistory'); ?>
|
||||
<?php $this->showConfigCheckbox('settings_allowUnsecurePassword', 'allowUnsecurePassword'); ?>
|
||||
<?php $this->showConfigText('settings_loginFailure', 'loginFailure'); ?>
|
||||
<?php $this->showConfigUser('settings_autoLoginUser', 'autoLoginUser', true); ?>
|
||||
<?php $this->showConfigText('settings_quota', 'quota'); ?>
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user