[Ltb-changes] r55 - in self-service-password/trunk: . style

coudot Sun, 14 Feb 2010 08:54:02 -0800

Author: coudot
Date: 2010-02-14 17:53:57 +0100 (Sun, 14 Feb 2010)
New Revision: 55


Added:
   self-service-password/trunk/style/accept.png
   self-service-password/trunk/style/error.png
   self-service-password/trunk/style/exclamation.png
Modified:
   self-service-password/trunk/config.inc.php
   self-service-password/trunk/functions.inc.php
   self-service-password/trunk/index.php
   self-service-password/trunk/lang.inc.php
   self-service-password/trunk/style/styles.css
Log:
#131: local password policy

Modified: self-service-password/trunk/config.inc.php
===================================================================
--- self-service-password/trunk/config.inc.php  2010-02-13 15:56:45 UTC (rev 54)
+++ self-service-password/trunk/config.inc.php  2010-02-14 16:53:57 UTC (rev 55)
@@ -30,15 +30,15 @@
 $ldap_filter = "(&(objectClass=person)(uid={login}))";
 
 # Active Directory mode
-# on: use unicodePwd as password field
-# off: LDAPv3 standard behavior
-$ad_mode = "off";
+# true: use unicodePwd as password field
+# false: LDAPv3 standard behavior
+$ad_mode = false;
 
 # Samba mode
-# on: update sambaNTpassword attribute too
-# off: just update the password
+# true: update sambaNTpassword and sambaPwdLastSet attributes too
+# false: just update the password
 # Warning: this require mhash() to be installed on your system
-$samba_mode = "off";
+$samba_mode = false;
 
 # Hash mechanism for password:
 # SSHA
@@ -47,16 +47,35 @@
 # MD5
 # CRYPT
 # clear (the default)
-# This option is not used with ad_mode = on
+# This option is not used with ad_mode = true
 $hash = "clear";
 
+# Local password policy
+# This is applied before directory password policy
+# Minimal length
+$pwd_min_length = 0;
+# Maximal length
+$pwd_max_length = 0;
+# Minimal lower characters
+$pwd_min_lower = 0;
+# Minimal upper characters
+$pwd_min_upper = 0;
+# Minimal digit characters
+$pwd_min_digit = 0;
+# Show policy constraints message
+$pwd_show_policy = false;
+
 # Who changes the password?
 # user: the user itself
 # manager: the above binddn
 $who_change_password = "user";
 
-# Display
+# Language
 $lang ="en";
+
+# Logo
 $logo = "style/ltb-logo.png";
+
+# Debug mode
 $debug = false;
 ?>

Modified: self-service-password/trunk/functions.inc.php
===================================================================
--- self-service-password/trunk/functions.inc.php       2010-02-13 15:56:45 UTC 
(rev 54)
+++ self-service-password/trunk/functions.inc.php       2010-02-14 16:53:57 UTC 
(rev 55)
@@ -86,7 +86,7 @@
 # Get message criticity
 function get_criticity( $msg ) {
        
-       if ( ereg( 
"nophpldap|nophpmhash|ldaperror|nomatch|badcredentials|passworderror" , $msg ) 
) {
+       if ( ereg( 
"nophpldap|nophpmhash|ldaperror|nomatch|badcredentials|passworderror|tooshort|toobig|minlower|minupper|mindigit"
 , $msg ) ) {
                return "critical";
        }
        

Modified: self-service-password/trunk/index.php
===================================================================
--- self-service-password/trunk/index.php       2010-02-13 15:56:45 UTC (rev 54)
+++ self-service-password/trunk/index.php       2010-02-14 16:53:57 UTC (rev 55)
@@ -42,13 +42,13 @@
 $newpassword = "";
 $oldpassword = "";
 
-if (isset($_POST["confirmpassword"])) { $confirmpassword = 
$_POST["confirmpassword"]; }
+if (isset($_POST["confirmpassword"]) and $_POST["confirmpassword"]) { 
$confirmpassword = $_POST["confirmpassword"]; }
  else { $result = "confirmpasswordrequired"; }
-if (isset($_POST["newpassword"])) { $newpassword = $_POST["newpassword"]; }
+if (isset($_POST["newpassword"]) and $_POST["newpassword"]) { $newpassword = 
$_POST["newpassword"]; }
  else { $result = "newpasswordrequired"; }
-if (isset($_POST["oldpassword"])) { $oldpassword = $_POST["oldpassword"]; }
+if (isset($_POST["oldpassword"]) and $_POST["oldpassword"]) { $oldpassword = 
$_POST["oldpassword"]; }
  else { $result = "oldpasswordrequired"; }
-if (isset($_REQUEST["login"])) { $login = $_REQUEST["login"]; }
+if (isset($_REQUEST["login"]) and $_REQUEST["login"]) { $login = 
$_REQUEST["login"]; }
  else { $result = "loginrequired"; }
 
 # Strip slashes added by PHP
@@ -61,12 +61,42 @@
 if ( $newpassword != $confirmpassword ) { $result="nomatch"; }
 
 # Check PHP-LDAP presence
-if( ! function_exists('ldap_connect') ) { $result="nophpldap"; }
+if ( ! function_exists('ldap_connect') ) { $result="nophpldap"; }
 
-# Check PHP mhash presence if Samba mode on
-if( $samba_mode == "on" and ! function_exists('mhash') ) { 
$result="nophpmhash"; }
+# Check PHP mhash presence if Samba mode active
+if ( $samba_mode and ! function_exists('mhash') ) { $result="nophpmhash"; }
 
 #==============================================================================
+# Check password strenght
+#==============================================================================
+if ( $result === "" ) {
+
+    $length = strlen($newpassword);
+    preg_match_all("/[a-z]/", $newpassword, $lower_res);
+    $lower = count( $lower_res[0] );
+    preg_match_all("/[A-Z]/", $newpassword, $upper_res);
+    $upper = count( $upper_res[0] );
+    preg_match_all("/[0-9]/", $newpassword, $digit_res);
+    $digit = count( $digit_res[0] );
+
+    # Minimal lenght
+    if ( $pwd_min_length and $length < $pwd_min_length ) { $result="tooshort"; 
}
+
+    # Maximal lenght
+    if ( $pwd_max_length and $length > $pwd_max_length ) { $result="toobig"; }
+
+    # Minimal lower chars
+    if ( $pwd_min_lower and $lower < $pwd_min_lower ) { $result="minlower"; }
+
+    # Minimal upper chars
+    if ( $pwd_min_upper and $upper < $pwd_min_upper ) { $result="minupper"; }
+
+    # Minimal digit chars
+    if ( $pwd_min_digit and $digit < $pwd_min_digit ) { $result="mindigit"; }
+
+}
+
+#==============================================================================
 # Change password
 #==============================================================================
 if ( $result === "" ) {
@@ -117,13 +147,13 @@
     } else {
 
     # Set Samba password value
-    if ( $samba_mode == "on" ) {
+    if ( $samba_mode ) {
         $userdata["sambaNTPassword"] = make_md4_password($newpassword);
         $userdata["sambaPwdLastSet"] = time();
     }
 
     # Transform password value
-    if ( $ad_mode == "on" ) {
+    if ( $ad_mode ) {
         $newpassword = "\"" . $newpassword . "\"";
         $len = strlen($newpassword);
         for ($i = 0; $i < $len; $i++){
@@ -155,7 +185,7 @@
     }
 
     # Set password value
-    if ( $ad_mode == "on" ) {
+    if ( $ad_mode ) {
         $userdata["unicodePwd"] = $newpassword;
     } else {
         $userdata["userPassword"] = $newpassword;
@@ -200,6 +230,20 @@
 <img src="<?php echo $logo; ?>" alt="Logo" />
 <h2 class="<?php echo get_criticity($result) ?>"><?php echo 
$messages[$lang][$result]; ?></h2>
 <?php if ( $result !== "passwordchanged" ) { ?>
+<?php
+if ( $pwd_show_policy ) {
+    echo "<div class=\"policy\">\n";
+    echo "<p>".$messages[$lang]["policy"]."</p>\n";
+    echo "<ul>\n";
+    if ( $pwd_min_length ) { echo "<li>".$messages[$lang]["policyminlength"]." 
$pwd_min_length</li>\n"; }
+    if ( $pwd_max_length ) { echo "<li>".$messages[$lang]["policymaxlength"]." 
$pwd_max_length</li>\n"; }
+    if ( $pwd_min_lower  ) { echo "<li>".$messages[$lang]["policyminlower"] ." 
$pwd_min_lower </li>\n"; }
+    if ( $pwd_min_upper  ) { echo "<li>".$messages[$lang]["policyminupper"] ." 
$pwd_min_upper </li>\n"; }
+    if ( $pwd_min_digit  ) { echo "<li>".$messages[$lang]["policymindigit"] ." 
$pwd_min_digit </li>\n"; }
+    echo "</ul>\n";
+    echo "</div>\n";
+}
+?>
 <form action="#" method="post">
     <table>
     <tr><th><?php echo $messages[$lang]["login"]; ?></th>

Modified: self-service-password/trunk/lang.inc.php
===================================================================
--- self-service-password/trunk/lang.inc.php    2010-02-13 15:56:45 UTC (rev 54)
+++ self-service-password/trunk/lang.inc.php    2010-02-14 16:53:57 UTC (rev 55)
@@ -39,6 +39,17 @@
 $messages['en']['newpassword'] = "New password";
 $messages['en']['confirmpassword'] = "Confirm";
 $messages['en']['submit'] = "Send";
+$messages['en']['tooshort'] = "Your password is too short";
+$messages['en']['toobig'] = "Your password is too big";
+$messages['en']['minlower'] = "Your password has not enough lower characters";
+$messages['en']['minupper'] = "Your password has not enough upper characters";
+$messages['en']['mindigit'] = "Your password has not enough digits";
+$messages['en']['policy'] = "Your password should respect the following 
constraints:";
+$messages['en']['policyminlength'] = "Minimal length:";
+$messages['en']['policymaxlength'] = "Maximal length:";
+$messages['en']['policyminlower'] = "Minimal lower characters:";
+$messages['en']['policyminupper'] = "Minimal upper characters:";
+$messages['en']['policymindigit'] = "Minimal digits:";
 
 #==============================================================================
 # French
@@ -60,6 +71,17 @@
 $messages['fr']['newpassword'] = "Nouveau mot de passe";
 $messages['fr']['confirmpassword'] = "Confirmation";
 $messages['fr']['submit'] = "Envoyer";
+$messages['fr']['tooshort'] = "Votre mot de passe est trop court";
+$messages['fr']['toobig'] = "Votre mot de passe est trop long";
+$messages['fr']['minlower'] = "Votre mot de passe n'a pas assez de minuscules";
+$messages['fr']['minupper'] = "Votre mot de passe n'a pas assez de majuscules";
+$messages['fr']['mindigit'] = "Votre mot de passe n'a pas assez de chiffres";
+$messages['fr']['policy'] = "Votre mot de passe doit respecter les contraintes 
suivantes&nbsp;:";
+$messages['fr']['policyminlength'] = "Nombre minimum de caractères&nbsp;:";
+$messages['fr']['policymaxlength'] = "Nombre maximum de caractères&nbsp;:";
+$messages['fr']['policyminlower'] = "Nombre minimum de minuscules&nbsp;:";
+$messages['fr']['policyminupper'] = "Nombre minimum de majuscules&nbsp;:";
+$messages['fr']['policymindigit'] = "Nombre minimum de chiffres&nbsp;:";
 
 #==============================================================================
 # German
@@ -81,4 +103,16 @@
 $messages['de']['newpassword'] = "Neues Passwort";
 $messages['de']['confirmpassword'] = "Bestätigen";
 $messages['de']['submit'] = "Senden";
+$messages['de']['tooshort'] = "Ihr Passwort ist zu kurz";
+$messages['de']['toobig'] = "Ihr Password ist zu lang";
+$messages['de']['minlower'] = "Ihr Passwort hast nicht genug Kleinbuchstaben";
+$messages['de']['minupper'] = "Ihr Passwort hast nicht genug Großbuchstaben";
+$messages['de']['mindigit'] = "Ihr Passwort hast nicht genug Ziffern";
+$messages['de']['policy'] = "Ihr Passwort darf diese Regeln achten:";
+$messages['de']['policyminlength'] = "Minimal Länge:";
+$messages['de']['policymaxlength'] = "Maximal Länge:";
+$messages['de']['policyminlower'] = "Minimal Kleinbuchstaben:";
+$messages['de']['policyminupper'] = "Minimal Großbuchstaben:";
+$messages['de']['policymindigit'] = "Minimal Ziffern:";
+
 ?>

Added: self-service-password/trunk/style/accept.png
===================================================================
(Binary files differ)


Property changes on: self-service-password/trunk/style/accept.png
___________________________________________________________________
Added: svn:mime-type
   + application/octet-stream

Added: self-service-password/trunk/style/error.png
===================================================================
(Binary files differ)


Property changes on: self-service-password/trunk/style/error.png
___________________________________________________________________
Added: svn:mime-type
   + application/octet-stream

Added: self-service-password/trunk/style/exclamation.png
===================================================================
(Binary files differ)


Property changes on: self-service-password/trunk/style/exclamation.png
___________________________________________________________________
Added: svn:mime-type
   + application/octet-stream

Modified: self-service-password/trunk/style/styles.css
===================================================================
--- self-service-password/trunk/style/styles.css        2010-02-13 15:56:45 UTC 
(rev 54)
+++ self-service-password/trunk/style/styles.css        2010-02-14 16:53:57 UTC 
(rev 55)
@@ -20,7 +20,7 @@
 
 body {
 font-family:Arial, Helvetica, Verdana;
-font-size:11pt;
+font-size:12pt;
 color:#000;
 background:#eee;
 margin:0;
@@ -41,11 +41,26 @@
 color:#336699;
 }
 
+/* Rounded corner */
+form, div, h1, h2 {
+-moz-border-radius:10px;
+-webkit-border-radius:10px;
+}
+
+h1 {
+padding:5px;
+margin:10px 20%;
+font-size:20pt;
+background-color:#E6EFC2;
+border:2px solid #C6D880;
+color:#529214;
+}
+
 #content {
 margin:20px 40px;
 padding:10px;
 background:#fff;
-border:1px solid #C6D880;
+border:2px solid #C6D880;
 text-align:center;
 }
 
@@ -56,7 +71,7 @@
 margin:10px 20%;
 text-align:center;
 background-color:#dff4ff;
-border:1px solid #c2e1ef;
+border:2px solid #c2e1ef;
 color:#336699;
 }
 
@@ -85,28 +100,48 @@
 padding-left: 25px;
 }
 
+form input[type=submit] {
+margin-top:20px;
+font-weight:bold;
+font-size:10pt;
+}
+
 /* Message criticity */
 h2 {
 padding:5px;
 margin:10px 20%;
-font-size:12pt;
+font-size:14pt;
 }
 
 h2.ok {
-background-color:#E6EFC2;
-border:1px solid #C6D880;
+background:#e6efc2 url("accept.png") 20px 7px no-repeat;
+border:2px solid #C6D880;
 color:#529214;
 }
 
 h2.warning {
-background-color:#ffe17a;
-border:1px solid #ffca10;
+background:#ffe17a url("error.png") 20px 7px no-repeat;
+border:2px solid #ffca10;
 color:#a03400
 }
 
 h2.critical {
-background:#fbe3e4;
-border:1px solid #fbc2c4;
+background:#fbe3e4 url("exclamation.png") 20px 7px no-repeat;
+border:2px solid #fbc2c4;
 color:#d12f19;
 }
 
+/* Policy */
+div.policy {
+padding:10px;
+margin:10px 20%;
+background-color:#ffe17a;
+border:2px solid #ffca10;
+color:#a03400;
+text-align:left;
+}
+
+div.policy p {
+margin:0;
+font-weight:bold;
+}

_______________________________________________
ltb-changes mailing list
[email protected]
http://lists.ltb-project.org/listinfo/ltb-changes

[Ltb-changes] r55 - in self-service-password/trunk: . style

Reply via email to