changepswd.php 4.07 KB
Newer Older
1 2
<?php
#
3
# Copyright (c) 2000-2018 University of Utah and the Flux Group.
4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35
# 
# {{{EMULAB-LICENSE
# 
# This file is part of the Emulab network testbed software.
# 
# This file is free software: you can redistribute it and/or modify it
# under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at
# your option) any later version.
# 
# This file is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public
# License for more details.
# 
# You should have received a copy of the GNU Affero General Public License
# along with this file.  If not, see <http://www.gnu.org/licenses/>.
# 
# }}}
#
chdir("..");
include("defs.php3");
chdir("apt");
include("quickvm_sup.php");
$page_title = "Change Password";

RedirectSecure();

#
# Verify page arguments.
#
$optargs = OptionalPageArguments("user",      PAGEARG_USER,
36 37
				 "key",       PAGEARG_STRING,
                                 "reset",     PAGEARG_STRING);
38 39 40 41 42 43

#
# We use this page for both resetting a forgotten password, and for
# a logged in user to change their password. We use the "key" argument
# to tell us its a reset.
#
44
if (isset($key) || isset($reset)) {
45 46 47 48
    if (!isset($user)) {
	SPITUSERERROR("Missing user argument");
	return;
    }
49 50 51 52 53 54 55
    if (isset($reset)) {
        if ($reset == "" || !preg_match("/^[\w]+$/", $reset)) {
            SPITUSERERROR("Invalid reset hash in request");
            return;
        }
        # The complete key.
        $key = $reset;
56
    }
57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77
    else {
        # Half the key in the URL.
        $keyB = $key;
        # We also need the other half of the key from the browser.
        $keyA = (isset($_COOKIE[$TBAUTHCOOKIE]) ? $_COOKIE[$TBAUTHCOOKIE] : "");

        # If the browser part is missing, direct user to answer
        if ((isset($keyB) && $keyB != "") && (!isset($keyA) || $keyA == "")) {
            SPITUSERERROR("Oops, not able to proceed!<br>".
                          "Please read this ".
                          "<a href='$WIKIDOCURL/kb69'>Knowledge Base Entry</a>".
                          "to see what the likely cause is.", 1);
            return;
        }
        if (!isset($keyA) || $keyA == "" || !preg_match("/^[\w]+$/", $keyA) ||
            !isset($keyB) || $keyB == "" || !preg_match("/^[\w]+$/", $keyB)) {
            SPITUSERERROR("Invalid keys in request");
            return;
        }
        # The complete key.
        $key = $keyA . $keyB;
78 79 80 81 82 83 84 85 86 87 88 89 90 91 92
    }

    if (!$user->chpasswd_key() || !$user->chpasswd_expires()) {
	SPITUSERERROR("Why are you here?");
	return;
    }
    if ($user->chpasswd_key() != $key) {
	SPITUSERERROR("Invalid key in request.");
	return;
    }
    if (time() > $user->chpasswd_expires()) {
	SPITUSERERROR("Your key has expired. Please request a
               <a href='forgotpswd.php'>new key</a>.");
	return;
    }
93 94
    $needold = 0;
    $key = "'$key'";
95 96 97 98 99
}
else {
    #
    # The user must be logged in.
    #
100 101
    $this_user = CheckLoginOrRedirect(CHECKLOGIN_USERSTATUS|
				      CHECKLOGIN_PSWDEXPIRED);
102 103 104 105 106 107 108 109 110

    # Check for admin setting another users password.
    if (!isset($user)) {
	$user = $this_user;
    }
    elseif (!$this_user->SameUser($user) && !ISADMIN()) {
	SPITUSERERROR("Not enough permission to reset password for user");
	return;
    }
111 112 113 114 115 116
    #
    # admins do not need to provide an old password when changing another
    # user password, but they need it to change their own password.
    #
    $needold = (!ISADMIN() || $this_user->SameUser($user) ? 1 : 0);
    $key = "null";
117
}
118
$uid = $user->uid();
119 120

SPITHEADER(1);
121 122 123 124 125 126 127 128 129 130 131
echo "<script>\n";
echo "window.NEEDOLD = $needold;\n";
echo "window.KEY = $key;\n";
echo "window.USER = '$uid';\n";
echo "</script>\n";
echo "<div id='page-body'></div>\n";
echo "<div id='oops_div'></div>\n";
echo "<div id='waitwait_div'></div>\n";
echo "</script>\n";

REQUIRE_UNDERSCORE();
132
REQUIRE_SUP();
133 134
REQUIRE_APTFORMS();
SPITREQUIRE("js/changepswd.js");
135

136
AddTemplateList(array("changepswd", "oops-modal", "waitwait-modal"));
137 138
SPITFOOTER();
?>