openrat-cms

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs

commit d9abea41e943f8db1b580dec8e9efba805a3aab1
parent d88670c664a4441f2d000df5b4048c1175d23ce2
Author: dankert <devnull@localhost>
Date:   Sat, 20 Jan 2007 16:22:28 +0100

Reagieren auf Kennwort-Ablauf.

Diffstat:
actionClasses/IndexAction.class.php | 182+++++++++++++++++++++++++++++++++++--------------------------------------------
actionClasses/IndexAction.ini.php | 4++--
2 files changed, 83 insertions(+), 103 deletions(-)

diff --git a/actionClasses/IndexAction.class.php b/actionClasses/IndexAction.class.php @@ -3,12 +3,11 @@ // $Id$ // --------------------------------------------------------------------------- // OpenRat Content Management System -// Copyright (C) 2002 Jan Dankert, jandankert@jandankert.de +// Copyright (C) 2002-2007 Jan Dankert, jandankert@jandankert.de // // This program is free software; you can redistribute it and/or // modify it under the terms of the GNU General Public License -// as published by the Free Software Foundation; either version 2 -// of the License, or (at your option) any later version. +// as published by the Free Software Foundation; version 2. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of @@ -19,80 +18,6 @@ // along with this program; if not, write to the Free Software // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. // --------------------------------------------------------------------------- -// $Log$ -// Revision 1.24 2006-11-16 19:56:52 dankert -// Methoden f?r Registrierung und Kennwortzusendung -// -// Revision 1.23 2006/08/04 19:05:55 dankert -// Aktivieren von Registrierung und Kennwort-vergessen -// -// Revision 1.22 2006/01/23 23:10:16 dankert -// Steuerung der Aktionsklassen ?ber .ini-Dateien -// -// Revision 1.21 2005/04/16 21:35:23 dankert -// Uebergabe von Loginfehlern als normale Hinweismeldung -// -// Revision 1.20 2005/03/13 16:39:00 dankert -// Neue Methoden, um Baum ein- und auszublenden -// -// Revision 1.19 2005/02/17 19:21:00 dankert -// Titelanzeige geaendert -// -// Revision 1.18 2005/01/27 00:03:57 dankert -// Variable "nopublish" an das Template liefern -// -// Revision 1.17 2005/01/23 11:13:54 dankert -// Schalter "nologin" beruecksichtigen -// -// Revision 1.16 2005/01/14 21:41:23 dankert -// Aufruf von lastModified() fuer Conditional-GET -// -// Revision 1.15 2005/01/04 21:42:09 dankert -// Uebertragen von MOTD -// -// Revision 1.14 2004/12/29 20:19:55 dankert -// Korrektur -// -// Revision 1.13 2004/12/28 22:58:39 dankert -// Fuellen Variablen logo* fuer Loginmaske -// -// Revision 1.12 2004/12/26 20:20:17 dankert -// Bei Logout entfernen aller Session-Variablen -// -// Revision 1.11 2004/12/26 18:49:58 dankert -// Projektname im Seiten-Titel -// -// Revision 1.10 2004/12/25 22:11:20 dankert -// Logo-Bild ueber Parameter -// -// Revision 1.9 2004/12/19 21:57:02 dankert -// Korrektur bei direktem Objektaufruf in object() -// -// Revision 1.8 2004/12/19 14:54:31 dankert -// language() und model() korrigiert -// -// Revision 1.7 2004/12/18 00:16:26 dankert -// language_read() entfernt -// -// Revision 1.6 2004/12/15 23:23:27 dankert -// div. neue Methoden -// -// Revision 1.5 2004/11/28 18:26:15 dankert -// Anpassen an neue Sprachdatei-Konventionen -// -// Revision 1.4 2004/11/15 21:34:05 dankert -// Korrektur fuer Administrationsmodus -// -// Revision 1.3 2004/11/10 22:36:45 dankert -// Laden von Projektklassen und Lesen/Schreiben von/nach Session -// -// Revision 1.2 2004/05/02 14:49:37 dankert -// Einf?gen package-name (@package) -// -// Revision 1.1 2004/04/24 15:14:52 dankert -// Initiale Version -// -// --------------------------------------------------------------------------- define('PROJECTID_ADMIN',-1); @@ -106,6 +31,8 @@ define('PROJECTID_ADMIN',-1); class IndexAction extends Action { + var $mustChangePassword = false; + function setDb( $dbid ) { global $conf; @@ -144,7 +71,7 @@ class IndexAction extends Action - function checkLogin( $name,$pw ) + function checkLogin( $name,$pw,$pw1,$pw2 ) { Logger::debug( "login user $name" ); @@ -163,6 +90,24 @@ class IndexAction extends Action $ok = $user->checkPassword( $pw ); + $this->mustChangePassword = $user->mustChangePassword; + + if ( $this->mustChangePassword ) + { + // Der Benutzer hat zwar ein richtiges Kennwort eingegeben, aber dieses ist abgelaufen. + // Wir versuchen hier, das neue zu setzen (sofern eingegeben). + if ( $pw1 == $pw2 && strlen($pw2) >= $conf['security']['password']['min_length'] ) + { + // Kennwörter identisch und lang genug. + $user->setPassword( $pw1,true ); + + // Das neue Kennwort ist gesetzt, die Anmeldung ist also doch noch gelungen. + $ok = true; + $this->mustChangePassword = false; + $user->mustChangePassword = false; + } + } + // Falls Login erfolgreich if ( $ok ) { @@ -213,12 +158,12 @@ class IndexAction extends Action else $this->setTemplateVar('actdbid',$conf['database']['default']); - $this->setTemplateVar('logo' ,$conf['login' ]['logo' ] ); - $this->setTemplateVar('logo_url' ,$conf['login' ]['logo_url'] ); - $this->setTemplateVar('motd' ,$conf['login' ]['motd' ] ); - $this->setTemplateVar('readonly' ,$conf['security']['readonly'] ); - $this->setTemplateVar('nologin' ,$conf['login' ]['nologin' ] ); - $this->setTemplateVar('nopublish' ,$conf['security']['nopublish']); +// $this->setTemplateVar('logo' ,$conf['login' ]['logo' ] ); +// $this->setTemplateVar('logo_url' ,$conf['login' ]['logo_url'] ); +// $this->setTemplateVar('motd' ,$conf['login' ]['motd' ] ); +// $this->setTemplateVar('readonly' ,$conf['security']['readonly'] ); +// $this->setTemplateVar('nologin' ,$conf['login' ]['nologin' ] ); +// $this->setTemplateVar('nopublish' ,$conf['security']['nopublish']); $this->setTemplateVar('register' ,$conf['login' ]['register' ]); $this->setTemplateVar('send_password',$conf['login' ]['send_password']); $this->setTemplateVar('loginmessage',$this->getSessionVar('loginmessage')); @@ -275,29 +220,47 @@ class IndexAction extends Action $loginName = $this->getRequestVar('login_name' ); $loginPassword = $this->getRequestVar('login_password'); - + $newPassword1 = $this->getRequestVar('password1'); + $newPassword2 = $this->getRequestVar('password2'); + // Ermitteln, ob der Baum angezeigt werden soll // Ist die Breite zu klein, dann wird der Baum nicht angezeigt Session::set('showtree',intval($this->getRequestVar('screenwidth')) > $conf['interface']['min_width'] ); $loginOk = $this->checkLogin( $loginName, - $loginPassword ); + $loginPassword, + $newPassword1, + $newPassword2 ); if ( !$loginOk ) - $this->addNotice('user',$loginName,'LOGIN_FAILED','error',array('name'=>$this->getRequestVar('login_name')) ); + { + sleep(3); + + if ( $this->mustChangePassword ) + // Anmeldung gescheitert, Benutzer muss Kennwort ändern. + $this->addNotice('user',$loginName,'LOGIN_FAILED_MUSTCHANGEPASSWORD','error' ); + else + // Anmeldung gescheitert. + $this->addNotice('user',$loginName,'LOGIN_FAILED','error',array('name'=>$this->getRequestVar('login_name')) ); + + $this->callSubAction('showlogin'); + } } - // Benutzer meldet sich ab + /** + * Benutzer meldet sich ab. + */ function logout() { -// Session::setUser(''); - // Aus Sicherheitsgruenden die komplette Session deaktvieren session_unset(); } + /** + * Auswählen der Administration. + */ function administration() { if ( !$this->userIsAdmin() ) @@ -587,9 +550,9 @@ class IndexAction extends Action $registerCode = rand(); Session::set('registerCode',$registerCode ); - Session::set('registerMail',$this->getRequestVar('register_mail') ); + Session::set('registerMail',$this->getRequestVar('mail') ); - $mail = new Mail($this->getRequestVar('register_mail'), + $mail = new Mail($this->getRequestVar('mail'), 'register_commit_code','register_commit_code'); $mail->setVar('code',$registerCode); $mail->send(); @@ -621,20 +584,20 @@ class IndexAction extends Action $this->checkForDb(); $origRegisterCode = Session::get('registerCode'); - $inputRegisterCode = $this->getRequestVar('register_code'); + $inputRegisterCode = $this->getRequestVar('code'); if ( $origRegisterCode == $inputRegisterCode ) { // Bestätigungscode stimmt überein. // Neuen Benutzer anlegen. $newUser = new User(); - $newUser->name = $this->getRequestVar('register_name'); + $newUser->name = $this->getRequestVar('username'); $newUser->add(); $newUser->mail = Session::get('registerMail'); $newUser->save(); - $newUser->setPassword( $this->getRequestVar('register_password'),false ); + $newUser->setPassword( $this->getRequestVar('password'),true ); $this->addNotice('user',$newUser->name,'user_added','ok'); } @@ -674,12 +637,14 @@ class IndexAction extends Action } + /* function changepassword() { } + */ - + /* function setnewpassword() { $oldPw = $this->getRequestVar('password_old' ); @@ -713,22 +678,26 @@ class IndexAction extends Action $this->addNotice('user',$user->name,'passwords_not_match','error'); } } + */ - + /** + * Einen Kennwort-Anforderungscode an den Benutzer senden. + */ function passwordcode() { $this->checkForDb(); - $user = User::loadWithName( $this->getRequestVar("password_name") ); - - if ( $user->userid != 0 ) + $user = User::loadWithName( $this->getRequestVar("username") ); + // Html::debug($user); + if ( $user->userid > 0 ) { srand ((double)microtime()*1000003); $code = rand(); $this->setSessionVar("password_commit_code",$code); $eMail = new Mail( $user->mail,'password_commit_code','password_commit_code' ); + $eMail->setVar('name',$user->getName()); $eMail->setVar('code',$code); $eMail->send(); @@ -736,12 +705,22 @@ class IndexAction extends Action } else { - $this->addNotice('','user','username_not_found'); + //$this->addNotice('','user','username_not_found'); + // Trotzdem vortäuschen, eine E-Mail zu senden, damit die Gültigkeit + // eines Benutzernamens nicht von außen geprüft werden kann. + // + $this->addNotice('','user','mail_sent'); + sleep(5); } $this->setSessionVar("password_commit_name",$user->name); } + + + /** + * Neues Kennwort erzeugen und dem Benutzer zusenden. + */ function passwordcommit() { $ok = $this->getSessionVar("password_commit_code") == $this->getRequestVar("code"); @@ -756,6 +735,7 @@ class IndexAction extends Action { $eMail = new Mail( $user->mail,'password_new','password_new' ); $eMail->setVar('password',$newPw); + $eMail->setVar('name',$user->getName()); $eMail->send(); $user->setPassword( $newPw, false ); diff --git a/actionClasses/IndexAction.ini.php b/actionClasses/IndexAction.ini.php @@ -59,4 +59,4 @@ goto=projectmenu [menu] login=showlogin,register,password -menu=projectmenu,administration,changepassword,logout- \ No newline at end of file +menu=projectmenu,administration,logout+ \ No newline at end of file