diff options
Diffstat (limited to 'src/usr/local/www/system_usermanager_passwordmg.php')
-rw-r--r-- | src/usr/local/www/system_usermanager_passwordmg.php | 155 |
1 files changed, 155 insertions, 0 deletions
diff --git a/src/usr/local/www/system_usermanager_passwordmg.php b/src/usr/local/www/system_usermanager_passwordmg.php new file mode 100644 index 0000000..6d785ee --- /dev/null +++ b/src/usr/local/www/system_usermanager_passwordmg.php @@ -0,0 +1,155 @@ +<?php +/* $Id$ */ +/* + Copyright (C) 2013-2015 Electric Sheep Fencing, LP + Copyright (C) 2011 Ermal Luçi + system_usermanager_passwordmg.php + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* + pfSense_BUILDER_BINARIES: + pfSense_MODULE: auth +*/ + +##|+PRIV +##|*IDENT=page-system-usermanager-passwordmg +##|*NAME=System: User Password Manager page +##|*DESCR=Allow access to the 'System: User Password Manager' page. +##|*MATCH=system_usermanager_passwordmg.php* +##|-PRIV + +require_once("auth.inc"); +require_once("certs.inc"); +require_once("guiconfig.inc"); + +$pgtitle = array(gettext("System"), gettext("User Password")); + +if (isset($_POST['save'])) { + unset($input_errors); + /* input validation */ + + $reqdfields = explode(" ", "passwordfld1"); + $reqdfieldsn = array(gettext("Password")); + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); + + if ($_POST['passwordfld1'] != $_POST['passwordfld2']) { + $input_errors[] = gettext("The passwords do not match."); + } + + if (!$input_errors) { + if (!session_id()) { + session_start(); + } + // all values are okay --> saving changes + + $userent =& $config['system']['user'][$userindex[$_SESSION['Username']]]; + local_user_set_password($userent, $_POST['passwordfld1']); + local_user_set($userent); + unset($userent); + session_commit(); + + write_config(); + + $savemsg = gettext("Password successfully changed") . "<br />"; + } +} + +if (!session_id()) { + session_start(); +} + +/* determine if user is not local to system */ +$islocal = false; +foreach ($config['system']['user'] as $user) { + if ($user['name'] == $_SESSION['Username']) { + $islocal = true; + } +} + +session_commit(); + +include("head.inc"); + +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="<?= $jsevents["body"]["onload"] ?>"> +<?php +include("fbegin.inc"); + +if ($input_errors) { + print_input_errors($input_errors); +} +if ($savemsg) { + print_info_box($savemsg); +} + +if ($islocal == false) { + echo gettext("Sorry, you cannot change the password for a non-local user."); + include("fend.inc"); + exit; +} + +?> + +<div id="mainarea"> + <div class="tabcont"> + <form action="system_usermanager_passwordmg.php" method="post" name="iform" id="iform"> + <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area"> + <tr> +<?php + if (!session_id()) { + session_start(); + } +?> + <td colspan="2" valign="top" class="listtopic"><?=$_SESSION['Username']?>'s <?=gettext("Password"); ?></td> +<?php session_commit(); ?> + </tr> + <tr> + <td width="22%" valign="top" class="vncell" rowspan="2"><?=gettext("Password"); ?></td> + <td width="78%" class="vtable"> + <input name="passwordfld1" type="password" class="formfld pwd" id="passwordfld1" size="20" /> + </td> + </tr> + <tr> + <td width="78%" class="vtable"> + <input name="passwordfld2" type="password" class="formfld pwd" id="passwordfld2" size="20" /> + <?=gettext("(confirmation)");?> + <br /> + <span class="vexpl"> + <?=gettext("Select a new password");?> + </span> + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> + </td> + </tr> + </table> + </form> + </div> +</div> +<?php include("fend.inc");?> +</body> +</html> |