2012-06-22 Vanessa Gil <vanessa.gil@artica.es>

* operation/users/user_edit.php godmode/users/configure_user.php: Apply password policy on users edition. git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@6674 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
2012-06-22 11:11:42 +00:00 · 2012-06-22 11:11:42 +00:00 · 5e4cecdc65
parent 97e7748602
commit 5e4cecdc65
3 changed files with 49 additions and 10 deletions
--- a/pandora_console/ChangeLog
+++ b/pandora_console/ChangeLog
@ -1,3 +1,9 @@
+2012-06-22  Vanessa Gil <vanessa.gil@artica.es>
+
+	* operation/users/user_edit.php
+	  godmode/users/configure_user.php: Apply password policy
+	on users edition.
+
 2012-06-21  Ramon Novoa  <rnovoa@artica.es>

 	* pandoradb_data.sql,
--- a/pandora_console/godmode/users/configure_user.php
+++ b/pandora_console/godmode/users/configure_user.php
@ -231,6 +231,11 @@ if ($update_user) {
 		$password_confirm = (string) get_parameter ('password_confirm', '');
 		if ($password_new != '') {
 			if ($password_confirm == $password_new) {
+				if ((!$values['is_admin'] || $config['enable_pass_policy_admin']) && $config['enable_pass_policy']) {
+					$pass_ok = login_validate_pass($password_new, $id, true);
+					if ($pass_ok != 1) {
+						ui_print_error_message($pass_ok);
+					} else {
 						$res2 = update_user_password ($id, $password_new);
 						if ($res2) {
 							$res3 = save_pass_history($id, $password_new);
@ -239,6 +244,16 @@ if ($update_user) {
 						__('User info successfully updated'),
 						__('Error updating user info (no change?)'));
 					}
+				} else {
+					$res2 = update_user_password ($id, $password_new);
+					if ($res2) {
+						$res3 = save_pass_history($id, $password_new);
+					}
+					ui_print_result_message ($res1 || $res2,
+						__('User info successfully updated'),
+						__('Error updating user info (no change?)'));
+				}
+			}
 			else {
 				ui_print_error_message (__('Passwords does not match'));
 			}
--- a/pandora_console/operation/users/user_edit.php
+++ b/pandora_console/operation/users/user_edit.php
@ -96,6 +96,8 @@ if (isset ($_GET["modified"]) && !$view_mode) {
 	$dashboard = get_parameter('dashboard', '');
 	$visual_console = get_parameter('visual_console', '');
 	
+	$is_admin = db_get_value('is_admin', 'tusuario', 'id_user', $id);
+	
 	$section = io_safe_output($upd_info["section"]);
 	if (($section == 'Event list') || ($section == 'Group view') || ($section == 'Alert detail') || ($section == 'Tactical view') || ($section == 'Default')) {
 		$upd_info["data_section"] = '';
@ -107,10 +109,26 @@ if (isset ($_GET["modified"]) && !$view_mode) {
 	
 	if ( !empty ($password_new)) {
 		if ($config["user_can_update_password"] && $password_confirm == $password_new) {
+			if ((!$is_admin || $config['enable_pass_policy_admin']) && $config['enable_pass_policy']) {
+				$pass_ok = login_validate_pass($password_new, $id, true);
+				if ($pass_ok != 1) {
+					ui_print_error_message($pass_ok);
+				} else {
+					$return = update_user_password ($id, $password_new);
+					if ($return) {
+						$return2 = save_pass_history($id, $password_new);
+					}
+					ui_print_result_message ($return,
+					__('Password successfully updated'),
+					__('Error updating passwords: %s', $config['auth_error']));
+				}
+			} else {
 				$return = update_user_password ($id, $password_new);
 				ui_print_result_message ($return,
 					__('Password successfully updated'),
 					__('Error updating passwords: %s', $config['auth_error']));
+			}
+			
 		} elseif ($password_new !== "NON-INIT") {
 			ui_print_error_message (__('Passwords didn\'t match or other problem encountered while updating passwords'));
 		}