diff --git a/pandora_console/godmode/users/configure_user.php b/pandora_console/godmode/users/configure_user.php
index f9618b64a1..4e6f13485a 100644
--- a/pandora_console/godmode/users/configure_user.php
+++ b/pandora_console/godmode/users/configure_user.php
@@ -558,15 +558,51 @@ if ($update_user) {
if ($config['user_can_update_password']) {
$password_new = (string) get_parameter('password_new', '');
$password_confirm = (string) get_parameter('password_confirm', '');
+ $own_password_confirm = (string) get_parameter('own_password_confirm', '');
+
if ($password_new != '') {
+ $correct_password = false;
+
+ $user_credentials_check = process_user_login($config['id_user'], $own_password_confirm, true);
+
+ if ($user_credentials_check !== false) {
+ $correct_password = true;
+ }
+
if ($password_confirm == $password_new) {
- if ((!is_user_admin($config['id_user']) || $config['enable_pass_policy_admin']) && $config['enable_pass_policy']) {
- $pass_ok = login_validate_pass($password_new, $id, true);
- if ($pass_ok != 1) {
- ui_print_error_message($pass_ok);
+ if ($correct_password === true || is_user_admin($config['id_user'])) {
+ if ((!is_user_admin($config['id_user']) || $config['enable_pass_policy_admin']) && $config['enable_pass_policy']) {
+ $pass_ok = login_validate_pass($password_new, $id, true);
+ if ($pass_ok != 1) {
+ ui_print_error_message($pass_ok);
+ } else {
+ $res2 = update_user_password($id, $password_new);
+ if ($res2) {
+ db_process_sql_insert(
+ 'tsesion',
+ [
+ 'id_sesion' => '',
+ 'id_usuario' => $id,
+ 'ip_origen' => $_SERVER['REMOTE_ADDR'],
+ 'accion' => 'Password change',
+ 'descripcion' => 'Access password updated',
+ 'fecha' => date('Y-m-d H:i:s'),
+ 'utimestamp' => time(),
+ ]
+ );
+ $res3 = save_pass_history($id, $password_new);
+ }
+
+ ui_print_result_message(
+ $res1 || $res2,
+ __('User info successfully updated'),
+ __('Error updating user info (no change?)')
+ );
+ }
} else {
$res2 = update_user_password($id, $password_new);
if ($res2) {
+ $res3 = save_pass_history($id, $password_new);
db_process_sql_insert(
'tsesion',
[
@@ -579,7 +615,6 @@ if ($update_user) {
'utimestamp' => time(),
]
);
- $res3 = save_pass_history($id, $password_new);
}
ui_print_result_message(
@@ -589,28 +624,11 @@ if ($update_user) {
);
}
} else {
- $res2 = update_user_password($id, $password_new);
- if ($res2) {
- $res3 = save_pass_history($id, $password_new);
- db_process_sql_insert(
- 'tsesion',
- [
- 'id_sesion' => '',
- 'id_usuario' => $id,
- 'ip_origen' => $_SERVER['REMOTE_ADDR'],
- 'accion' => 'Password change',
- 'descripcion' => 'Access password updated',
- 'fecha' => date('Y-m-d H:i:s'),
- 'utimestamp' => time(),
- ]
- );
+ if ($own_password_confirm === '') {
+ ui_print_error_message(__('Password of the active user is required to perform password change'));
+ } else {
+ ui_print_error_message(__('Password of active user is not correct'));
}
-
- ui_print_result_message(
- $res1 || $res2,
- __('User info successfully updated'),
- __('Error updating user info (no change?)')
- );
}
} else {
db_process_sql_insert(
@@ -877,6 +895,25 @@ if ($config['user_can_update_password']) {
true,
true
).'';
+
+ if (!is_user_admin($config['id_user'])) {
+ $own_pass_confirm = ''.html_print_input_text_extended(
+ 'own_password_confirm',
+ '',
+ 'own_password_confirm',
+ '',
+ '20',
+ '45',
+ $view_mode,
+ '',
+ [
+ 'class' => 'input',
+ 'placeholder' => __('Own password confirmation'),
+ ],
+ true,
+ true
+ ).'
';
+ }
}
$own_info = get_user_info($config['id_user']);
@@ -1191,7 +1228,7 @@ if (is_metaconsole()) {
if ($id != '' && !$is_err) {
$div_user_info = ''.$avatar.$user_id_create.'
- '.$user_id_update_view.$full_name.$new_pass.$new_pass_confirm.$global_profile.'
';
+ '.$user_id_update_view.$full_name.$new_pass.$new_pass_confirm.$own_pass_confirm.$global_profile.'
';
} else {
$div_user_info = ''.$avatar.'
'.$user_id_create.$user_id_update_view.$full_name.$new_pass.$new_pass_confirm.$global_profile.'
';
diff --git a/pandora_console/include/styles/pandora.css b/pandora_console/include/styles/pandora.css
index bc743e9c77..bd0f2577f7 100644
--- a/pandora_console/include/styles/pandora.css
+++ b/pandora_console/include/styles/pandora.css
@@ -4769,7 +4769,9 @@ input:checked + .p-slider:before {
}
.edit_user_info_right #password_new,
-.edit_user_info_right #password_conf {
+.edit_user_info_right #password_conf,
+.edit_user_info_right #own_password_confirm,
+.edit_user_info_right #current_password {
background-image: url("../../images/user_password.png");
}
diff --git a/pandora_console/operation/users/user_edit.php b/pandora_console/operation/users/user_edit.php
index b55a0952e4..8c191bdf26 100644
--- a/pandora_console/operation/users/user_edit.php
+++ b/pandora_console/operation/users/user_edit.php
@@ -72,6 +72,7 @@ if (isset($_GET['modified']) && !$view_mode) {
$upd_info['lastname'] = get_parameter_post('lastname', $user_info['lastname']);
$password_new = get_parameter_post('password_new', '');
$password_confirm = get_parameter_post('password_conf', '');
+ $current_password = get_parameter_post('current_password', '');
$upd_info['email'] = get_parameter_post('email', '');
$upd_info['phone'] = get_parameter_post('phone', '');
$upd_info['comments'] = get_parameter_post('comments', '');
@@ -144,21 +145,37 @@ if (isset($_GET['modified']) && !$view_mode) {
}
if (!empty($password_new)) {
+ $correct_password = false;
+
+ $user_credentials_check = process_user_login($config['id_user'], $current_password, true);
+
+ if ($user_credentials_check !== false) {
+ $correct_password = true;
+ }
+
if ($config['user_can_update_password'] && $password_confirm == $password_new) {
- if ((!$is_admin || $config['enable_pass_policy_admin'])
- && $config['enable_pass_policy']
- ) {
- $pass_ok = login_validate_pass($password_new, $id, true);
- if ($pass_ok != 1) {
- ui_print_error_message($pass_ok);
+ if ($correct_password === true) {
+ if ((!$is_admin || $config['enable_pass_policy_admin'])
+ && $config['enable_pass_policy']
+ ) {
+ $pass_ok = login_validate_pass($password_new, $id, true);
+ if ($pass_ok != 1) {
+ ui_print_error_message($pass_ok);
+ } else {
+ $return = update_user_password($id, $password_new);
+ if ($return) {
+ $return2 = save_pass_history($id, $password_new);
+ }
+ }
} else {
$return = update_user_password($id, $password_new);
- if ($return) {
- $return2 = save_pass_history($id, $password_new);
- }
}
} else {
- $return = update_user_password($id, $password_new);
+ if ($current_password === '') {
+ $error_msg = __('Current password of user is required to perform password change');
+ } else {
+ $error_msg = __('Current password of user is not correct');
+ }
}
} else if ($password_new !== 'NON-INIT') {
$error_msg = __('Passwords didn\'t match or other problem encountered while updating passwords');
@@ -280,9 +297,11 @@ if ($view_mode === false) {
if ($config['user_can_update_password']) {
$new_pass = ''.html_print_input_text_extended('password_new', '', 'password_new', '', '25', '45', $view_mode, '', ['class' => 'input', 'placeholder' => __('New Password')], true, true).'
';
$new_pass_confirm = ''.html_print_input_text_extended('password_conf', '', 'password_conf', '', '20', '45', $view_mode, '', ['class' => 'input', 'placeholder' => __('Password confirmation')], true, true).'
';
+ $current_pass = ''.html_print_input_text_extended('current_password', '', 'current_password', '', '20', '45', $view_mode, '', ['class' => 'input', 'placeholder' => __('Current password')], true, true).'
';
} else {
$new_pass = ''.__('You cannot change your password under the current authentication scheme').'';
$new_pass_confirm = '';
+ $current_pass = '';
}
}
@@ -634,7 +653,7 @@ if (is_metaconsole()) {
'.$avatar.$user_id.'
-
'.$full_name.$email.$phone.$new_pass.$new_pass_confirm.'
+
'.$full_name.$email.$phone.$new_pass.$new_pass_confirm.$current_pass.'
'.$autorefresh_show.$time_autorefresh.'