Merge branch 'ent-4025-Cambio-de-contrase-en-user-edit-no-pide-contraseña-actual' into 'develop'

active user password check See merge request artica/pandorafms!3689
2020-12-17 16:48:26 +01:00 · 2020-12-17 16:48:26 +01:00 · b75d1149e0
parent ec472f6c6f 8aa18a1236
commit b75d1149e0
3 changed files with 97 additions and 39 deletions
--- a/pandora_console/godmode/users/configure_user.php
+++ b/pandora_console/godmode/users/configure_user.php
@ -558,15 +558,51 @@ if ($update_user) {
    if ($config['user_can_update_password']) {
        $password_new = (string) get_parameter('password_new', '');
        $password_confirm = (string) get_parameter('password_confirm', '');
+        $own_password_confirm = (string) get_parameter('own_password_confirm', '');
+
        if ($password_new != '') {
+            $correct_password = false;
+
+            $user_credentials_check = process_user_login($config['id_user'], $own_password_confirm, true);
+
+            if ($user_credentials_check !== false) {
+                $correct_password = true;
+            }
+
            if ($password_confirm == $password_new) {
-                if ((!is_user_admin($config['id_user']) || $config['enable_pass_policy_admin']) && $config['enable_pass_policy']) {
-                    $pass_ok = login_validate_pass($password_new, $id, true);
-                    if ($pass_ok != 1) {
-                        ui_print_error_message($pass_ok);
+                if ($correct_password === true || is_user_admin($config['id_user'])) {
+                    if ((!is_user_admin($config['id_user']) || $config['enable_pass_policy_admin']) && $config['enable_pass_policy']) {
+                        $pass_ok = login_validate_pass($password_new, $id, true);
+                        if ($pass_ok != 1) {
+                            ui_print_error_message($pass_ok);
+                        } else {
+                            $res2 = update_user_password($id, $password_new);
+                            if ($res2) {
+                                db_process_sql_insert(
+                                    'tsesion',
+                                    [
+                                        'id_sesion'   => '',
+                                        'id_usuario'  => $id,
+                                        'ip_origen'   => $_SERVER['REMOTE_ADDR'],
+                                        'accion'      => 'Password&#x20;change',
+                                        'descripcion' => 'Access password updated',
+                                        'fecha'       => date('Y-m-d H:i:s'),
+                                        'utimestamp'  => time(),
+                                    ]
+                                );
+                                $res3 = save_pass_history($id, $password_new);
+                            }
+
+                            ui_print_result_message(
+                                $res1 || $res2,
+                                __('User info successfully updated'),
+                                __('Error updating user info (no change?)')
+                            );
+                        }
                    } else {
                        $res2 = update_user_password($id, $password_new);
                        if ($res2) {
+                            $res3 = save_pass_history($id, $password_new);
                            db_process_sql_insert(
                                'tsesion',
                                [
@ -579,7 +615,6 @@ if ($update_user) {
                                    'utimestamp'  => time(),
                                ]
                            );
-                            $res3 = save_pass_history($id, $password_new);
                        }

                        ui_print_result_message(
@ -589,28 +624,11 @@ if ($update_user) {
                        );
                    }
                } else {
-                    $res2 = update_user_password($id, $password_new);
-                    if ($res2) {
-                        $res3 = save_pass_history($id, $password_new);
-                        db_process_sql_insert(
-                            'tsesion',
-                            [
-                                'id_sesion'   => '',
-                                'id_usuario'  => $id,
-                                'ip_origen'   => $_SERVER['REMOTE_ADDR'],
-                                'accion'      => 'Password&#x20;change',
-                                'descripcion' => 'Access password updated',
-                                'fecha'       => date('Y-m-d H:i:s'),
-                                'utimestamp'  => time(),
-                            ]
-                        );
+                    if ($own_password_confirm === '') {
+                        ui_print_error_message(__('Password of the active user is required to perform password change'));
+                    } else {
+                        ui_print_error_message(__('Password of active user is not correct'));
                    }
-
-                    ui_print_result_message(
-                        $res1 || $res2,
-                        __('User info successfully updated'),
-                        __('Error updating user info (no change?)')
-                    );
                }
            } else {
                db_process_sql_insert(
@ -877,6 +895,25 @@ if ($config['user_can_update_password']) {
        true,
        true
    ).'</span></div>';
+
+    if (!is_user_admin($config['id_user'])) {
+        $own_pass_confirm = '<div class="label_select_simple"><span>'.html_print_input_text_extended(
+            'own_password_confirm',
+            '',
+            'own_password_confirm',
+            '',
+            '20',
+            '45',
+            $view_mode,
+            '',
+            [
+                'class'       => 'input',
+                'placeholder' => __('Own password confirmation'),
+            ],
+            true,
+            true
+        ).'</span></div>';
+    }
 }

 $own_info = get_user_info($config['id_user']);
@ -1191,7 +1228,7 @@ if (is_metaconsole()) {

 if ($id != '' && !$is_err) {
    $div_user_info = '<div class="edit_user_info_left">'.$avatar.$user_id_create.'</div>
-    <div class="edit_user_info_right">'.$user_id_update_view.$full_name.$new_pass.$new_pass_confirm.$global_profile.'</div>';
+    <div class="edit_user_info_right">'.$user_id_update_view.$full_name.$new_pass.$new_pass_confirm.$own_pass_confirm.$global_profile.'</div>';
 } else {
    $div_user_info = '<div class="edit_user_info_left">'.$avatar.'</div>
    <div class="edit_user_info_right">'.$user_id_create.$user_id_update_view.$full_name.$new_pass.$new_pass_confirm.$global_profile.'</div>';
--- a/pandora_console/include/styles/pandora.css
+++ b/pandora_console/include/styles/pandora.css
@ -4776,7 +4776,9 @@ input:checked + .p-slider:before {
 }

 .edit_user_info_right #password_new,
-.edit_user_info_right #password_conf {
+.edit_user_info_right #password_conf,
+.edit_user_info_right #own_password_confirm,
+.edit_user_info_right #current_password {
  background-image: url("../../images/user_password.png");
 }

--- a/pandora_console/operation/users/user_edit.php
+++ b/pandora_console/operation/users/user_edit.php
@ -72,6 +72,7 @@ if (isset($_GET['modified']) && !$view_mode) {
    $upd_info['lastname'] = get_parameter_post('lastname', $user_info['lastname']);
    $password_new = get_parameter_post('password_new', '');
    $password_confirm = get_parameter_post('password_conf', '');
+    $current_password = get_parameter_post('current_password', '');
    $upd_info['email'] = get_parameter_post('email', '');
    $upd_info['phone'] = get_parameter_post('phone', '');
    $upd_info['comments'] = get_parameter_post('comments', '');
@ -144,21 +145,37 @@ if (isset($_GET['modified']) && !$view_mode) {
    }

    if (!empty($password_new)) {
+        $correct_password = false;
+
+        $user_credentials_check = process_user_login($config['id_user'], $current_password, true);
+
+        if ($user_credentials_check !== false) {
+            $correct_password = true;
+        }
+
        if ($config['user_can_update_password'] && $password_confirm == $password_new) {
-            if ((!$is_admin || $config['enable_pass_policy_admin'])
-                && $config['enable_pass_policy']
-            ) {
-                $pass_ok = login_validate_pass($password_new, $id, true);
-                if ($pass_ok != 1) {
-                    ui_print_error_message($pass_ok);
+            if ($correct_password === true) {
+                if ((!$is_admin || $config['enable_pass_policy_admin'])
+                    && $config['enable_pass_policy']
+                ) {
+                    $pass_ok = login_validate_pass($password_new, $id, true);
+                    if ($pass_ok != 1) {
+                        ui_print_error_message($pass_ok);
+                    } else {
+                        $return = update_user_password($id, $password_new);
+                        if ($return) {
+                            $return2 = save_pass_history($id, $password_new);
+                        }
+                    }
                } else {
                    $return = update_user_password($id, $password_new);
-                    if ($return) {
-                        $return2 = save_pass_history($id, $password_new);
-                    }
                }
            } else {
-                $return = update_user_password($id, $password_new);
+                if ($current_password === '') {
+                    $error_msg = __('Current password of user is required to perform password change');
+                } else {
+                    $error_msg = __('Current password of user is not correct');
+                }
            }
        } else if ($password_new !== 'NON-INIT') {
            $error_msg = __('Passwords didn\'t match or other problem encountered while updating passwords');
@ -280,9 +297,11 @@ if ($view_mode === false) {
    if ($config['user_can_update_password']) {
        $new_pass = '<div class="label_select_simple"><span>'.html_print_input_text_extended('password_new', '', 'password_new', '', '25', '45', $view_mode, '', ['class' => 'input', 'placeholder' => __('New Password')], true, true).'</span></div>';
        $new_pass_confirm = '<div class="label_select_simple"><span>'.html_print_input_text_extended('password_conf', '', 'password_conf', '', '20', '45', $view_mode, '', ['class' => 'input', 'placeholder' => __('Password confirmation')], true, true).'</span></div>';
+        $current_pass = '<div class="label_select_simple"><span>'.html_print_input_text_extended('current_password', '', 'current_password', '', '20', '45', $view_mode, '', ['class' => 'input', 'placeholder' => __('Current password')], true, true).'</span></div>';
    } else {
        $new_pass = '<i>'.__('You cannot change your password under the current authentication scheme').'</i>';
        $new_pass_confirm = '';
+        $current_pass = '';
    }
 }

@ -634,7 +653,7 @@ if (is_metaconsole()) {
            <div class="user_edit_first_row">
                <div class="edit_user_info white_box">
                    <div class="edit_user_info_left">'.$avatar.$user_id.'</div>
-                    <div class="edit_user_info_right">'.$full_name.$email.$phone.$new_pass.$new_pass_confirm.'</div>
+                    <div class="edit_user_info_right">'.$full_name.$email.$phone.$new_pass.$new_pass_confirm.$current_pass.'</div>
                </div>  
                <div class="edit_user_autorefresh white_box">'.$autorefresh_show.$time_autorefresh.'</div>
            </div>