From 8aa18a1236d65be536cf4234ff1ccafc5e2db213 Mon Sep 17 00:00:00 2001 From: alejandro-campos Date: Wed, 2 Dec 2020 16:29:45 +0100 Subject: [PATCH] active user password check --- .../godmode/users/configure_user.php | 91 +++++++++++++------ pandora_console/include/styles/pandora.css | 4 +- pandora_console/operation/users/user_edit.php | 41 ++++++--- 3 files changed, 97 insertions(+), 39 deletions(-) diff --git a/pandora_console/godmode/users/configure_user.php b/pandora_console/godmode/users/configure_user.php index f9618b64a1..4e6f13485a 100644 --- a/pandora_console/godmode/users/configure_user.php +++ b/pandora_console/godmode/users/configure_user.php @@ -558,15 +558,51 @@ if ($update_user) { if ($config['user_can_update_password']) { $password_new = (string) get_parameter('password_new', ''); $password_confirm = (string) get_parameter('password_confirm', ''); + $own_password_confirm = (string) get_parameter('own_password_confirm', ''); + if ($password_new != '') { + $correct_password = false; + + $user_credentials_check = process_user_login($config['id_user'], $own_password_confirm, true); + + if ($user_credentials_check !== false) { + $correct_password = true; + } + if ($password_confirm == $password_new) { - if ((!is_user_admin($config['id_user']) || $config['enable_pass_policy_admin']) && $config['enable_pass_policy']) { - $pass_ok = login_validate_pass($password_new, $id, true); - if ($pass_ok != 1) { - ui_print_error_message($pass_ok); + if ($correct_password === true || is_user_admin($config['id_user'])) { + if ((!is_user_admin($config['id_user']) || $config['enable_pass_policy_admin']) && $config['enable_pass_policy']) { + $pass_ok = login_validate_pass($password_new, $id, true); + if ($pass_ok != 1) { + ui_print_error_message($pass_ok); + } else { + $res2 = update_user_password($id, $password_new); + if ($res2) { + db_process_sql_insert( + 'tsesion', + [ + 'id_sesion' => '', + 'id_usuario' => $id, + 'ip_origen' => $_SERVER['REMOTE_ADDR'], + 'accion' => 'Password change', + 'descripcion' => 'Access password updated', + 'fecha' => date('Y-m-d H:i:s'), + 'utimestamp' => time(), + ] + ); + $res3 = save_pass_history($id, $password_new); + } + + ui_print_result_message( + $res1 || $res2, + __('User info successfully updated'), + __('Error updating user info (no change?)') + ); + } } else { $res2 = update_user_password($id, $password_new); if ($res2) { + $res3 = save_pass_history($id, $password_new); db_process_sql_insert( 'tsesion', [ @@ -579,7 +615,6 @@ if ($update_user) { 'utimestamp' => time(), ] ); - $res3 = save_pass_history($id, $password_new); } ui_print_result_message( @@ -589,28 +624,11 @@ if ($update_user) { ); } } else { - $res2 = update_user_password($id, $password_new); - if ($res2) { - $res3 = save_pass_history($id, $password_new); - db_process_sql_insert( - 'tsesion', - [ - 'id_sesion' => '', - 'id_usuario' => $id, - 'ip_origen' => $_SERVER['REMOTE_ADDR'], - 'accion' => 'Password change', - 'descripcion' => 'Access password updated', - 'fecha' => date('Y-m-d H:i:s'), - 'utimestamp' => time(), - ] - ); + if ($own_password_confirm === '') { + ui_print_error_message(__('Password of the active user is required to perform password change')); + } else { + ui_print_error_message(__('Password of active user is not correct')); } - - ui_print_result_message( - $res1 || $res2, - __('User info successfully updated'), - __('Error updating user info (no change?)') - ); } } else { db_process_sql_insert( @@ -877,6 +895,25 @@ if ($config['user_can_update_password']) { true, true ).''; + + if (!is_user_admin($config['id_user'])) { + $own_pass_confirm = '
'.html_print_input_text_extended( + 'own_password_confirm', + '', + 'own_password_confirm', + '', + '20', + '45', + $view_mode, + '', + [ + 'class' => 'input', + 'placeholder' => __('Own password confirmation'), + ], + true, + true + ).'
'; + } } $own_info = get_user_info($config['id_user']); @@ -1191,7 +1228,7 @@ if (is_metaconsole()) { if ($id != '' && !$is_err) { $div_user_info = '
'.$avatar.$user_id_create.'
-
'.$user_id_update_view.$full_name.$new_pass.$new_pass_confirm.$global_profile.'
'; +
'.$user_id_update_view.$full_name.$new_pass.$new_pass_confirm.$own_pass_confirm.$global_profile.'
'; } else { $div_user_info = '
'.$avatar.'
'.$user_id_create.$user_id_update_view.$full_name.$new_pass.$new_pass_confirm.$global_profile.'
'; diff --git a/pandora_console/include/styles/pandora.css b/pandora_console/include/styles/pandora.css index bc743e9c77..bd0f2577f7 100644 --- a/pandora_console/include/styles/pandora.css +++ b/pandora_console/include/styles/pandora.css @@ -4769,7 +4769,9 @@ input:checked + .p-slider:before { } .edit_user_info_right #password_new, -.edit_user_info_right #password_conf { +.edit_user_info_right #password_conf, +.edit_user_info_right #own_password_confirm, +.edit_user_info_right #current_password { background-image: url("../../images/user_password.png"); } diff --git a/pandora_console/operation/users/user_edit.php b/pandora_console/operation/users/user_edit.php index b55a0952e4..8c191bdf26 100644 --- a/pandora_console/operation/users/user_edit.php +++ b/pandora_console/operation/users/user_edit.php @@ -72,6 +72,7 @@ if (isset($_GET['modified']) && !$view_mode) { $upd_info['lastname'] = get_parameter_post('lastname', $user_info['lastname']); $password_new = get_parameter_post('password_new', ''); $password_confirm = get_parameter_post('password_conf', ''); + $current_password = get_parameter_post('current_password', ''); $upd_info['email'] = get_parameter_post('email', ''); $upd_info['phone'] = get_parameter_post('phone', ''); $upd_info['comments'] = get_parameter_post('comments', ''); @@ -144,21 +145,37 @@ if (isset($_GET['modified']) && !$view_mode) { } if (!empty($password_new)) { + $correct_password = false; + + $user_credentials_check = process_user_login($config['id_user'], $current_password, true); + + if ($user_credentials_check !== false) { + $correct_password = true; + } + if ($config['user_can_update_password'] && $password_confirm == $password_new) { - if ((!$is_admin || $config['enable_pass_policy_admin']) - && $config['enable_pass_policy'] - ) { - $pass_ok = login_validate_pass($password_new, $id, true); - if ($pass_ok != 1) { - ui_print_error_message($pass_ok); + if ($correct_password === true) { + if ((!$is_admin || $config['enable_pass_policy_admin']) + && $config['enable_pass_policy'] + ) { + $pass_ok = login_validate_pass($password_new, $id, true); + if ($pass_ok != 1) { + ui_print_error_message($pass_ok); + } else { + $return = update_user_password($id, $password_new); + if ($return) { + $return2 = save_pass_history($id, $password_new); + } + } } else { $return = update_user_password($id, $password_new); - if ($return) { - $return2 = save_pass_history($id, $password_new); - } } } else { - $return = update_user_password($id, $password_new); + if ($current_password === '') { + $error_msg = __('Current password of user is required to perform password change'); + } else { + $error_msg = __('Current password of user is not correct'); + } } } else if ($password_new !== 'NON-INIT') { $error_msg = __('Passwords didn\'t match or other problem encountered while updating passwords'); @@ -280,9 +297,11 @@ if ($view_mode === false) { if ($config['user_can_update_password']) { $new_pass = '
'.html_print_input_text_extended('password_new', '', 'password_new', '', '25', '45', $view_mode, '', ['class' => 'input', 'placeholder' => __('New Password')], true, true).'
'; $new_pass_confirm = '
'.html_print_input_text_extended('password_conf', '', 'password_conf', '', '20', '45', $view_mode, '', ['class' => 'input', 'placeholder' => __('Password confirmation')], true, true).'
'; + $current_pass = '
'.html_print_input_text_extended('current_password', '', 'current_password', '', '20', '45', $view_mode, '', ['class' => 'input', 'placeholder' => __('Current password')], true, true).'
'; } else { $new_pass = ''.__('You cannot change your password under the current authentication scheme').''; $new_pass_confirm = ''; + $current_pass = ''; } } @@ -634,7 +653,7 @@ if (is_metaconsole()) {
'.$autorefresh_show.$time_autorefresh.'