diff --git a/.gitignore b/.gitignore
index 1bffee6..aefdb9c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,5 @@
/settings.php
/vendor
/database.mwb.bak
-/nbproject/private
\ No newline at end of file
+/nbproject/private
+*.sync-conflict*
\ No newline at end of file
diff --git a/action.php b/action.php
index cac0cdc..d0eec8a 100644
--- a/action.php
+++ b/action.php
@@ -19,7 +19,6 @@ if ($VARS['action'] == 'signout' && $_SESSION['loggedin'] != true) {
dieifnotloggedin();
require_once __DIR__ . "/lib/login.php";
-require_once __DIR__ . "/lib/worst_passwords.php";
function returnToSender($msg, $arg = "") {
global $VARS;
@@ -38,57 +37,18 @@ switch ($VARS['action']) {
header('Location: index.php');
die("Logged out.");
case "chpasswd":
- if ($VARS['oldpass'] == $VARS['newpass']) {
- returnToSender("passwords_same");
+ $error = [];
+ $result = change_password($VARS['oldpass'], $VARS['newpass'], $VARS['conpass'], $error);
+ if ($result === TRUE) {
+ returnToSender("password_updated");
}
- if (authenticate_user($_SESSION['username'], $VARS['oldpass'])) {
- if ($VARS['newpass'] == $VARS['conpass']) {
- $passrank = checkWorst500List($VARS['newpass']);
- if ($passrank !== FALSE) {
- returnToSender("password_500", $passrank);
- }
- if (strlen($VARS['newpass']) < MIN_PASSWORD_LENGTH) {
- returnToSender("weak_password");
- }
-
- $acctloc = account_location($_SESSION['username'], $_SESSION['password']);
-
- if ($acctloc == "LOCAL") {
- $database->update('accounts', ['password' => encryptPassword($VARS['newpass'])], ['uid' => $_SESSION['uid']]);
- $_SESSION['password'] = $VARS['newpass'];
- insertAuthLog(3, $_SESSION['uid']);
- returnToSender("password_updated");
- } else if ($acctloc == "LDAP") {
- /* $ldap_config_domain
- ->setUsername($_SESSION['username'])
- ->setPassword($VARS['oldpass']); */
- try {
- //echo "0";
- $ldapManager = new LdapManager($ldap_config);
- //echo "1";
- $repository = $ldapManager->getRepository(LdapObjectType::USER);
- //echo "2";
- $user = $repository->findOneByUsername($_SESSION['username']);
- //echo "3";
- $user->setPassword($VARS['newpass']);
- //echo "4";
- $ldapManager->persist($user);
- //echo "5";
- insertAuthLog(3, $_SESSION['uid']);
- $_SESSION['password'] = $VARS['newpass'];
- returnToSender("password_updated");
- } catch (\Exception $e) {
- echo $e->getMessage();
- returnToSender("ldap_error", $e->getMessage());
- }
- } else {
- returnToSender("account_state_error");
- }
- } else {
- returnToSender("new_password_mismatch");
- }
- } else {
- returnToSender("old_password_mismatch");
+ switch (count($error)) {
+ case 1:
+ returnToSender($error[0]);
+ case 2:
+ returnToSender($error[0], $error[1]);
+ default:
+ returnToSender("generic_op_error");
}
break;
case "add2fa":
diff --git a/apps/taskfloor_tasks.php b/apps/taskfloor_tasks.php
new file mode 100644
index 0000000..6f9761c
--- /dev/null
+++ b/apps/taskfloor_tasks.php
@@ -0,0 +1,41 @@
+ [
+ "tasks" => "Tasks",
+ "no tasks found" => "No tasks found."
+ ]
+]);
+$APPS["taskfloor_tasks"]["i18n"] = TRUE;
+$APPS["taskfloor_tasks"]["title"] = "tasks";
+$APPS["taskfloor_tasks"]["icon"] = "tasks";
+try {
+ $client = new GuzzleHttp\Client();
+
+ $response = $client->request('POST', TASKFLOOR_API, ['form_params' => [
+ 'action' => "gettasks",
+ 'username' => $_SESSION['username'],
+ 'password' => $_SESSION['password'],
+ 'max' => 5
+ ]]);
+
+ $resp = json_decode($response->getBody(), TRUE);
+ if ($resp['status'] == "OK") {
+ if (count($resp['tasks']) > 0) {
+ $content = '
';
+ foreach ($resp['tasks'] as $task) {
+ $content .= '
';
+ $content .= ' ' . $task['title'] . '';
+ $content .= '
';
+ }
+ $content .= "
";
+ } else {
+ $content = "" . lang("no tasks found", false) . "
";
+ }
+ }
+} catch (Exception $e) {
+ $content = "" . lang("error loading widget", false) . " " . $e->getMessage() . "
";
+}
+$content .= '' . lang("open app", false) . ' ';
+$APPS["taskfloor_tasks"]["content"] = $content;
+?>
\ No newline at end of file
diff --git a/home.php b/home.php
index 2fc3f12..1c356c1 100644
--- a/home.php
+++ b/home.php
@@ -4,6 +4,9 @@ require_once __DIR__ . "/required.php";
if ($_SESSION['loggedin'] != true) {
header('Location: index.php');
die("Session expired. Log in again to continue.");
+} else if (is_empty($_SESSION['password'])) {
+ header('Location: index.php');
+ die("You need to log in again.");
}
require_once __DIR__ . "/pages.php";
@@ -145,7 +148,7 @@ END;
foreach (APPS[$pageid] as $app) {
if (file_exists(__DIR__ . "/apps/" . $app . ".php")) {
include_once __DIR__ . "/apps/" . $app . ".php";
- $apptitle = $APPS[$app]['title'];
+ $apptitle = ($APPS[$app]['i18n'] === TRUE ? lang($APPS[$app]['title'], false) : $APPS[$app]['title']);
$appicon = (is_empty($APPS[$app]['icon']) ? "" : "fa fa-fw fa-" . $APPS[$app]['icon']);
$apptype = (is_empty($APPS[$app]['type']) ? "default" : $APPS[$app]['type']);
$appcontent = $APPS[$app]['content'];
diff --git a/index.php b/index.php
index 38a2eec..da92c47 100644
--- a/index.php
+++ b/index.php
@@ -3,14 +3,19 @@ require_once __DIR__ . "/required.php";
require_once __DIR__ . "/lib/login.php";
-// if we're logged in, we don't need to be here.
-if ($_SESSION['loggedin']) {
+// If we're logged in, we don't need to be here.
+if ($_SESSION['loggedin'] && !is_empty($_SESSION['password'])) {
header('Location: home.php');
+// This branch will likely run if the user signed in from a different app.
+} else if ($_SESSION['loggedin'] && is_empty($_SESSION['password'])) {
+ $alert = lang("sign in again", false);
+ $alerttype = "info";
}
/* Authenticate user */
-$userpass_ok = false;
+$username_ok = false;
$multiauth = false;
+$change_password = false;
if ($VARS['progress'] == "1") {
if (!RECAPTCHA_ENABLED || (RECAPTCHA_ENABLED && verifyReCaptcha($VARS['g-recaptcha-response']))) {
$autherror = "";
@@ -25,13 +30,16 @@ if ($VARS['progress'] == "1") {
break;
case "CHANGE_PASSWORD":
$alert = lang("password expired", false);
+ $alerttype = "info";
+ $_SESSION['username'] = strtolower($VARS['username']);
+ $change_password = true;
break;
case "NORMAL":
- $userpass_ok = true;
+ $username_ok = true;
break;
case "ALERT_ON_ACCESS":
sendLoginAlertEmail($VARS['username']);
- $userpass_ok = true;
+ $username_ok = true;
break;
default:
if (!is_empty($error)) {
@@ -41,7 +49,7 @@ if ($VARS['progress'] == "1") {
$alert = lang("login error", false);
break;
}
- if ($userpass_ok) {
+ if ($username_ok) {
if (authenticate_user($VARS['username'], $VARS['password'], $autherror)) {
$_SESSION['passok'] = true; // stop logins using only username and authcode
if (userHasTOTP($VARS['username'])) {
@@ -84,6 +92,32 @@ if ($VARS['progress'] == "1") {
$alert = lang("2fa incorrect", false);
insertAuthLog(6, null, "Username: " . $VARS['username']);
}
+} else if ($VARS['progress'] == "chpasswd") {
+ if (!is_empty($_SESSION['username'])) {
+ $error = [];
+ $result = change_password($VARS['oldpass'], $VARS['newpass'], $VARS['conpass'], $error);
+ if ($result === TRUE) {
+ $alert = lang(MESSAGES["password_updated"]["string"], false);
+ $alerttype = MESSAGES["password_updated"]["type"];
+ }
+ switch (count($error)) {
+ case 1:
+ $alert = lang(MESSAGES[$error[0]]["string"], false);
+ $alerttype = MESSAGES[$error[0]]["type"];
+ break;
+ case 2:
+ $alert = lang2(MESSAGES[$error[0]]["string"], ["arg" => $error[1]], false);
+ $alerttype = MESSAGES[$error[0]]["type"];
+ break;
+ default:
+ $alert = lang(MESSAGES["generic_op_error"]["string"], false);
+ $alerttype = MESSAGES["generic_op_error"]["type"];
+ }
+ } else {
+ session_destroy();
+ header('Location: index.php');
+ die();
+ }
}
?>
@@ -117,14 +151,33 @@ if ($VARS['progress'] == "1") {