Single-sign-on and self-serve account management. https://netsyms.biz/apps/accounthub
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

action.php 3.1KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384
  1. <?php
  2. /**
  3. * Make things happen when buttons are pressed and forms submitted.
  4. */
  5. use LdapTools\LdapManager;
  6. use LdapTools\Object\LdapObjectType;
  7. require_once __DIR__ . "/required.php";
  8. dieifnotloggedin();
  9. require_once __DIR__ . "/lib/login.php";
  10. require_once __DIR__ . "/lib/worst_passwords.php";
  11. function returnToSender($msg, $arg = "") {
  12. global $VARS;
  13. if ($arg == "") {
  14. header("Location: home.php?page=" . urlencode($VARS['source']) . "&msg=" . $msg);
  15. } else {
  16. header("Location: home.php?page=" . urlencode($VARS['source']) . "&msg=$msg&arg=$arg");
  17. }
  18. die();
  19. }
  20. switch ($VARS['action']) {
  21. case "signout":
  22. insertAuthLog(11, $_SESSION['uid']);
  23. session_destroy();
  24. header('Location: index.php');
  25. die("Logged out.");
  26. case "chpasswd":
  27. if ($_SESSION['password'] == $VARS['oldpass']) {
  28. if ($VARS['newpass'] == $VARS['conpass']) {
  29. $passrank = checkWorst500List($VARS['newpass']);
  30. if ($passrank !== FALSE) {
  31. returnToSender("password_500", $passrank);
  32. }
  33. if (strlen($VARS['newpass']) < MIN_PASSWORD_LENGTH) {
  34. returnToSender("weak_password");
  35. }
  36. $acctloc = account_location($_SESSION['username'], $_SESSION['password']);
  37. if ($acctloc == "LOCAL") {
  38. $database->update('accounts', ['password' => encryptPassword($VARS['newpass'])], ['uid' => $_SESSION['uid']]);
  39. $_SESSION['password'] = $VARS['newpass'];
  40. insertAuthLog(3, $_SESSION['uid']);
  41. returnToSender("password_updated");
  42. } else if ($acctloc == "LDAP") {
  43. $ldapManager = new LdapManager($ldap_config);
  44. $repository = $ldapManager->getRepository(LdapObjectType::USER);
  45. $user = $repository->findOneByUsername($_SESSION['username']);
  46. $user->setPassword($VARS['newpass']);
  47. try {
  48. $ldapManager->persist($user);
  49. insertAuthLog(3, $_SESSION['uid']);
  50. returnToSender("password_updated");
  51. } catch (\Exception $e) {
  52. returnToSender("ldap_error", $e->getMessage());
  53. }
  54. } else {
  55. returnToSender("account_state_error");
  56. }
  57. } else {
  58. returnToSender("new_password_mismatch");
  59. }
  60. } else {
  61. returnToSender("old_password_mismatch");
  62. }
  63. break;
  64. case "add2fa":
  65. if (is_empty($VARS['secret'])) {
  66. returnToSender("invalid_parameters");
  67. }
  68. $database->update('accounts', ['authsecret' => $VARS['secret']], ['uid' => $_SESSION['uid']]);
  69. insertAuthLog(9, $_SESSION['uid']);
  70. returnToSender("2fa_enabled");
  71. case "rm2fa":
  72. $database->update('accounts', ['authsecret' => ""], ['uid' => $_SESSION['uid']]);
  73. insertAuthLog(10, $_SESSION['uid']);
  74. returnToSender("2fa_removed");
  75. break;
  76. }