AccountHub/action.php

<?php

/**
 * Make things happen when buttons are pressed and forms submitted.
 */
use LdapTools\LdapManager;
use LdapTools\Object\LdapObjectType;

require_once __DIR__ . "/required.php";

// If the user presses Sign Out but we're not logged in anymore,
// we don't want to show a nasty error.
if ($VARS['action'] == 'signout' && $_SESSION['loggedin'] != true) {
    session_destroy();
    header('Location: index.php');
    die("Logged out (session was expired anyways).");
}

dieifnotloggedin();

require_once __DIR__ . "/lib/login.php";
require_once __DIR__ . "/lib/worst_passwords.php";

function returnToSender($msg, $arg = "") {
    global $VARS;
    if ($arg == "") {
        header("Location: home.php?page=" . urlencode($VARS['source']) . "&msg=$msg");
    } else {
        header("Location: home.php?page=" . urlencode($VARS['source']) . "&msg=$msg&arg=" . urlencode($arg));
    }
    die();
}

switch ($VARS['action']) {
    case "signout":
        insertAuthLog(11, $_SESSION['uid']);
        session_destroy();
        header('Location: index.php');
        die("Logged out.");
    case "chpasswd":
        if ($VARS['oldpass'] == $VARS['newpass']) {
            returnToSender("passwords_same");
        }
        if (authenticate_user($_SESSION['username'], $VARS['oldpass'])) {
            if ($VARS['newpass'] == $VARS['conpass']) {
                $passrank = checkWorst500List($VARS['newpass']);
                if ($passrank !== FALSE) {
                    returnToSender("password_500", $passrank);
                }
                if (strlen($VARS['newpass']) < MIN_PASSWORD_LENGTH) {
                    returnToSender("weak_password");
                }

                $acctloc = account_location($_SESSION['username'], $_SESSION['password']);

                if ($acctloc == "LOCAL") {
                    $database->update('accounts', ['password' => encryptPassword($VARS['newpass'])], ['uid' => $_SESSION['uid']]);
                    $_SESSION['password'] = $VARS['newpass'];
                    insertAuthLog(3, $_SESSION['uid']);
                    returnToSender("password_updated");
                } else if ($acctloc == "LDAP") {
                    /* $ldap_config_domain
                      ->setUsername($_SESSION['username'])
                      ->setPassword($VARS['oldpass']); */
                    try {
                        //echo "0";
                        $ldapManager = new LdapManager($ldap_config);
                        //echo "1";
                        $repository = $ldapManager->getRepository(LdapObjectType::USER);
                        //echo "2";
                        $user = $repository->findOneByUsername($_SESSION['username']);
                        //echo "3";
                        $user->setPassword($VARS['newpass']);
                        //echo "4";
                        $ldapManager->persist($user);
                        //echo "5";
                        insertAuthLog(3, $_SESSION['uid']);
                        $_SESSION['password'] = $VARS['newpass'];
                        returnToSender("password_updated");
                    } catch (\Exception $e) {
                        echo $e->getMessage();
                        returnToSender("ldap_error", $e->getMessage());
                    }
                } else {
                    returnToSender("account_state_error");
                }
            } else {
                returnToSender("new_password_mismatch");
            }
        } else {
            returnToSender("old_password_mismatch");
        }
        break;
    case "add2fa":
        if (is_empty($VARS['secret'])) {
            returnToSender("invalid_parameters");
        }
        $database->update('accounts', ['authsecret' => $VARS['secret']], ['uid' => $_SESSION['uid']]);
        insertAuthLog(9, $_SESSION['uid']);
        returnToSender("2fa_enabled");
    case "rm2fa":
        $database->update('accounts', ['authsecret' => ""], ['uid' => $_SESSION['uid']]);
        insertAuthLog(10, $_SESSION['uid']);
        returnToSender("2fa_removed");
        break;
}
Add widget framework, add full 2fa support, add password changing, add blacklist of common passwords 7 years ago			`<?php`

			`/**`
			`* Make things happen when buttons are pressed and forms submitted.`
			`*/`
Add API, auth logging, AD support TODO: Test changing AD passwords 7 years ago			`use LdapTools\LdapManager;`
			`use LdapTools\Object\LdapObjectType;`

Add widget framework, add full 2fa support, add password changing, add blacklist of common passwords 7 years ago			`require_once __DIR__ . "/required.php";`

Fix LDAP password changing, rewrite a lot of LDAP code to work better 7 years ago			`// If the user presses Sign Out but we're not logged in anymore,`
			`// we don't want to show a nasty error.`
			`if ($VARS['action'] == 'signout' && $_SESSION['loggedin'] != true) {`
			`session_destroy();`
			`header('Location: index.php');`
			`die("Logged out (session was expired anyways).");`
			`}`

Add widget framework, add full 2fa support, add password changing, add blacklist of common passwords 7 years ago			`dieifnotloggedin();`

Add API, auth logging, AD support TODO: Test changing AD passwords 7 years ago			`require_once __DIR__ . "/lib/login.php";`
Add widget framework, add full 2fa support, add password changing, add blacklist of common passwords 7 years ago			`require_once __DIR__ . "/lib/worst_passwords.php";`

			`function returnToSender($msg, $arg = "") {`
			`global $VARS;`
			`if ($arg == "") {`
Fix LDAP password changing, rewrite a lot of LDAP code to work better 7 years ago			`header("Location: home.php?page=" . urlencode($VARS['source']) . "&msg=$msg");`
Add widget framework, add full 2fa support, add password changing, add blacklist of common passwords 7 years ago			`} else {`
Fix LDAP password changing, rewrite a lot of LDAP code to work better 7 years ago			`header("Location: home.php?page=" . urlencode($VARS['source']) . "&msg=$msg&arg=" . urlencode($arg));`
Add widget framework, add full 2fa support, add password changing, add blacklist of common passwords 7 years ago			`}`
			`die();`
			`}`

			`switch ($VARS['action']) {`
			`case "signout":`
Add API, auth logging, AD support TODO: Test changing AD passwords 7 years ago			`insertAuthLog(11, $_SESSION['uid']);`
Add widget framework, add full 2fa support, add password changing, add blacklist of common passwords 7 years ago			`session_destroy();`
			`header('Location: index.php');`
			`die("Logged out.");`
			`case "chpasswd":`
Fix LDAP password changing, rewrite a lot of LDAP code to work better 7 years ago			`if ($VARS['oldpass'] == $VARS['newpass']) {`
			`returnToSender("passwords_same");`
			`}`
			`if (authenticate_user($_SESSION['username'], $VARS['oldpass'])) {`
Add widget framework, add full 2fa support, add password changing, add blacklist of common passwords 7 years ago			`if ($VARS['newpass'] == $VARS['conpass']) {`
			`$passrank = checkWorst500List($VARS['newpass']);`
			`if ($passrank !== FALSE) {`
			`returnToSender("password_500", $passrank);`
			`}`
			`if (strlen($VARS['newpass']) < MIN_PASSWORD_LENGTH) {`
			`returnToSender("weak_password");`
			`}`
Add API, auth logging, AD support TODO: Test changing AD passwords 7 years ago
			`$acctloc = account_location($_SESSION['username'], $_SESSION['password']);`

			`if ($acctloc == "LOCAL") {`
			`$database->update('accounts', ['password' => encryptPassword($VARS['newpass'])], ['uid' => $_SESSION['uid']]);`
			`$_SESSION['password'] = $VARS['newpass'];`
			`insertAuthLog(3, $_SESSION['uid']);`
			`returnToSender("password_updated");`
			`} else if ($acctloc == "LDAP") {`
Fix LDAP password changing, rewrite a lot of LDAP code to work better 7 years ago			`/* $ldap_config_domain`
			`->setUsername($_SESSION['username'])`
			`->setPassword($VARS['oldpass']); */`
Add API, auth logging, AD support TODO: Test changing AD passwords 7 years ago			`try {`
Fix LDAP password changing, rewrite a lot of LDAP code to work better 7 years ago			`//echo "0";`
			`$ldapManager = new LdapManager($ldap_config);`
			`//echo "1";`
			`$repository = $ldapManager->getRepository(LdapObjectType::USER);`
			`//echo "2";`
			`$user = $repository->findOneByUsername($_SESSION['username']);`
			`//echo "3";`
			`$user->setPassword($VARS['newpass']);`
			`//echo "4";`
Add API, auth logging, AD support TODO: Test changing AD passwords 7 years ago			`$ldapManager->persist($user);`
Fix LDAP password changing, rewrite a lot of LDAP code to work better 7 years ago			`//echo "5";`
Add API, auth logging, AD support TODO: Test changing AD passwords 7 years ago			`insertAuthLog(3, $_SESSION['uid']);`
Fix LDAP password changing, rewrite a lot of LDAP code to work better 7 years ago			`$_SESSION['password'] = $VARS['newpass'];`
Add API, auth logging, AD support TODO: Test changing AD passwords 7 years ago			`returnToSender("password_updated");`
			`} catch (\Exception $e) {`
Fix LDAP password changing, rewrite a lot of LDAP code to work better 7 years ago			`echo $e->getMessage();`
Add API, auth logging, AD support TODO: Test changing AD passwords 7 years ago			`returnToSender("ldap_error", $e->getMessage());`
			`}`
			`} else {`
			`returnToSender("account_state_error");`
			`}`
Add widget framework, add full 2fa support, add password changing, add blacklist of common passwords 7 years ago			`} else {`
			`returnToSender("new_password_mismatch");`
			`}`
			`} else {`
			`returnToSender("old_password_mismatch");`
			`}`
			`break;`
			`case "add2fa":`
			`if (is_empty($VARS['secret'])) {`
			`returnToSender("invalid_parameters");`
			`}`
			`$database->update('accounts', ['authsecret' => $VARS['secret']], ['uid' => $_SESSION['uid']]);`
Add API, auth logging, AD support TODO: Test changing AD passwords 7 years ago			`insertAuthLog(9, $_SESSION['uid']);`
Add widget framework, add full 2fa support, add password changing, add blacklist of common passwords 7 years ago			`returnToSender("2fa_enabled");`
			`case "rm2fa":`
			`$database->update('accounts', ['authsecret' => ""], ['uid' => $_SESSION['uid']]);`
Add API, auth logging, AD support TODO: Test changing AD passwords 7 years ago			`insertAuthLog(10, $_SESSION['uid']);`
Add widget framework, add full 2fa support, add password changing, add blacklist of common passwords 7 years ago			`returnToSender("2fa_removed");`
			`break;`
			`}`