|
23 | 23 |
|
24 | 24 | require_once("../conf/config.inc.php"); |
25 | 25 | require __DIR__ . '/../vendor/autoload.php'; |
| 26 | + require_once("../lib/hook.inc.php"); |
26 | 27 |
|
27 | 28 | # Connect to LDAP |
28 | 29 | $ldap_connection = $ldapInstance->connect(); |
|
36 | 37 | error_log("LDAP - $dn not found using the configured search settings, reject request"); |
37 | 38 | } else { |
38 | 39 |
|
39 | | - if ($use_checkpasswordhistory) { |
40 | | - $password_history = $ldapInstance->get_attribute_values($dn, "pwdHistory"); |
41 | | - foreach ($password_history as $previous_password) { |
42 | | - preg_match("/(?<={).*(?=})/", $previous_password, $algorithm); |
43 | | - preg_match("/{(?<={).*/", $previous_password, $hash); |
44 | | - if (\Ltb\Password::check_password($password, $hash[0], $algorithm[0])) { |
45 | | - $result = "passwordinhistory"; |
| 40 | + |
| 41 | + if ( isset($hook_login_attribute) ) { |
| 42 | + $hook_login = get_hook_login($dn, $ldapInstance, $hook_login_attribute); |
| 43 | + } |
| 44 | + |
| 45 | + list($prehook_return, $prehook_message) = |
| 46 | + hook($prehook, 'passwordCheck', $hook_login, array( 'password' => $password )); |
| 47 | + |
| 48 | + |
| 49 | + if ( $prehook_return > 0 and !$prehook['passwordCheck']['ignoreError']) { |
| 50 | + $result = "passwordinvalid"; |
| 51 | + } else { |
| 52 | + if ($use_checkpasswordhistory) { |
| 53 | + $password_history = $ldapInstance->get_attribute_values($dn, "pwdHistory"); |
| 54 | + foreach ($password_history as $previous_password) { |
| 55 | + preg_match("/(?<={).*(?=})/", $previous_password, $algorithm); |
| 56 | + preg_match("/{(?<={).*/", $previous_password, $hash); |
| 57 | + if (\Ltb\Password::check_password($password, $hash[0], $algorithm[0])) { |
| 58 | + $result = "passwordinhistory"; |
| 59 | + } |
46 | 60 | } |
47 | 61 | } |
| 62 | + |
| 63 | + if (!$result) { |
| 64 | + $bind = ldap_bind($ldap, $dn, $password); |
| 65 | + $result = $bind ? "passwordok" : "passwordinvalid"; |
| 66 | + } |
48 | 67 | } |
49 | 68 |
|
50 | | - if (!$result) { |
51 | | - $bind = ldap_bind($ldap, $dn, $password); |
52 | | - $result = $bind ? "passwordok" : "passwordinvalid"; |
| 69 | + if ( $result === "passwordok" ) { |
| 70 | + list($posthook_return, $posthook_message) = |
| 71 | + hook($posthook, 'passwordCheck', $hook_login, array( 'password' => $password )); |
53 | 72 | } |
54 | 73 |
|
55 | 74 | } |
|
59 | 78 | auditlog($audit_log_file, $dn, $audit_admin, "checkpassword", $result, NULL); |
60 | 79 | } |
61 | 80 |
|
62 | | -header('Location: index.php?page=display&dn='.$dn.'&checkpasswordresult='.$result); |
| 81 | +$location = 'index.php?page=display&dn='.$dn.'&checkpasswordresult='.$result; |
| 82 | +if ( isset($prehook_return) and $prehook['passwordCheck']['displayError'] and $prehook_return > 0 ) { |
| 83 | + $location .= '&prehookresult='.$prehook_message; |
| 84 | +} |
| 85 | +if ( isset($posthook_return) and $posthook['passwordCheck']['displayError'] and $posthook_return > 0 ) { |
| 86 | + $location .= '&posthookresult='.$posthook_message; |
| 87 | +} |
| 88 | +header('Location: '.$location); |
0 commit comments