Disambiguate user by mail

conf/config.inc.php

@@ -42,6 +42,7 @@
 $ldap_login_attribute = "uid";
 $ldap_fullname_attribute = "cn";
 $ldap_filter = "(&(objectClass=person)($ldap_login_attribute={login}))";
+$ldap_filter_reset = $ldap_filter;
 
 # Active Directory mode
 # true: use unicodePwd as password field

lang/ca.inc.php

@@ -38,7 +38,8 @@
 $messages['badcredentials'] = "El nom d'usuari o la contrasenya són incorrectes";
 $messages['passworderror'] = "El servidor ha refusat la contrasenya";
 $messages['title'] = "Autoservei de canvi de contrasenyes";
-$messages['login'] = "Nom d'usuari";
+$messages['login'] = "Nom d'usuari"; // coheres with $ldap_filter
+$messages['login_reset'] = $messages['login']; // coheres with $ldap_filter_reset
 $messages['oldpassword'] = "Contrasenya anterior";
 $messages['newpassword'] = "Contrasenya nova";
 $messages['confirmpassword'] = "Confirmeu la nova contrasenya";

lang/cn.inc.php

@@ -36,7 +36,8 @@
 $messages['badcredentials'] = "用户名或密码不正确";
 $messages['passworderror'] = "密码被拒";
 $messages['title'] = "统一登录平台自助改密";
-$messages['login'] = "用户名";
+$messages['login'] = "用户名"; // coheres with $ldap_filter
+$messages['login_reset'] = $messages['login']; // coheres with $ldap_filter_reset
 $messages['oldpassword'] = "旧密码";
 $messages['newpassword'] = "新密码";
 $messages['confirmpassword'] = "新密码";

lang/cs.inc.php

@@ -36,7 +36,8 @@
 $messages['badcredentials'] = "Zadali jste špatné jméno nebo heslo";
 $messages['passworderror'] = "Heslo bylo odmítnuto serverem LDAP";
 $messages['title'] = "Změna hesla";
-$messages['login'] = "Přihlašovací jméno";
+$messages['login'] = "Přihlašovací jméno"; // coheres with $ldap_filter
+$messages['login_reset'] = $messages['login']; // coheres with $ldap_filter_reset
 $messages['oldpassword'] = "Staré heslo";
 $messages['newpassword'] = "Nové heslo";
 $messages['confirmpassword'] = "Potvrďte";

lang/de.inc.php

@@ -36,7 +36,8 @@
 $messages['badcredentials'] = "Login oder Passwort inkorrekt";
 $messages['passworderror'] = "Passwort wurde vom LDAP nicht akzeptiert";
 $messages['title'] = "Passwortverwaltung";
-$messages['login'] = "Login";
+$messages['login'] = "Login"; // coheres with $ldap_filter
+$messages['login_reset'] = $messages['login']; // coheres with $ldap_filter_reset
 $messages['oldpassword'] = "Altes Passwort";
 $messages['newpassword'] = "Neues Passwort";
 $messages['confirmpassword'] = "Bestätigen";

lang/ee.inc.php

@@ -40,7 +40,8 @@
 $messages['passworderror'] = "Parooli muudatus lükati tagasi LDAP kataloogi poolt";
 $messages['sshkeyerror'] = "SSH võtme muudatus lükati tagasi LDAP kataloogi poolt";
 $messages['title'] = "Iseteenindus";
-$messages['login'] = "Kasutajanimi";
+$messages['login'] = "Kasutajanimi"; // coheres with $ldap_filter
+$messages['login_reset'] = $messages['login']; // coheres with $ldap_filter_reset
 $messages['oldpassword'] = "Vana parool";
 $messages['newpassword'] = "Uus parool";
 $messages['confirmpassword'] = "Kinnita uus parool";

lang/el.inc.php

@@ -36,7 +36,8 @@
 $messages['badcredentials'] = "Το όνομα χρήστη ή ο κωδικός είναι λάθος";
 $messages['passworderror'] = "Ο κωδικός δεν έγινε δεκτός από την υπηρεσία καταλόγου";
 $messages['title'] = "Αλλαγή/Ανάκτηση Κωδικού";
-$messages['login'] = "Όνομα χρήστη";
+$messages['login'] = "Όνομα χρήστη"; // coheres with $ldap_filter
+$messages['login_reset'] = $messages['login']; // coheres with $ldap_filter_reset
 $messages['oldpassword'] = "Ισχύων κωδικός";
 $messages['newpassword'] = "Νέος κωδικός";
 $messages['confirmpassword'] = "Επιβεβαίωση";

lang/en.inc.php

@@ -38,7 +38,8 @@
 $messages['passworderror'] = "Password was refused by the LDAP directory";
 $messages['sshkeyerror'] = "SSH Key was refused by the LDAP directory";
 $messages['title'] = "Self service password";
-$messages['login'] = "Login";
+$messages['login'] = "Login"; // coheres with $ldap_filter
+$messages['login_reset'] = $messages['login']; // coheres with $ldap_filter_reset
 $messages['oldpassword'] = "Old password";
 $messages['newpassword'] = "New password";
 $messages['confirmpassword'] = "Confirm";

lang/es.inc.php

@@ -36,7 +36,8 @@
 $messages['badcredentials'] = "Su nombre de usuario o su contraseña es incorrecta";
 $messages['passworderror'] = "Su contraseña fue rechazada";
 $messages['title'] = "Autoservicio de cambio de contraseñas";
-$messages['login'] = "Nombre de usuario";
+$messages['login'] = "Nombre de usuario"; // coheres with $ldap_filter
+$messages['login_reset'] = $messages['login']; // coheres with $ldap_filter_reset
 $messages['oldpassword'] = "Contraseña anterior";
 $messages['newpassword'] = "Contraseña nueva";
 $messages['confirmpassword'] = "Confirme contraseña nueva";

lang/fr.inc.php

@@ -36,7 +36,8 @@
 $messages['badcredentials'] = "Identifiant ou mot de passe incorrect";
 $messages['passworderror'] = "Le mot de passe a été refusé";
 $messages['title'] = "Gestion du mot de passe";
-$messages['login'] = "Identifiant";
+$messages['login'] = "Identifiant"; // coheres with $ldap_filter
+$messages['login_reset'] = $messages['login']; // coheres with $ldap_filter_reset
 $messages['oldpassword'] = "Ancien mot de passe";
 $messages['newpassword'] = "Nouveau mot de passe";
 $messages['confirmpassword'] = "Confirmation";

lang/hu.inc.php

@@ -36,7 +36,8 @@
 $messages['badcredentials'] = "A felhasználónév vagy a jelszó nem megfelelő!";
 $messages['passworderror'] = "A jelszó megváltoztatását visszautasította az LDAP szolgáltatás";
 $messages['title'] = "Önkiszolgáló jelszókezelő";
-$messages['login'] = "Felhasználónév";
+$messages['login'] = "Felhasználónév"; // coheres with $ldap_filter
+$messages['login_reset'] = $messages['login']; // coheres with $ldap_filter_reset
 $messages['oldpassword'] = "Régi jelszó";
 $messages['newpassword'] = "Új jelszó";
 $messages['confirmpassword'] = "Új jelszó ismét";

lang/it.inc.php

@@ -36,7 +36,8 @@
 $messages['badcredentials'] = "Login o password non corretti";
 $messages['passworderror'] = "Password rifiutata dalla directory LDAP";
 $messages['title'] = "Self service password";
-$messages['login'] = "Login";
+$messages['login'] = "Login"; // coheres with $ldap_filter
+$messages['login_reset'] = $messages['login']; // coheres with $ldap_filter_reset
 $messages['oldpassword'] = "Vecchia password";
 $messages['newpassword'] = "Nuova password";
 $messages['confirmpassword'] = "Conferma";

lang/ja.inc.php

@@ -36,7 +36,8 @@
 $messages['badcredentials'] = "ログインIDかパスワードが間違っています";
 $messages['passworderror'] = "パスワードはLDAPディレクトリーに拒否されました";
 $messages['title'] = "Self service password";
-$messages['login'] = "ログインID";
+$messages['login'] = "ログインID"; // coheres with $ldap_filter
+$messages['login_reset'] = $messages['login']; // coheres with $ldap_filter_reset
 $messages['oldpassword'] = "現在のパスワード";
 $messages['newpassword'] = "新しいパスワード";
 $messages['confirmpassword'] = "新しいパスワードの確認";

lang/nb-NO.inc.php

@@ -36,7 +36,8 @@
 $messages['badcredentials'] = "Passord eller Brukernavn er feil";
 $messages['passworderror'] = "Passordet var ikke godtatt av LDAP katalogen";
 $messages['title'] = "Self service passord";
-$messages['login'] = "Brukernavn";
+$messages['login'] = "Brukernavn"; // coheres with $ldap_filter
+$messages['login_reset'] = $messages['login']; // coheres with $ldap_filter_reset
 $messages['oldpassword'] = "Gammelt passord";
 $messages['newpassword'] = "Nytt passord";
 $messages['confirmpassword'] = "Bekreft";

lang/nl.inc.php

@@ -36,7 +36,8 @@
 $messages['badcredentials'] = "Gebruikersnaam of wachtwoord onjuist";
 $messages['passworderror'] = "Wachtwoord niet geaccepteerd door de LDAP directory";
 $messages['title'] = "Wachtwoord Self Service";
-$messages['login'] = "Gebruikersnaam";
+$messages['login'] = "Gebruikersnaam"; // coheres with $ldap_filter
+$messages['login_reset'] = $messages['login']; // coheres with $ldap_filter_reset
 $messages['oldpassword'] = "Huidige wachtwoord";
 $messages['newpassword'] = "Nieuwe wachtwoord";
 $messages['confirmpassword'] = "Bevestigen";

lang/pl.inc.php

@@ -36,7 +36,8 @@
 $messages['badcredentials'] = "Login lub hasło nie są poprawne";
 $messages['passworderror'] = "Hasło zostało odrzucone przez bazę LDAP";
 $messages['title'] = "Samodzielna zmiana hasła";
-$messages['login'] = "Login";
+$messages['login'] = "Login"; // coheres with $ldap_filter
+$messages['login_reset'] = $messages['login']; // coheres with $ldap_filter_reset
 $messages['oldpassword'] = "Stare hasło";
 $messages['newpassword'] = "Nowe hasło";
 $messages['confirmpassword'] = "Potwierdź";

lang/pt-BR.inc.php

@@ -36,7 +36,8 @@
 $messages['badcredentials'] = "Login ou senha incorretos";
 $messages['passworderror'] = "A senha foi recusada pelo Diretório LDAP";
 $messages['title'] = "Serviço de senha";
-$messages['login'] = "Login";
+$messages['login'] = "Login"; // coheres with $ldap_filter
+$messages['login_reset'] = $messages['login']; // coheres with $ldap_filter_reset
 $messages['oldpassword'] = "Senha atual";
 $messages['newpassword'] = "Senha nova";
 $messages['confirmpassword'] = "Confirma";

lang/pt-PT.inc.php

@@ -36,7 +36,8 @@
 $messages['badcredentials'] = "Username ou password incorretos.";
 $messages['passworderror'] = "A password foi recusada pelo LDAP.";
 $messages['title'] = "Alteração de Password";
-$messages['login'] = "Username";
+$messages['login'] = "Username"; // coheres with $ldap_filter
+$messages['login_reset'] = $messages['login']; // coheres with $ldap_filter_reset
 $messages['oldpassword'] = "Password actual";
 $messages['newpassword'] = "Password nova";
 $messages['confirmpassword'] = "Confirma password";

lang/ru.inc.php

@@ -36,7 +36,8 @@
 $messages['badcredentials'] = "Проверьте правильность написания логина или пароля";
 $messages['passworderror'] = "Ваш пароль отклонен LDAP directory";
 $messages['title'] = "Self service password";
-$messages['login'] = "Логин";
+$messages['login'] = "Логин"; // coheres with $ldap_filter
+$messages['login_reset'] = $messages['login']; // coheres with $ldap_filter_reset
 $messages['oldpassword'] = "Ваш старый пароль";
 $messages['newpassword'] = "Ваш новый пароль";
 $messages['confirmpassword'] = "Подтвердить";

lang/sk.inc.php

@@ -36,7 +36,8 @@
 $messages['badcredentials'] = "Prihlasovacie meno alebo heslo je nesprávne";
 $messages['passworderror'] = "Heslo bolo odmietnuté LDAP adresári";
 $messages['title'] = "Zmena hesla";
-$messages['login'] = "Prihlasovacie meno";
+$messages['login'] = "Prihlasovacie meno"; // coheres with $ldap_filter
+$messages['login_reset'] = $messages['login']; // coheres with $ldap_filter_reset
 $messages['oldpassword'] = "Staré heslo";
 $messages['newpassword'] = "Nové heslo";
 $messages['confirmpassword'] = "Nové heslo (ešte raz)";

lang/sl.inc.php

@@ -36,7 +36,8 @@
 $messages['badcredentials'] = "Napačno uporabniško ime ali geslo";
 $messages['passworderror'] = "Strežnik LDAP je zavrnil geslo";
 $messages['title'] = "Spreminjanje gesla";
-$messages['login'] = "Uporabniško ime";
+$messages['login'] = "Uporabniško ime"; // coheres with $ldap_filter
+$messages['login_reset'] = $messages['login']; // coheres with $ldap_filter_reset
 $messages['oldpassword'] = "Staro geslo";
 $messages['newpassword'] = "Novo geslo";
 $messages['confirmpassword'] = "Potrdite novo geslo";

lang/sv.inc.php

@@ -36,7 +36,8 @@
 $messages['badcredentials'] = "Lösenord eller Användarnamn är felaktiga";
 $messages['passworderror'] = "Lösenordet godtogs inte av LDAPkatalogen";
 $messages['title'] = "Self service password";
-$messages['login'] = "Användarnamn";
+$messages['login'] = "Användarnamn"; // coheres with $ldap_filter
+$messages['login_reset'] = $messages['login']; // coheres with $ldap_filter_reset
 $messages['oldpassword'] = "Nuvarande lösenord";
 $messages['newpassword'] = "Nytt lösenord";
 $messages['confirmpassword'] = "Bekräfta nytt lösenord";

lang/tr.inc.php

@@ -36,7 +36,8 @@
 $messages['badcredentials'] = "Kullanıcı adı ya da parola hatalı";
 $messages['passworderror'] = "Parola LDAP dizini tarafından reddedildi";
 $messages['title'] = "Self servis parola";
-$messages['login'] = "Kullanıcı adı";
+$messages['login'] = "Kullanıcı adı"; // coheres with $ldap_filter
+$messages['login_reset'] = $messages['login']; // coheres with $ldap_filter_reset
 $messages['oldpassword'] = "Eski parola";
 $messages['newpassword'] = "Yeni parola";
 $messages['confirmpassword'] = "Onayla";

lang/uk.inc.php

@@ -37,7 +37,8 @@
 $messages['badcredentials'] = "Перевірте правильність написання логіна або пароля";
 $messages['passworderror'] = "Ваш пароль відхилено LDAP директорією";
 $messages['title'] = "Self service password";
-$messages['login'] = "Логін";
+$messages['login'] = "Логін"; // coheres with $ldap_filter
+$messages['login_reset'] = $messages['login']; // coheres with $ldap_filter_reset
 $messages['oldpassword'] = "Ваш старий пароль";
 $messages['newpassword'] = "Ваш новий пароль";
 $messages['confirmpassword'] = "Підтвердити";

lang/zh-CN.inc.php

@@ -38,7 +38,8 @@
 $messages['passworderror'] = "密码被 LDAP 服务器拒绝";
 $messages['sshkeyerror'] = "SSH 密钥被 LDAP 服务器拒绝";
 $messages['title'] = "自助密码服务";
-$messages['login'] = "用户名";
+$messages['login'] = "用户名"; // coheres with $ldap_filter
+$messages['login_reset'] = $messages['login']; // coheres with $ldap_filter_reset
 $messages['oldpassword'] = "旧密码";
 $messages['newpassword'] = "新密码";
 $messages['confirmpassword'] = "重复输入";

lang/zh-TW.inc.php

@@ -38,7 +38,8 @@
 $messages['passworderror'] = "密碼被 LDAP 伺服器拒絶";
 $messages['sshkeyerror'] = "SSH 金鑰被 LDAP 伺服器拒絶";
 $messages['title'] = "自助密碼服務";
-$messages['login'] = "帳號";
+$messages['login'] = "帳號"; // coheres with $ldap_filter
+$messages['login_reset'] = $messages['login']; // coheres with $ldap_filter_reset
 $messages['oldpassword'] = "舊密碼";
 $messages['newpassword'] = "新密碼";
 $messages['confirmpassword'] = "確認密碼";

pages/resetbytoken.php

@@ -64,9 +64,11 @@
     session_id($tokenid);
     session_name("token");
     session_start();
-    $login = $_SESSION['login'];
-
-    if ( !$login ) {
+    $entry = $_SESSION['entry'];
+    $mail = $_SESSION['mail'];
+    $login = $entry[$ldap_login_attribute][0];
+    $userdn = $entry['dn'];
+    if ( !$entry ) {
         $result = "tokennotvalid";
 	error_log("Unable to open session $tokenid");
     } else {
@@ -101,10 +103,20 @@
 }
 
 #==============================================================================
-# Find user
+# Check and register new passord
 #==============================================================================
+# Match new and confirm password
 if ( $result === "" ) {
+    if ( $newpassword != $confirmpassword ) { $result="nomatch"; }
+}
 
+# Check password strength
+if ( $result === "" ) {
+    $result = check_password_strength( $newpassword, "", $pwd_policy_config, $login );
+}
+
+# Change password
+if ($result === "") {
     # Connect to LDAP
     $ldap = ldap_connect($ldap_url);
     ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
@@ -128,67 +140,13 @@
             error_log("LDAP - Bind error $errno  (".ldap_error($ldap).")");
         }
     } else {
-
-    # Search for user
-    $ldap_filter = str_replace("{login}", $login, $ldap_filter);
-    $search = ldap_search($ldap, $ldap_base, $ldap_filter);
-
-    $errno = ldap_errno($ldap);
-    if ( $errno ) {
-        $result = "ldaperror";
-        error_log("LDAP - Search error $errno (".ldap_error($ldap).")");
-    } else {
-
-    # Get user DN
-    $entry = ldap_first_entry($ldap, $search);
-    $userdn = ldap_get_dn($ldap, $entry);
-
-    if( !$userdn ) {
-        $result = "badcredentials";
-        error_log("LDAP - User $login not found");
-    }
-
-    # Check objectClass to allow samba and shadow updates
-    $ocValues = ldap_get_values($ldap, $entry, 'objectClass');
-    if ( !in_array( 'sambaSamAccount', $ocValues ) and !in_array( 'sambaSAMAccount', $ocValues ) ) {
-        $samba_mode = false;
-    }
-    if ( !in_array( 'shadowAccount', $ocValues ) ) {
-        $shadow_options['update_shadowLastChange'] = false;
-        $shadow_options['update_shadowExpire'] = false;
-    }
-
-    # Get user email for notification
-    if ( $notify_on_change ) {
-        $mailValues = ldap_get_values($ldap, $entry, $mail_attribute);
-        if ( $mailValues["count"] > 0 ) {
-            $mail = $mailValues[0];
+        $result = change_password($ldap, $userdn, $newpassword, $ad_mode, $ad_options, $samba_mode, $samba_options, $shadow_options, $hash, $hash_options, "", "");
+        if ( $result === "passwordchanged" && isset($posthook) ) {
+            $command = posthook_command($posthook, $login, $newpassword, null, $posthook_password_encodebase64);
+            exec($command, $posthook_output, $posthook_return);
         }
     }
-
-}}}}
-
-#==============================================================================
-# Check and register new passord
-#==============================================================================
-# Match new and confirm password
-if ( $result === "" ) {
-    if ( $newpassword != $confirmpassword ) { $result="nomatch"; }
-}
-
-# Check password strength
-if ( $result === "" ) {
-    $result = check_password_strength( $newpassword, "", $pwd_policy_config, $login );
-}
-
-# Change password
-if ($result === "") {
-    $result = change_password($ldap, $userdn, $newpassword, $ad_mode, $ad_options, $samba_mode, $samba_options, $shadow_options, $hash, $hash_options, "", "");
-    if ( $result === "passwordchanged" && isset($posthook) ) {
-        $command = posthook_command($posthook, $login, $newpassword, null, $posthook_password_encodebase64);
-        exec($command, $posthook_output, $posthook_return);
-    }
-}
+}}
 
 # Delete token if all is ok
 if ( $result === "passwordchanged" ) {