From 0f07828d0c1883727e07ffbec02a3b108db63d90 Mon Sep 17 00:00:00 2001 From: reliberate Date: Thu, 2 Jun 2016 18:26:32 -0600 Subject: [PATCH] Security: Integrate Settings and necessary functions to enforce password complexity requirements. Theme: Add basic password strength indicator bar. Default Settings: Also verify correct Type (name) on Upgrade > App Defaults. User: Show Nickname in Contact select if no Given or Family name. Password Reset: Integrate hide and convert password fields method to prevent browser prompt. --- core/default_settings/app_defaults.php | 38 ++++- core/user_settings/app_languages.php | 103 ++++++++++++++ core/user_settings/user_edit.php | 184 ++++++++++++++----------- core/users/app_languages.php | 81 +++++++++++ core/users/usersupdate.php | 176 ++++++++++++++--------- resources/functions.php | 41 +++++- resources/login.php | 117 ++++++++++++++-- themes/default/css.php | 37 ++++- themes/default/template.php | 19 +++ 9 files changed, 629 insertions(+), 167 deletions(-) diff --git a/core/default_settings/app_defaults.php b/core/default_settings/app_defaults.php index 192ec5f4bf..f5b0503c37 100644 --- a/core/default_settings/app_defaults.php +++ b/core/default_settings/app_defaults.php @@ -59,14 +59,42 @@ if ($domains_processed == 1) { $x++; $array[$x]['default_setting_category'] = 'security'; $array[$x]['default_setting_subcategory'] = 'password_length'; - $array[$x]['default_setting_name'] = 'var'; + $array[$x]['default_setting_name'] = 'numeric'; $array[$x]['default_setting_value'] = '10'; $array[$x]['default_setting_enabled'] = 'true'; - $array[$x]['default_setting_description'] = 'Sets the default length for system generated passwords.'; + $array[$x]['default_setting_description'] = 'Set the required/default length for user/system generated passwords.'; + $x++; + $array[$x]['default_setting_category'] = 'security'; + $array[$x]['default_setting_subcategory'] = 'password_number'; + $array[$x]['default_setting_name'] = 'boolean'; + $array[$x]['default_setting_value'] = 'true'; + $array[$x]['default_setting_enabled'] = 'false'; + $array[$x]['default_setting_description'] = 'Set whether to require at least one number in user passwords.'; + $x++; + $array[$x]['default_setting_category'] = 'security'; + $array[$x]['default_setting_subcategory'] = 'password_lowercase'; + $array[$x]['default_setting_name'] = 'boolean'; + $array[$x]['default_setting_value'] = 'true'; + $array[$x]['default_setting_enabled'] = 'true'; + $array[$x]['default_setting_description'] = 'Set whether to require at least one lowecase letter in user passwords.'; + $x++; + $array[$x]['default_setting_category'] = 'security'; + $array[$x]['default_setting_subcategory'] = 'password_uppercase'; + $array[$x]['default_setting_name'] = 'boolean'; + $array[$x]['default_setting_value'] = 'true'; + $array[$x]['default_setting_enabled'] = 'false'; + $array[$x]['default_setting_description'] = 'Set whether to require at least one uppercase letter in user passwords.'; + $x++; + $array[$x]['default_setting_category'] = 'security'; + $array[$x]['default_setting_subcategory'] = 'password_special'; + $array[$x]['default_setting_name'] = 'boolean'; + $array[$x]['default_setting_value'] = 'true'; + $array[$x]['default_setting_enabled'] = 'false'; + $array[$x]['default_setting_description'] = 'Set whether to require at least one special character in user passwords.'; $x++; $array[$x]['default_setting_category'] = 'security'; $array[$x]['default_setting_subcategory'] = 'password_strength'; - $array[$x]['default_setting_name'] = 'var'; + $array[$x]['default_setting_name'] = 'numeric'; $array[$x]['default_setting_value'] = '4'; $array[$x]['default_setting_enabled'] = 'true'; $array[$x]['default_setting_description'] = 'Set the default strength for system generated passwords. Valid Options: 1 - Numeric Only, 2 - Include Lower Apha, 3 - Include Upper Alpha, 4 - Include Special Characters.'; @@ -315,7 +343,7 @@ if ($domains_processed == 1) { $found = false; $missing[$x] = $setting; foreach ($default_settings as $row) { - if (trim($row['default_setting_subcategory']) == trim($setting['default_setting_subcategory'])) { + if (trim($row['default_setting_subcategory']) == trim($setting['default_setting_subcategory']) && trim($row['default_setting_name']) == trim($setting['default_setting_name'])) { $found = true; //remove items from the array that were found unset($missing[$x]); @@ -351,7 +379,7 @@ if ($domains_processed == 1) { $sql .= "'".check_str($row['default_setting_enabled'])."', "; $sql .= "'".check_str($row['default_setting_description'])."' "; $sql .= ")"; - if ($missing_count != $i) { + if ($missing_count != $i) { $sql .= ",\n"; } $i++; diff --git a/core/user_settings/app_languages.php b/core/user_settings/app_languages.php index c051c837d8..a586adde8c 100644 --- a/core/user_settings/app_languages.php +++ b/core/user_settings/app_languages.php @@ -126,6 +126,39 @@ $text['message-password_reset']['ro'] = "Resetare parolă"; $text['message-password_reset']['fa'] = ""; $text['message-password_reset']['ar-eg'] = "اعادة تعيين كلمة السر"; +$text['message-password_requirements']['en-us'] = "Password Requirements"; +$text['message-password_requirements']['es-cl'] = "Requisitos de Contraseña"; +$text['message-password_requirements']['pt-pt'] = "Requisitos Senha"; +$text['message-password_requirements']['fr-fr'] = "Mot de passe requis"; +$text['message-password_requirements']['pl'] = "Wymagania Hasło"; +$text['message-password_requirements']['uk'] = "вимоги до паролю"; +$text['message-password_requirements']['sv-se'] = "lösenordskrav "; +$text['message-password_requirements']['ro'] = "Cerințe privind parola"; +$text['message-password_requirements']['de-at'] = "Kennwortanforderungen "; +$text['message-password_requirements']['he'] = "דרישות סיסמא"; + +$text['message-password_mismatch']['en-us'] = "Password Mismatch"; +$text['message-password_mismatch']['es-cl'] = "Contraseñas no coinciden"; +$text['message-password_mismatch']['pt-pt'] = "As passwords não correspondem."; +$text['message-password_mismatch']['fr-fr'] = "Les mots de passe ne correspondent pas"; +$text['message-password_mismatch']['pl'] = "Wprowadzone hasła nie są takie same"; +$text['message-password_mismatch']['uk'] = "Паролі не співпадають"; +$text['message-password_mismatch']['sv-se'] = "Lösenordet Stämmer Inte"; +$text['message-password_mismatch']['ro'] = ""; +$text['message-password_mismatch']['de-at'] = "Passwörter stimmen nicht überein."; +$text['message-password_mismatch']['he'] = "הסיסמא לא נכונה"; + +$text['message-password_blank']['en-us'] = "Invalid Password"; +$text['message-password_blank']['es-cl'] = "Contraseña No Válida"; +$text['message-password_blank']['pt-pt'] = "Senha Inválida"; +$text['message-password_blank']['fr-fr'] = "Mot de Passe Incorrect"; +$text['message-password_blank']['pl'] = "Nieprawidłowe hasło"; +$text['message-password_blank']['uk'] = "Неправильний пароль"; +$text['message-password_blank']['sv-se'] = "Ogiltigt Lösenord"; +$text['message-password_blank']['ro'] = ""; +$text['message-password_blank']['de-at'] = "Falsches Passwort"; +$text['message-password_blank']['he'] = "סיסמא לא קיימת"; + $text['message-invalid_username_mismatch_passwords']['en-us'] = "Invalid Username and/or Mismatched Passwords"; $text['message-invalid_username_mismatch_passwords']['es-cl'] = "Nombre de usuario válido y/o contraseñas no coincidentes"; $text['message-invalid_username_mismatch_passwords']['pt-pt'] = "Nome de usuário inválido e/ou palavras-passe não correspondentes"; @@ -281,6 +314,20 @@ $text['label-used']['ro'] = "Folosit"; $text['label-used']['fa'] = ""; $text['label-used']['ar-eg'] = "مستعمل"; +$text['label-uppercase_letters']['en-us'] = "Uppercase Letters"; +$text['label-uppercase_letters']['es-cl'] = "Letras mayúsculas"; +$text['label-uppercase_letters']['pt-pt'] = "Letras maiúsculas"; +$text['label-uppercase_letters']['fr-fr'] = "Lettres capitales"; +$text['label-uppercase_letters']['pt-br'] = "Letras maiúsculas"; +$text['label-uppercase_letters']['pl'] = "Wielkie litery"; +$text['label-uppercase_letters']['he'] = "אותיות רישיות"; +$text['label-uppercase_letters']['uk'] = "Великі літери"; +$text['label-uppercase_letters']['sv-se'] = "Versala bokstäver"; +$text['label-uppercase_letters']['de-at'] = "Großbuchstaben"; +$text['label-uppercase_letters']['ro'] = "Litere mari"; +$text['label-uppercase_letters']['fa'] = ""; +$text['label-uppercase_letters']['ar-eg'] = "الأحرف الكبيرة"; + $text['label-total_extensions']['en-us'] = "Total Extensions"; $text['label-total_extensions']['es-cl'] = "Las extensiones totales"; $text['label-total_extensions']['pt-pt'] = "total de extensões"; @@ -410,6 +457,20 @@ $text['label-status']['ro'] = "Stare"; $text['label-status']['fa'] = ""; $text['label-status']['ar-eg'] = "الحالة"; +$text['label-special_characters']['en-us'] = "Special Characters"; +$text['label-special_characters']['es-cl'] = "Caracteres especiales"; +$text['label-special_characters']['pt-pt'] = "Caracteres especiais"; +$text['label-special_characters']['fr-fr'] = "Caractères spéciaux"; +$text['label-special_characters']['pt-br'] = "Caracteres especiais"; +$text['label-special_characters']['pl'] = "Znaki specjalne"; +$text['label-special_characters']['he'] = "תווים מיוחדים"; +$text['label-special_characters']['uk'] = "спеціальні символи"; +$text['label-special_characters']['sv-se'] = "Speciella karaktärer"; +$text['label-special_characters']['de-at'] = "Spezielle Charaktere"; +$text['label-special_characters']['ro'] = "caractere speciale"; +$text['label-special_characters']['fa'] = ""; +$text['label-special_characters']['ar-eg'] = "أحرف خاصة"; + $text['label-ring_groups']['en-us'] = "Ring Groups"; $text['label-ring_groups']['es-cl'] = "Grupo de llamado"; $text['label-ring_groups']['fr-fr'] = "Groupes de Sonnerie"; @@ -523,6 +584,20 @@ $text['label-outbound']['uk'] = ""; $text['label-outbound']['de-at'] = "Ausgehend"; $text['label-outbound']['he'] = ""; +$text['label-numbers']['en-us'] = "Numbers"; +$text['label-numbers']['es-cl'] = "Números"; +$text['label-numbers']['pt-pt'] = "Números"; +$text['label-numbers']['fr-fr'] = "Nombres"; +$text['label-numbers']['pt-br'] = "Números"; +$text['label-numbers']['pl'] = "Liczby"; +$text['label-numbers']['he'] = "מספרים"; +$text['label-numbers']['uk'] = "чисел"; +$text['label-numbers']['sv-se'] = "Tal"; +$text['label-numbers']['de-at'] = "Nummern"; +$text['label-numbers']['ro'] = "numere"; +$text['label-numbers']['fa'] = ""; +$text['label-numbers']['ar-eg'] = "أرقام"; + $text['label-no_voicemail_assigned']['en-us'] = "No Voicemail Assigned"; $text['label-no_voicemail_assigned']['es-cl'] = "No Asignado correo de voz"; $text['label-no_voicemail_assigned']['pt-pt'] = "Sem Voicemail Assigned"; @@ -625,6 +700,20 @@ $text['label-memory_usage']['ro'] = "Folosirea memoriei"; $text['label-memory_usage']['fa'] = ""; $text['label-memory_usage']['ar-eg'] = "استخدام الذاكرة"; +$text['label-lowercase_letters']['en-us'] = "Lowercase Letters"; +$text['label-lowercase_letters']['es-cl'] = "Letras minusculas"; +$text['label-lowercase_letters']['pt-pt'] = "Letras minúsculas"; +$text['label-lowercase_letters']['fr-fr'] = "Minuscules"; +$text['label-lowercase_letters']['pt-br'] = "Letras minúsculas"; +$text['label-lowercase_letters']['pl'] = "Małe litery"; +$text['label-lowercase_letters']['he'] = "אותיות קטנות"; +$text['label-lowercase_letters']['uk'] = "Букви нижнього регістру"; +$text['label-lowercase_letters']['sv-se'] = "Gemener"; +$text['label-lowercase_letters']['de-at'] = "Kleinbuchstaben"; +$text['label-lowercase_letters']['ro'] = "Litere mici"; +$text['label-lowercase_letters']['fa'] = ""; +$text['label-lowercase_letters']['ar-eg'] = "أحرف صغيرة"; + $text['label-local']['en-us'] = "Local"; $text['label-local']['es-cl'] = "Local"; $text['label-local']['pt-pt'] = "Local"; @@ -943,6 +1032,20 @@ $text['label-cid_name']['uk'] = "Назва"; $text['label-cid_name']['de-at'] = "Name"; $text['label-cid_name']['he'] = "שם"; +$text['label-characters']['en-us'] = "Characters"; +$text['label-characters']['es-cl'] = "Caracteres"; +$text['label-characters']['pt-pt'] = "Personagens"; +$text['label-characters']['fr-fr'] = "Personnages"; +$text['label-characters']['pt-br'] = "Personagens"; +$text['label-characters']['pl'] = "Postacie"; +$text['label-characters']['he'] = "דמויות"; +$text['label-characters']['uk'] = "персонажі"; +$text['label-characters']['sv-se'] = "tecken"; +$text['label-characters']['de-at'] = "Figuren"; +$text['label-characters']['ro'] = "caractere"; +$text['label-characters']['fa'] = ""; +$text['label-characters']['ar-eg'] = "الشخصيات"; + $text['label-channels']['en-us'] = "Channels"; $text['label-channels']['es-cl'] = "Canales"; $text['label-channels']['pt-pt'] = "Canais"; diff --git a/core/user_settings/user_edit.php b/core/user_settings/user_edit.php index 464bde5e55..24305eb8bb 100644 --- a/core/user_settings/user_edit.php +++ b/core/user_settings/user_edit.php @@ -78,30 +78,26 @@ if (count($_POST)>0 && $_POST["persistform"] != "1") { //get the HTTP values and set as variables $password = check_str($_POST["password"]); - $confirm_password = check_str($_POST["confirm_password"]); + $password_confirm = check_str($_POST["password_confirm"]); $user_status = check_str($_POST["user_status"]); $user_template_name = check_str($_POST["user_template_name"]); $user_language = check_str($_POST["user_language"]); $user_time_zone = check_str($_POST["user_time_zone"]); $group_member = check_str($_POST["group_member"]); - //set the required values - $msg = ''; - //if (strlen($password) == 0) { $msg .= "Password cannot be blank.
\n"; } - if ($password != $confirm_password) { $msg .= "".$text['confirm-password']."
\n"; } - //if (strlen($user_time_zone) == 0) { $msg .= "Please provide an time zone.
\n"; } - if (strlen($msg) > 0) { - require_once "resources/header.php"; - echo "
"; - echo "
"; - echo $msg; - echo "
"; - echo "
\n"; - require_once "resources/persist_form.php"; - echo persistform($_POST); - echo "
"; - require_once "resources/footer.php"; - return; + //check required values + if ($password != $password_confirm) { $msg_error = $text['message-password_mismatch']; } + + if ($msg_error != '') { + $_SESSION["message"] = $msg_error; + $_SESSION["message_mood"] = 'negative'; + header("Location: user_edit.php"); + exit; + } + + if (!check_password_strength($password, $text)) { + header("Location: user_edit.php"); + exit; } //check to see if user language is set @@ -216,15 +212,9 @@ if (count($_POST)>0 && $_POST["persistform"] != "1") { } } - //if the template has not been assigned by the superadmin - //if (strlen($_SESSION['domain']['template']['name']) == 0) { - //set the session theme for the active user - // $_SESSION['domain']['template']['name'] = $user_template_name; - //} - //sql update $sql = "update v_users set "; - if (strlen($password) > 0 && $confirm_password == $password) { + if (strlen($password) > 0 && $password_confirm == $password) { //salt used with the password to create a one way hash $salt = generate_password('20', '4'); //set the password @@ -250,9 +240,6 @@ if (count($_POST)>0 && $_POST["persistform"] != "1") { $response = event_socket_request($fp, $cmd); } - //clear the template so it will rebuild in case the template was changed - //$_SESSION["template_content"] = ''; - //redirect the browser $_SESSION["message"] = $text['confirm-update']; header("Location: ".PROJECT_PATH."/core/user_settings/user_edit.php"); @@ -282,6 +269,81 @@ else { //show the content $table_width ='width="100%"'; + + echo "\n"; + echo "
"; echo ""; @@ -308,17 +370,24 @@ else { echo "\n"; echo " "; - echo " "; - echo " "; + echo " "; + echo " "; echo " "; echo " "; - echo " "; - echo " "; + echo " "; + echo " "; echo " "; echo " "; - echo " "; - echo " "; + echo " "; + echo " "; echo " "; echo " "; @@ -380,40 +449,6 @@ else { echo " \n"; } - //if the template has not been assigned by the superadmin - /* - if (strlen($_SESSION['domain']['template']['name']) == 0) { - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - } - */ - echo " \n"; echo " \n"; echo " \n"; echo "
".$text['label-username']."$username".$text['label-username'].""; + echo " ".$username."\n"; + echo "
".$text['label-password']."".$text['label-password'].""; + echo " "; + echo "
"; + echo "
".$text['label-confirm-password']."".$text['label-confirm-password'].""; + echo " "; + echo "
\n"; - echo " Template: \n"; - echo " \n"; - echo " \n"; - echo "
\n"; - echo " Select a template to set as the default and then press save.
\n"; - echo "
\n"; echo " ".$text['label-user_language']."\n"; @@ -475,15 +510,10 @@ else { echo "
"; - echo "
"; + echo "
"; - echo ""; - echo " "; - echo " "; - echo " "; - echo "
"; - echo " "; - echo "
"; + echo "
"; + echo "
"; echo "
"; @@ -492,7 +522,7 @@ else { echo " $(window).keypress(function(event){\n"; echo " if (event.which == 13) { submit_form(); }\n"; echo " });\n"; -// convert password fields to +// convert password fields to text echo " function submit_form() {\n"; echo " $('input:password').css('visibility','hidden');\n"; echo " $('input:password').attr({type:'text'});\n"; diff --git a/core/users/app_languages.php b/core/users/app_languages.php index 1cbbe1f14b..a8e532ec3d 100644 --- a/core/users/app_languages.php +++ b/core/users/app_languages.php @@ -219,6 +219,17 @@ $text['message-password_blank']['ro'] = ""; $text['message-password_blank']['de-at'] = "Falsches Passwort"; $text['message-password_blank']['he'] = "סיסמא לא קיימת"; +$text['message-password_requirements']['en-us'] = "Password Requirements"; +$text['message-password_requirements']['es-cl'] = "Requisitos de Contraseña"; +$text['message-password_requirements']['pt-pt'] = "Requisitos Senha"; +$text['message-password_requirements']['fr-fr'] = "Mot de passe requis"; +$text['message-password_requirements']['pl'] = "Wymagania Hasło"; +$text['message-password_requirements']['uk'] = "вимоги до паролю"; +$text['message-password_requirements']['sv-se'] = "lösenordskrav "; +$text['message-password_requirements']['ro'] = "Cerințe privind parola"; +$text['message-password_requirements']['de-at'] = "Kennwortanforderungen "; +$text['message-password_requirements']['he'] = "דרישות סיסמא"; + $text['message-new_group_name']['en-us'] = "Enter a Name for the new Group..."; $text['message-new_group_name']['es-cl'] = "Introduzca un Nombre para el nuevo Grupo..."; $text['message-new_group_name']['pt-pt'] = "Digite um Nome para o novo Grupo..."; @@ -343,6 +354,20 @@ $text['label-user_info']['ro'] = ""; $text['label-user_info']['de-at'] = "Benutzer Information"; $text['label-user_info']['he'] = "פרטי משתמש"; +$text['label-uppercase_letters']['en-us'] = "Uppercase Letters"; +$text['label-uppercase_letters']['es-cl'] = "Letras mayúsculas"; +$text['label-uppercase_letters']['pt-pt'] = "Letras maiúsculas"; +$text['label-uppercase_letters']['fr-fr'] = "Lettres capitales"; +$text['label-uppercase_letters']['pt-br'] = "Letras maiúsculas"; +$text['label-uppercase_letters']['pl'] = "Wielkie litery"; +$text['label-uppercase_letters']['he'] = "אותיות רישיות"; +$text['label-uppercase_letters']['uk'] = "Великі літери"; +$text['label-uppercase_letters']['sv-se'] = "Versala bokstäver"; +$text['label-uppercase_letters']['de-at'] = "Großbuchstaben"; +$text['label-uppercase_letters']['ro'] = "Litere mari"; +$text['label-uppercase_letters']['fa'] = ""; +$text['label-uppercase_letters']['ar-eg'] = "الأحرف الكبيرة"; + $text['label-top']['en-us'] = "Top"; $text['label-top']['es-cl'] = "encima"; $text['label-top']['pt-pt'] = "Topo"; @@ -407,6 +432,20 @@ $text['label-static']['ro'] = "Static"; $text['label-static']['fa'] = ""; $text['label-static']['ar-eg'] = "ساكن"; +$text['label-special_characters']['en-us'] = "Special Characters"; +$text['label-special_characters']['es-cl'] = "Caracteres especiales"; +$text['label-special_characters']['pt-pt'] = "Caracteres especiais"; +$text['label-special_characters']['fr-fr'] = "Caractères spéciaux"; +$text['label-special_characters']['pt-br'] = "Caracteres especiais"; +$text['label-special_characters']['pl'] = "Znaki specjalne"; +$text['label-special_characters']['he'] = "תווים מיוחדים"; +$text['label-special_characters']['uk'] = "спеціальні символи"; +$text['label-special_characters']['sv-se'] = "Speciella karaktärer"; +$text['label-special_characters']['de-at'] = "Spezielle Charaktere"; +$text['label-special_characters']['ro'] = "caractere speciale"; +$text['label-special_characters']['fa'] = ""; +$text['label-special_characters']['ar-eg'] = "أحرف خاصة"; + $text['label-right']['en-us'] = "Right"; $text['label-right']['es-cl'] = "Derecha"; $text['label-right']['pt-pt'] = "Certo"; @@ -479,6 +518,20 @@ $text['label-other']['sv-se'] = "Annat"; $text['label-other']['de-at'] = "Andere"; $text['label-other']['he'] = "אחר"; +$text['label-numbers']['en-us'] = "Numbers"; +$text['label-numbers']['es-cl'] = "Números"; +$text['label-numbers']['pt-pt'] = "Números"; +$text['label-numbers']['fr-fr'] = "Nombres"; +$text['label-numbers']['pt-br'] = "Números"; +$text['label-numbers']['pl'] = "Liczby"; +$text['label-numbers']['he'] = "מספרים"; +$text['label-numbers']['uk'] = "чисел"; +$text['label-numbers']['sv-se'] = "Tal"; +$text['label-numbers']['de-at'] = "Nummern"; +$text['label-numbers']['ro'] = "numere"; +$text['label-numbers']['fa'] = ""; +$text['label-numbers']['ar-eg'] = "أرقام"; + $text['label-none']['en-us'] = "None"; $text['label-none']['es-cl'] = "Ninguna"; $text['label-none']['pt-pt'] = "Nenhum"; @@ -493,6 +546,20 @@ $text['label-none']['ro'] = "Nici unul"; $text['label-none']['fa'] = ""; $text['label-none']['ar-eg'] = "لا شيء"; +$text['label-lowercase_letters']['en-us'] = "Lowercase Letters"; +$text['label-lowercase_letters']['es-cl'] = "Letras minusculas"; +$text['label-lowercase_letters']['pt-pt'] = "Letras minúsculas"; +$text['label-lowercase_letters']['fr-fr'] = "Minuscules"; +$text['label-lowercase_letters']['pt-br'] = "Letras minúsculas"; +$text['label-lowercase_letters']['pl'] = "Małe litery"; +$text['label-lowercase_letters']['he'] = "אותיות קטנות"; +$text['label-lowercase_letters']['uk'] = "Букви нижнього регістру"; +$text['label-lowercase_letters']['sv-se'] = "Gemener"; +$text['label-lowercase_letters']['de-at'] = "Kleinbuchstaben"; +$text['label-lowercase_letters']['ro'] = "Litere mici"; +$text['label-lowercase_letters']['fa'] = ""; +$text['label-lowercase_letters']['ar-eg'] = "أحرف صغيرة"; + $text['label-left']['en-us'] = "Left"; $text['label-left']['es-cl'] = "Izquierda"; $text['label-left']['pt-pt'] = "Esquerda"; @@ -725,6 +792,20 @@ $text['label-company_name']['ro'] = ""; $text['label-company_name']['de-at'] = "Firmenname"; $text['label-company_name']['he'] = "שם חברה"; +$text['label-characters']['en-us'] = "Characters"; +$text['label-characters']['es-cl'] = "Caracteres"; +$text['label-characters']['pt-pt'] = "Personagens"; +$text['label-characters']['fr-fr'] = "Personnages"; +$text['label-characters']['pt-br'] = "Personagens"; +$text['label-characters']['pl'] = "Postacie"; +$text['label-characters']['he'] = "דמויות"; +$text['label-characters']['uk'] = "персонажі"; +$text['label-characters']['sv-se'] = "tecken"; +$text['label-characters']['de-at'] = "Figuren"; +$text['label-characters']['ro'] = "caractere"; +$text['label-characters']['fa'] = ""; +$text['label-characters']['ar-eg'] = "الشخصيات"; + $text['label-center']['en-us'] = "Center"; $text['label-center']['es-cl'] = "Centrar"; $text['label-center']['pt-pt'] = "Centro"; diff --git a/core/users/usersupdate.php b/core/users/usersupdate.php index 9adf4fbad0..91414aa228 100644 --- a/core/users/usersupdate.php +++ b/core/users/usersupdate.php @@ -101,7 +101,7 @@ if (count($_POST) > 0 && $_POST["persistform"] != "1") { $username_old = check_str($_POST["username_old"]); $username = check_str($_POST["username"]); $password = check_str($_POST["password"]); - $confirm_password = check_str($_POST["confirm_password"]); + $password_confirm = check_str($_POST["password_confirm"]); $user_status = check_str($_POST["user_status"]); $user_language = check_str($_POST["user_language"]); $user_time_zone = check_str($_POST["user_time_zone"]); @@ -124,15 +124,20 @@ if (count($_POST) > 0 && $_POST["persistform"] != "1") { unset($sql); } - if ($password != $confirm_password) { $msg_error = $text['message-password_mismatch']; } + if ($password != $password_confirm) { $msg_error = $text['message-password_mismatch']; } - if ($msg_error) { + if ($msg_error != '') { $_SESSION["message"] = $msg_error; $_SESSION["message_mood"] = 'negative'; header("Location: usersupdate.php?id=".$user_uuid); exit; } + if (!check_password_strength($password, $text)) { + header("Location: usersupdate.php?id=".$user_uuid); + exit; + } + //check to see if user language is set $sql = "select count(*) as num_rows from v_user_settings "; $sql .= "where user_setting_category = 'domain' "; @@ -311,7 +316,7 @@ if (count($_POST) > 0 && $_POST["persistform"] != "1") { if (strlen($username) > 0 && $username != $username_old) { $sql .= "username = '".$username."', "; } - if (strlen($password) > 0 && $confirm_password == $password) { + if (strlen($password) > 0 && $password_confirm == $password) { //salt used with the password to create a one way hash $salt = uuid(); //set the password @@ -406,34 +411,79 @@ if (count($_POST) > 0 && $_POST["persistform"] != "1") { //show the content $table_width ='width="100%"'; - echo ""; + echo "\n"; echo "
\n"; echo "\n"; @@ -462,7 +512,7 @@ if (count($_POST) > 0 && $_POST["persistform"] != "1") { echo " ".$text['label-username'].""; echo " "; if (if_group("admin") || if_group("superadmin")) { - echo " "; + echo " "; } else { echo " ".$username; @@ -472,11 +522,17 @@ if (count($_POST) > 0 && $_POST["persistform"] != "1") { echo " "; echo " ".$text['label-password'].""; - echo " "; + echo " "; + echo " "; + echo " "; + echo "
"; + echo " "; echo " "; echo " "; echo " ".$text['label-confirm_password'].""; - echo " "; + echo " "; + echo " "; + echo " "; echo " "; if (permission_exists('user_domain')) { @@ -589,9 +645,9 @@ if (count($_POST) > 0 && $_POST["persistform"] != "1") { echo " "; echo " ".$text['label-contact'].""; echo " \n"; - $sql = " select contact_uuid, contact_organization, contact_name_given, contact_name_family from v_contacts "; + $sql = " select contact_uuid, contact_organization, contact_name_given, contact_name_family, contact_nickname from v_contacts "; $sql .= " where domain_uuid = '".$domain_uuid."' "; - $sql .= " order by contact_organization desc, contact_name_family asc, contact_name_given asc "; + $sql .= " order by contact_organization desc, contact_name_family asc, contact_name_given asc, contact_nickname asc "; $prep_statement = $db->prepare(check_sql($sql)); $prep_statement->execute(); $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); @@ -599,24 +655,12 @@ if (count($_POST) > 0 && $_POST["persistform"] != "1") { echo "\n"; @@ -745,7 +789,7 @@ if (count($_POST) > 0 && $_POST["persistform"] != "1") { echo " "; echo " "; echo "
"; - echo " "; + echo " "; echo " "; echo " "; echo ""; @@ -753,16 +797,16 @@ if (count($_POST) > 0 && $_POST["persistform"] != "1") { echo "
"; echo "\n"; if (permission_exists('user_setting_view')) { diff --git a/resources/functions.php b/resources/functions.php index d3de2835f8..1331c877b3 100644 --- a/resources/functions.php +++ b/resources/functions.php @@ -988,8 +988,8 @@ function format_string ($format, $data) { $password = ''; $charset = ''; if ($length === 0 && $strength === 0) { //set length and strenth if specified in default settings and strength isn't numeric-only - $length = (is_numeric($_SESSION["security"]["password_length"]["var"])) ? $_SESSION["security"]["password_length"]["var"] : 10; - $strength = (is_numeric($_SESSION["security"]["password_strength"]["var"])) ? $_SESSION["security"]["password_strength"]["var"] : 4; + $length = (is_numeric($_SESSION["security"]["password_length"]["numeric"])) ? $_SESSION["security"]["password_length"]["numeric"] : 10; + $strength = (is_numeric($_SESSION["security"]["password_strength"]["numeric"])) ? $_SESSION["security"]["password_strength"]["numeric"] : 4; } if ($strength >= 1) { $charset .= "0123456789"; } if ($strength >= 2) { $charset .= "abcdefghijkmnopqrstuvwxyz"; } @@ -1002,7 +1002,42 @@ function format_string ($format, $data) { } return $password; } - //echo generate_password(4, 4); + +//check password strength against requirements (if any) + function check_password_strength($password, $text) { + if ($password != '') { + $req['length'] = $_SESSION['security']['password_length']['numeric']; + $req['number'] = ($_SESSION['security']['password_number']['boolean'] == 'true') ? true : false; + $req['lowercase'] = ($_SESSION['security']['password_lowercase']['boolean'] == 'true') ? true : false; + $req['uppercase'] = ($_SESSION['security']['password_uppercase']['boolean'] == 'true') ? true : false; + $req['special'] = ($_SESSION['security']['password_special']['boolean'] == 'true') ? true : false; + if (is_numeric($req['length']) && $req['length'] != 0 && !preg_match_all('$\S*(?=\S{'.$req['length'].',})\S*$', $password)) { // length + $msg_errors[] = $req['length'].'+ '.$text['label-characters']; + } + if ($req['number'] && !preg_match_all('$\S*(?=\S*[\d])\S*$', $password)) { //number + $msg_errors[] = '1+ '.$text['label-numbers']; + } + if ($req['lowercase'] && !preg_match_all('$\S*(?=\S*[a-z])\S*$', $password)) { //lowercase + $msg_errors[] = '1+ '.$text['label-lowercase_letters']; + } + if ($req['uppercase'] && !preg_match_all('$\S*(?=\S*[A-Z])\S*$', $password)) { //uppercase + $msg_errors[] = '1+ '.$text['label-uppercase_letters']; + } + if ($req['special'] && !preg_match_all('$\S*(?=\S*[\W])\S*$', $password)) { //special + $msg_errors[] = '1+ '.$text['label-special_characters']; + } + if (is_array($msg_errors) && sizeof($msg_errors) > 0) { + $_SESSION["message"] = $text['message-password_requirements'].': '.implode(', ', $msg_errors); + $_SESSION['message_mood'] = 'negative'; + $_SESSION['message_delay'] = '6000'; + return false; + } + else { + return true; + } + } + return true; + } //based on Wez Furlong do_post_request if (!function_exists('send_http_request')) { diff --git a/resources/login.php b/resources/login.php index e932caaea0..a3d8339dd6 100644 --- a/resources/login.php +++ b/resources/login.php @@ -116,16 +116,22 @@ $password_repeat != '' && $password_new == $password_repeat ) { - $salt = generate_password('20', '4'); - $sql = "update v_users set "; - $sql .= "password = '".md5($salt.$password_new)."', "; - $sql .= "salt = '".$salt."' "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and username = '".$username."' "; - $db->exec(check_sql($sql)); - $_SESSION["message"] = $text['message-password_reset']; - $password_reset = false; + if (!check_password_strength($password_new, $text)) { + $password_reset = true; + } + else { + $salt = generate_password('20', '4'); + $sql = "update v_users set "; + $sql .= "password = '".md5($salt.$password_new)."', "; + $sql .= "salt = '".$salt."' "; + $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; + $sql .= "and username = '".$username."' "; + $db->exec(check_sql($sql)); + + $_SESSION["message"] = $text['message-password_reset']; + $password_reset = false; + } } else { //not found @@ -253,17 +259,100 @@ } else { + echo "\n"; + echo "\n"; - echo "
\n"; + echo "\n"; echo "\n"; echo "\n"; echo "
\n"; - echo "
\n"; - echo "
\n"; - echo "\n"; + echo "
\n"; + echo "
"; + echo "
\n"; + echo "\n"; echo "

"; echo "
"; - echo ""; + echo "\n"; echo ""; } diff --git a/themes/default/css.php b/themes/default/css.php index 27dae22d54..5c3cfe413a 100644 --- a/themes/default/css.php +++ b/themes/default/css.php @@ -356,6 +356,7 @@ $default_login = ($_REQUEST['login'] == 'default') ? true : false; .dropdown-menu > li > a:active { color: ; background: ; + outline: none; } .dropdown-menu > li > a > span.glyphicon { @@ -975,14 +976,20 @@ $default_login = ($_REQUEST['login'] == 'default') ? true : false; input.login:-ms-input-placeholder { color: } /* ie 10+ */ input.login::placeholder { color: } /* official standard */ - .formfld_highlight_bad { + input[type=password].formfld_highlight_bad, + input[type=password].formfld_highlight_bad:hover, + input[type=password].formfld_highlight_bad:active, + input[type=password].formfld_highlight_bad:focus { border-color: #aa2525; -webkit-box-shadow: 0 0 3px #aa2525 inset; -moz-box-shadow: 0 0 3px #aa2525 inset; box-shadow: 0 0 3px #aa2525 inset; } - .formfld_highlight_good { + input[type=password].formfld_highlight_good, + input[type=password].formfld_highlight_good:hover, + input[type=password].formfld_highlight_good:active, + input[type=password].formfld_highlight_good:focus { border-color: #2fb22f; -webkit-box-shadow: 0 0 3px #2fb22f inset; -moz-box-shadow: 0 0 3px #2fb22f inset; @@ -1026,6 +1033,32 @@ $default_login = ($_REQUEST['login'] == 'default') ? true : false; display: block; } + div.pwstrength_progress { + display: none; + } + + div.pwstrength_progress > div.progress { + max-width: 200px; + height: 6px; + margin: 1px 0 0 1px; + background: ; + + -moz-border-radius: ; + -webkit-border-radius: ; + -khtml-border-radius: ; + border-radius: ; + + } + + div.pwstrength_progress_password_reset > div.progress { + margin: 0 auto 4px auto; + width: 200px; + max-width: 200px; + background: ; + border-width: ; + border-color: ; + } + /* TABLES *****************************************************************/ table { diff --git a/themes/default/template.php b/themes/default/template.php index 7534f0a304..43f5c76e2e 100644 --- a/themes/default/template.php +++ b/themes/default/template.php @@ -51,6 +51,7 @@ + //crossfade menu brand images (if hover version set) $(function(){