fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

HOR-4526

Browse Source
This commit is contained in:
Paula Quispe
2018-10-26 16:14:37 -04:00
parent 88b61567e2
commit 20627c718a
8 changed files with 166 additions and 607 deletions
Download Patch File Download Diff File Expand all files Collapse all files

146
workflow/engine/classes/model/UsersProperties.php
View File

@@ -125,70 +125,144 @@ class UsersProperties extends BaseUsersProperties
return $aUserProperty; return $aUserProperty;
} }
public function validatePassword($sPassword, $sLastUpdate, $iChangePasswordNextTime, $nowLogin = false) /**
* This function will be validate the password policies
*
* @param string $password
* @param string $lastUpdate
* @param integer $changePassword
* @param boolean $nowLogin
*
* @return array
*/
public function validatePassword($password, $lastUpdate, $changePassword, $nowLogin = false)
{ {
if (! defined('PPP_MINIMUM_LENGTH')) { if (!defined('PPP_MINIMUM_LENGTH')) {
define('PPP_MINIMUM_LENGTH', 5); define('PPP_MINIMUM_LENGTH', 5);
} }
if (! defined('PPP_MAXIMUM_LENGTH')) { if (!defined('PPP_MAXIMUM_LENGTH')) {
define('PPP_MAXIMUM_LENGTH', 20); define('PPP_MAXIMUM_LENGTH', 20);
} }
if (! defined('PPP_NUMERICAL_CHARACTER_REQUIRED')) { if (!defined('PPP_NUMERICAL_CHARACTER_REQUIRED')) {
define('PPP_NUMERICAL_CHARACTER_REQUIRED', 0); define('PPP_NUMERICAL_CHARACTER_REQUIRED', 0);
} }
if (! defined('PPP_UPPERCASE_CHARACTER_REQUIRED')) { if (!defined('PPP_UPPERCASE_CHARACTER_REQUIRED')) {
define('PPP_UPPERCASE_CHARACTER_REQUIRED', 0); define('PPP_UPPERCASE_CHARACTER_REQUIRED', 0);
} }
if (! defined('PPP_SPECIAL_CHARACTER_REQUIRED')) { if (!defined('PPP_SPECIAL_CHARACTER_REQUIRED')) {
define('PPP_SPECIAL_CHARACTER_REQUIRED', 0); define('PPP_SPECIAL_CHARACTER_REQUIRED', 0);
} }
if (! defined('PPP_EXPIRATION_IN')) { if (!defined('PPP_EXPIRATION_IN')) {
define('PPP_EXPIRATION_IN', 0); define('PPP_EXPIRATION_IN', 0);
} }
if (function_exists('mb_strlen')) { $lengthPassword = function_exists('mb_strlen') ? mb_strlen($password): strlen($password);
$iLength = mb_strlen($sPassword);
} else { $listErrors = [];
$iLength = strlen($sPassword); //The password has the minimum length
if ($lengthPassword < PPP_MINIMUM_LENGTH || $nowLogin) {
$listErrors[] = 'ID_PPP_MINIMUM_LENGTH';
} }
$aErrors = array(); //The password has the maximum length
if ($iLength < PPP_MINIMUM_LENGTH || $nowLogin) { if ($lengthPassword > PPP_MAXIMUM_LENGTH || $nowLogin) {
$aErrors[] = 'ID_PPP_MINIMUM_LENGTH'; $listErrors[] = 'ID_PPP_MAXIMUM_LENGTH';
}
if ($iLength > PPP_MAXIMUM_LENGTH || $nowLogin) {
$aErrors[] = 'ID_PPP_MAXIMUM_LENGTH';
} }
//The password requires a number
if (PPP_NUMERICAL_CHARACTER_REQUIRED == 1) { if (PPP_NUMERICAL_CHARACTER_REQUIRED == 1) {
if (preg_match_all('/[0-9]/', $sPassword, $aMatch, PREG_PATTERN_ORDER | PREG_OFFSET_CAPTURE) == 0 || $nowLogin) { if (preg_match_all('/[0-9]/', $password, $aMatch,
$aErrors[] = 'ID_PPP_NUMERICAL_CHARACTER_REQUIRED'; PREG_PATTERN_ORDER | PREG_OFFSET_CAPTURE) == 0 || $nowLogin) {
$listErrors[] = 'ID_PPP_NUMERICAL_CHARACTER_REQUIRED';
} }
} }
//The password requires a upper case
if (PPP_UPPERCASE_CHARACTER_REQUIRED == 1) { if (PPP_UPPERCASE_CHARACTER_REQUIRED == 1) {
if (preg_match_all('/[A-Z]/', $sPassword, $aMatch, PREG_PATTERN_ORDER | PREG_OFFSET_CAPTURE) == 0 || $nowLogin) { if (preg_match_all('/[A-Z]/', $password, $aMatch,
$aErrors[] = 'ID_PPP_UPPERCASE_CHARACTER_REQUIRED'; PREG_PATTERN_ORDER | PREG_OFFSET_CAPTURE) == 0 || $nowLogin) {
$listErrors[] = 'ID_PPP_UPPERCASE_CHARACTER_REQUIRED';
} }
} }
//The password requires a special character
if (PPP_SPECIAL_CHARACTER_REQUIRED == 1) { if (PPP_SPECIAL_CHARACTER_REQUIRED == 1) {
if (preg_match_all('/[<5B><>\\!|"@<40>#$~%<25>&<26>\/()=\'?<3F><>*+\-_.:,;]/', $sPassword, $aMatch, PREG_PATTERN_ORDER | PREG_OFFSET_CAPTURE) == 0 || $nowLogin) { if (preg_match_all('/[<5B><>\\!|"@<40>#$~%<25>&<26>\/()=\'?<3F><>*+\-_.:,;]/', $password, $aMatch,
$aErrors[] = 'ID_PPP_SPECIAL_CHARACTER_REQUIRED'; PREG_PATTERN_ORDER | PREG_OFFSET_CAPTURE) == 0 || $nowLogin) {
$listErrors[] = 'ID_PPP_SPECIAL_CHARACTER_REQUIRED';
} }
} }
//The configuration PPP_EXPIRATION_IN is saved in hours
if (PPP_EXPIRATION_IN > 0) { if (PPP_EXPIRATION_IN > 0) {
$oCalendar = new Calendar(); $hoursBetweenDates = (strtotime(date('Y-m-d H:i:s')) - strtotime($lastUpdate)) / (60 * 60);
if ($hoursBetweenDates > PPP_EXPIRATION_IN || $nowLogin) {
if ($oCalendar->pmCalendarUid == '') { $listErrors[] = 'ID_PPP_EXPIRATION_IN';
$oCalendar->pmCalendarUid = '00000000000000000000000000000001'; $changePassword = 1;
$oCalendar->getCalendarData();
}
$fDays = $oCalendar->calculateDuration(date('Y-m-d H:i:s'), $sLastUpdate);
if ($fDays > (PPP_EXPIRATION_IN * 24) || $nowLogin) {
$aErrors[] = 'ID_PPP_EXPIRATION_IN';
} }
} }
if ($iChangePasswordNextTime == 1) {
$aErrors[] = 'ID_PPP_CHANGE_PASSWORD_AFTER_NEXT_LOGIN'; if ($changePassword == 1) {
$listErrors[] = 'ID_PPP_CHANGE_PASSWORD_AFTER_NEXT_LOGIN';
} }
return $aErrors;
return $listErrors;
}
/**
* This function will be get the message for show what policies does not complied
*
* @param array $errorsInPassword
* @param boolean $afterFillingPass
* @param boolean $onlyText
*
* @return array
*/
public function getMessageValidatePassword($errorsInPassword, $afterFillingPass = true, $onlyText = false){
$messPassword = [];
$policyErrors = false;
if ($afterFillingPass) {
$policyMessage = G::LoadTranslation('ID_POLICY_ALERT');
} else {
$policyMessage = G::LoadTranslation('ID_POLICY_ALERT_INFO');
}
$policyMessage .= ($onlyText) ? ' ' : '<br/><br/>';
foreach ($errorsInPassword as $error) {
switch ($error) {
case 'ID_PPP_CHANGE_PASSWORD_AFTER_NEXT_LOGIN':
//Does not consider a policy for the final user, the administrator request to change password
$messPassword[substr($error, 3)] = PPP_MINIMUM_LENGTH;
break;
case 'ID_PPP_MINIMUM_LENGTH':
$policyErrors = true;
$policyMessage .= '- ' . G::LoadTranslation($error) . ': ' . PPP_MINIMUM_LENGTH;
$policyMessage .= ($onlyText) ? '. ' : '<br/>';
$messPassword[substr($error, 3)] = PPP_MINIMUM_LENGTH;
$messPassword['PPP_MINIMUN_LENGTH'] = PPP_MINIMUM_LENGTH;
break;
case 'ID_PPP_MAXIMUM_LENGTH':
$policyErrors = true;
$policyMessage .= '- ' . G::LoadTranslation($error) . ': ' . PPP_MAXIMUM_LENGTH;
$policyMessage .= ($onlyText) ? '. ' : '<br/>';
$messPassword[substr($error, 3)] = PPP_MAXIMUM_LENGTH;
$messPassword['PPP_MAXIMUN_LENGTH'] = PPP_MAXIMUM_LENGTH;
break;
case 'ID_PPP_EXPIRATION_IN':
//Does not consider a policy for the final user, this is enhanced login configuration
$messPassword[substr($error, 3)] = PPP_EXPIRATION_IN;
break;
default:
//PPP_NUMERICAL_CHARACTER_REQUIRED
//PPP_UPPERCASE_CHARACTER_REQUIRED
//PPP_SPECIAL_CHARACTER_REQUIRED
$policyErrors = true;
$policyMessage .= '- ' . G::LoadTranslation($error);
$policyMessage .= ($onlyText) ? '. ' : '<br/>';
$messPassword[substr($error, 3)] = 1;
break;
}
}
if ($afterFillingPass){
$policyMessage .= G::LoadTranslation('ID_PLEASE_CHANGE_PASSWORD_POLICY');
}
$messPassword['DESCRIPTION'] = ($policyErrors) ? $policyMessage : '';
return $messPassword;
} }
/** /**

14
workflow/engine/content/translations/english/processmaker.en.po
View File

@@ -20924,8 +20924,14 @@ msgstr "PM Table"
# TRANSLATION # TRANSLATION
# LABEL/ID_POLICY_ALERT # LABEL/ID_POLICY_ALERT
#: LABEL/ID_POLICY_ALERT #: LABEL/ID_POLICY_ALERT
msgid "Your password does not meet the following password policies" msgid "Your password does not meet the following password policies:"
msgstr "Your password does not meet the following password policies" msgstr "Your password does not meet the following password policies:"
# TRANSLATION
# LABEL/ID_POLICY_ALERT_INFO
#: LABEL/ID_POLICY_ALERT_INFO
msgid "Your password must meet the following policies:"
msgstr "Your password must meet the following policies:"
# TRANSLATION # TRANSLATION
# LABEL/ID_PORT # LABEL/ID_PORT
@@ -20960,8 +20966,8 @@ msgstr "The posted data is empty!"
# TRANSLATION # TRANSLATION
# LABEL/ID_PPP_CHANGE_PASSWORD_AFTER_NEXT_LOGIN # LABEL/ID_PPP_CHANGE_PASSWORD_AFTER_NEXT_LOGIN
#: LABEL/ID_PPP_CHANGE_PASSWORD_AFTER_NEXT_LOGIN #: LABEL/ID_PPP_CHANGE_PASSWORD_AFTER_NEXT_LOGIN
msgid "User must change his/her password after next login" msgid "Your previous password has expired, please enter a new password"
msgstr "User must change his/her password after next login" msgstr "Your previous password has expired, please enter a new password"
# TRANSLATION # TRANSLATION
# LABEL/ID_PPP_EXPIRATION_IN # LABEL/ID_PPP_EXPIRATION_IN

5
workflow/engine/data/mysql/insert.sql
View File

@@ -60364,13 +60364,14 @@ INSERT INTO TRANSLATION (TRN_CATEGORY,TRN_ID,TRN_LANG,TRN_VALUE,TRN_UPDATE_DATE
( 'LABEL','ID_PM_GRID','en','pmGrid','2014-01-15') , ( 'LABEL','ID_PM_GRID','en','pmGrid','2014-01-15') ,
( 'LABEL','ID_PM_HEARTBEAT_SETTINGS_TITLE','en','Heart Beat Configuration','2014-01-15') , ( 'LABEL','ID_PM_HEARTBEAT_SETTINGS_TITLE','en','Heart Beat Configuration','2014-01-15') ,
( 'LABEL','ID_PM_TABLE','en','PM Table','2014-01-15') , ( 'LABEL','ID_PM_TABLE','en','PM Table','2014-01-15') ,
( 'LABEL','ID_POLICY_ALERT','en','Your password does not meet the following password policies','2014-01-15') , ( 'LABEL','ID_POLICY_ALERT','en','Your password does not meet the following password policies:','2018-10-29') ,
( 'LABEL','ID_POLICY_ALERT_INFO','en','Your password must meet the following policies:','2018-10-29') ,
( 'LABEL','ID_PORT','en','Port','2014-01-15') , ( 'LABEL','ID_PORT','en','Port','2014-01-15') ,
( 'LABEL','ID_PORT_UNREACHABLE','en','Destination Port Unreachable','2015-09-18') , ( 'LABEL','ID_PORT_UNREACHABLE','en','Destination Port Unreachable','2015-09-18') ,
( 'LABEL','ID_POSITION','en','Position','2014-01-15') , ( 'LABEL','ID_POSITION','en','Position','2014-01-15') ,
( 'LABEL','ID_POSTED_AT','en','Posted at','2014-01-15') , ( 'LABEL','ID_POSTED_AT','en','Posted at','2014-01-15') ,
( 'LABEL','ID_POSTED_DATA_EMPTY','en','The posted data is empty!','2015-01-16') , ( 'LABEL','ID_POSTED_DATA_EMPTY','en','The posted data is empty!','2015-01-16') ,
( 'LABEL','ID_PPP_CHANGE_PASSWORD_AFTER_NEXT_LOGIN','en','User must change his/her password after next login','2014-10-21') , ( 'LABEL','ID_PPP_CHANGE_PASSWORD_AFTER_NEXT_LOGIN','en','Your previous password has expired, please enter a new password','2018-10-26') ,
( 'LABEL','ID_PPP_EXPIRATION_IN','en','Password Expiration in','2014-01-15') , ( 'LABEL','ID_PPP_EXPIRATION_IN','en','Password Expiration in','2014-01-15') ,
( 'LABEL','ID_PPP_MAXIMUM_LENGTH','en','Maximum length','2014-01-15') , ( 'LABEL','ID_PPP_MAXIMUM_LENGTH','en','Maximum length','2014-01-15') ,
( 'LABEL','ID_PPP_MAXIMUN_LENGTH','en','Maximum length','2014-01-15') , ( 'LABEL','ID_PPP_MAXIMUN_LENGTH','en','Maximum length','2014-01-15') ,

55
workflow/engine/methods/login/authentication.php
View File

@@ -290,7 +290,7 @@ try {
/* Check password using policy - Start */ /* Check password using policy - Start */
require_once 'classes/model/UsersProperties.php'; require_once 'classes/model/UsersProperties.php';
$oUserProperty = new UsersProperties(); $userProperty = new UsersProperties();
// getting default user location // getting default user location
if (isset($_REQUEST['form']['URL']) && $_REQUEST['form']['URL'] != '') { if (isset($_REQUEST['form']['URL']) && $_REQUEST['form']['URL'] != '') {
@@ -307,7 +307,7 @@ try {
if (isset($_REQUEST['u']) && $_REQUEST['u'] != '') { if (isset($_REQUEST['u']) && $_REQUEST['u'] != '') {
$sLocation = G::sanitizeInput($_REQUEST['u']); $sLocation = G::sanitizeInput($_REQUEST['u']);
} else { } else {
$sLocation = $oUserProperty->redirectTo($_SESSION['USER_LOGGED'], $lang); $sLocation = $userProperty->redirectTo($_SESSION['USER_LOGGED'], $lang);
} }
} }
@@ -316,50 +316,39 @@ try {
die(); die();
} }
$aUserProperty = $oUserProperty->loadOrCreateIfNotExists($_SESSION['USER_LOGGED'], array('USR_PASSWORD_HISTORY' => serialize(array(G::encryptOld($pwd))))); $userPropertyInfo = $userProperty->loadOrCreateIfNotExists($_SESSION['USER_LOGGED'], array('USR_PASSWORD_HISTORY' => serialize(array(G::encryptOld($pwd)))));
$aErrors = $oUserProperty->validatePassword($_POST['form']['USR_PASSWORD'], $aUserProperty['USR_LAST_UPDATE_DATE'], $aUserProperty['USR_LOGGED_NEXT_TIME'], true); $errorInPassword = $userProperty->validatePassword(
$_POST['form']['USR_PASSWORD'],
$userPropertyInfo['USR_LAST_UPDATE_DATE'],
$userPropertyInfo['USR_LOGGED_NEXT_TIME']
);
//Enable change password from GAP
if (!isset($enableChangePasswordAfterNextLogin)) { if (!isset($enableChangePasswordAfterNextLogin)) {
$enableChangePasswordAfterNextLogin = true; $enableChangePasswordAfterNextLogin = true;
} }
if ($enableChangePasswordAfterNextLogin && !empty($aErrors) && in_array("ID_PPP_CHANGE_PASSWORD_AFTER_NEXT_LOGIN", $aErrors)) { if ($enableChangePasswordAfterNextLogin && !empty($errorInPassword)) {
if (!defined('NO_DISPLAY_USERNAME')) { if (!defined('NO_DISPLAY_USERNAME')) {
define('NO_DISPLAY_USERNAME', 1); define('NO_DISPLAY_USERNAME', 1);
} }
$aFields = array(); //We will to get the message for the login
$aFields['DESCRIPTION'] = '<span style="font-weight:normal;">'; $messPassword = [];
$aFields['DESCRIPTION'] .= G::LoadTranslation('ID_POLICY_ALERT').':<br /><br />'; $policySection = $userProperty->getMessageValidatePassword($errorInPassword, false);
foreach ($aErrors as $sError) { $changePassword = '<span style="font-weight:normal;">';
switch ($sError) { if (array_search('ID_PPP_CHANGE_PASSWORD_AFTER_NEXT_LOGIN', $errorInPassword)) {
case 'ID_PPP_MINIMUM_LENGTH': $changePassword .= G::LoadTranslation('ID_PPP_CHANGE_PASSWORD_AFTER_NEXT_LOGIN') . '<br/><br/>';
$aFields['DESCRIPTION'] .= ' - ' . G::LoadTranslation($sError).': ' . PPP_MINIMUM_LENGTH . '<br />';
$aFields[substr($sError, 3)] = PPP_MINIMUM_LENGTH;
$aFields['PPP_MINIMUN_LENGTH'] = PPP_MINIMUM_LENGTH;
break;
case 'ID_PPP_MAXIMUM_LENGTH':
$aFields['DESCRIPTION'] .= ' - ' . G::LoadTranslation($sError).': ' . PPP_MAXIMUM_LENGTH . '<br />';
$aFields[substr($sError, 3)] = PPP_MAXIMUM_LENGTH;
$aFields['PPP_MAXIMUN_LENGTH'] = PPP_MAXIMUM_LENGTH;
break;
case 'ID_PPP_EXPIRATION_IN':
$aFields['DESCRIPTION'] .= ' - ' . G::LoadTranslation($sError).' ' . PPP_EXPIRATION_IN . ' ' . G::LoadTranslation('ID_DAYS') . '<br />';
$aFields[substr($sError, 3)] = PPP_EXPIRATION_IN;
break;
default:
$aFields['DESCRIPTION'] .= ' - ' . G::LoadTranslation($sError).'<br />';
$aFields[substr($sError, 3)] = 1;
break;
}
} }
$aFields['DESCRIPTION'] .= '<br />' . G::LoadTranslation('ID_PLEASE_CHANGE_PASSWORD_POLICY') . '<br /><br /></span>'; $messPassword['DESCRIPTION'] = $changePassword . $policySection['DESCRIPTION'] . '</span>';
$G_PUBLISH = new Publisher; $G_PUBLISH = new Publisher;
$version = explode('.', trim(file_get_contents(PATH_GULLIVER . 'VERSION'))); $version = explode('.', trim(file_get_contents(PATH_GULLIVER . 'VERSION')));
$version = isset($version[0]) ? intval($version[0]) : 0; $version = isset($version[0]) ? intval($version[0]) : 0;
if ($version >= 3) { if ($version >= 3) {
$G_PUBLISH->AddContent('xmlform', 'xmlform', 'login/changePasswordpm3', '', $aFields, 'changePassword'); $G_PUBLISH->AddContent('xmlform', 'xmlform', 'login/changePasswordpm3', '', $messPassword,
}else{ 'changePassword');
$G_PUBLISH->AddContent('xmlform', 'xmlform', 'login/changePassword', '', $aFields, 'changePassword'); } else {
$G_PUBLISH->AddContent('xmlform', 'xmlform', 'login/changePassword', '', $messPassword, 'changePassword');
} }
G::RenderPage('publish'); G::RenderPage('publish');
die; die;

170
workflow/engine/methods/users/myInfo_Save.php
View File

@@ -1,170 +0,0 @@
<?php
/**
* myInfo_Save.php
*
* ProcessMaker Open Source Edition
* Copyright (C) 2004 - 2008 Colosa Inc.23
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
* Coral Gables, FL, 33134, USA, or email info@colosa.com.
*/
try {
ini_set( 'display_errors', '1' );
global $RBAC;
switch ($RBAC->userCanAccess( 'PM_LOGIN' )) {
case - 2:
G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_SYSTEM', 'error', 'labels' );
G::header( 'location: ../login/login' );
die();
break;
case - 1:
G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_PAGE', 'error', 'labels' );
G::header( 'location: ../login/login' );
die();
break;
}
if (isset( $_FILES['form']['name']['USR_RESUME'] )) {
$_POST['form']['USR_RESUME'] = $_FILES['form']['name']['USR_RESUME'];
}
if ($_POST['form']['USR_EMAIL'] != '') {
// The ereg function has been DEPRECATED as of PHP 5.3.0.
// if (!ereg("^[_a-zA-Z0-9-]+(\.[_a-zA-Z0-9-]+)*@[a-zA-Z0-9-]+(\.[a-zA-Z0-9-]+)*$", $_POST['form']['USR_EMAIL'])) {
if (! preg_match( "/^[_a-zA-Z0-9-]+(\.[_a-zA-Z0-9-]+)*@[a-zA-Z0-9-]+(\.[a-zA-Z0-9-]+)*$/", $_POST['form']['USR_EMAIL'] )) {
G::SendTemporalMessage( 'ID_INCORRECT_EMAIL', 'error' );
}
}
if (! isset( $_POST['form']['USR_NEW_PASS'] )) {
$_POST['form']['USR_NEW_PASS'] = '';
}
if ($_POST['form']['USR_NEW_PASS'] != '') {
$_POST['form']['USR_PASSWORD'] = Bootstrap::hashPassword( $_POST['form']['USR_NEW_PASS'] );
}
if (! isset( $_POST['form']['USR_CITY'] )) {
$_POST['form']['USR_CITY'] = '';
}
if (! isset( $_POST['form']['USR_LOCATION'] )) {
$_POST['form']['USR_LOCATION'] = '';
}
if (! isset( $_POST['form']['USR_ROLE'] )) {
$_POST['form']['USR_ROLE'] = '';
}
$aData['USR_UID'] = $_POST['form']['USR_UID'];
$aData['USR_USERNAME'] = $_POST['form']['USR_USERNAME'];
if (isset( $_POST['form']['USR_PASSWORD'] )) {
if ($_POST['form']['USR_PASSWORD'] != '') {
$aData['USR_PASSWORD'] = $_POST['form']['USR_PASSWORD'];
require_once 'classes/model/UsersProperties.php';
$oUserProperty = new UsersProperties();
$aUserProperty = $oUserProperty->loadOrCreateIfNotExists( $_POST['form']['USR_UID'], array ('USR_PASSWORD_HISTORY' => serialize( array (G::encryptOld( $_POST['form']['USR_NEW_PASS'] )
) )
) );
$aErrors = $oUserProperty->validatePassword( $_POST['form']['USR_NEW_PASS'], $aUserProperty['USR_LAST_UPDATE_DATE'], $aUserProperty['USR_LOGGED_NEXT_TIME'] );
if (count( $aErrors ) > 0) {
$sDescription = G::LoadTranslation( 'ID_POLICY_ALERT' ) . ':<br /><br />';
foreach ($aErrors as $sError) {
switch ($sError) {
case 'ID_PPP_MINIMUN_LENGTH':
$sDescription .= ' - ' . G::LoadTranslation( $sError ) . ': ' . PPP_MINIMUN_LENGTH . '<br />';
break;
case 'ID_PPP_MAXIMUN_LENGTH':
$sDescription .= ' - ' . G::LoadTranslation( $sError ) . ': ' . PPP_MAXIMUN_LENGTH . '<br />';
break;
case 'ID_PPP_EXPIRATION_IN':
$sDescription .= ' - ' . G::LoadTranslation( $sError ) . ' ' . PPP_EXPIRATION_IN . ' ' . G::LoadTranslation( 'ID_DAYS' ) . '<br />';
break;
default:
$sDescription .= ' - ' . G::LoadTranslation( $sError ) . '<br />';
break;
}
}
$sDescription .= '<br />' . G::LoadTranslation( 'ID_PLEASE_CHANGE_PASSWORD_POLICY' );
G::SendMessageText( $sDescription, 'warning' );
G::header( 'Location: ' . $_SERVER['HTTP_REFERER'] );
die();
}
$aHistory = unserialize( $aUserProperty['USR_PASSWORD_HISTORY'] );
if (! is_array( $aHistory )) {
$aHistory = array ();
}
if (! defined( 'PPP_PASSWORD_HISTORY' )) {
define( 'PPP_PASSWORD_HISTORY', 0 );
}
if (PPP_PASSWORD_HISTORY > 0) {
if (count( $aHistory ) >= PPP_PASSWORD_HISTORY) {
array_shift( $aHistory );
}
$aHistory[] = $_POST['form']['USR_NEW_PASS'];
}
$aUserProperty['USR_LAST_UPDATE_DATE'] = date( 'Y-m-d H:i:s' );
$aUserProperty['USR_LOGGED_NEXT_TIME'] = 1;
$aUserProperty['USR_PASSWORD_HISTORY'] = serialize( $aHistory );
$oUserProperty->update( $aUserProperty );
}
}
$aData['USR_FIRSTNAME'] = $_POST['form']['USR_FIRSTNAME'];
$aData['USR_LASTNAME'] = $_POST['form']['USR_LASTNAME'];
$aData['USR_EMAIL'] = $_POST['form']['USR_EMAIL'];
$aData['USR_DUE_DATE'] = $_POST['form']['USR_DUE_DATE'];
$aData['USR_UPDATE_DATE'] = date( 'Y-m-d H:i:s' );
$RBAC->updateUser( $aData );
$aData['USR_PASSWORD'] = G::encryptOld( $_POST['form']['USR_USERNAME'] ); //fake :p
$aData['USR_COUNTRY'] = $_POST['form']['USR_COUNTRY'];
$aData['USR_CITY'] = $_POST['form']['USR_CITY'];
$aData['USR_LOCATION'] = $_POST['form']['USR_LOCATION'];
$aData['USR_ADDRESS'] = $_POST['form']['USR_ADDRESS'];
$aData['USR_PHONE'] = $_POST['form']['USR_PHONE'];
$aData['USR_ZIP_CODE'] = $_POST['form']['USR_ZIP_CODE'];
$aData['USR_POSITION'] = $_POST['form']['USR_POSITION'];
if ($_POST['form']['USR_RESUME'] != '') {
$aData['USR_RESUME'] = $_POST['form']['USR_RESUME'];
}
require_once 'classes/model/Users.php';
$oUser = new Users();
$oUser->update( $aData );
if ($_FILES['form']['tmp_name']['USR_PHOTO'] != '') {
$aAux = explode( '.', $_FILES['form']['name']['USR_PHOTO'] );
G::uploadFile( $_FILES['form']['tmp_name']['USR_PHOTO'], PATH_IMAGES_ENVIRONMENT_USERS, $aData['USR_UID'] . '.' . $aAux[1] );
G::resizeImage( PATH_IMAGES_ENVIRONMENT_USERS . $aData['USR_UID'] . '.' . $aAux[1], 96, 96, PATH_IMAGES_ENVIRONMENT_USERS . $aData['USR_UID'] . '.gif' );
}
if ($_FILES['form']['tmp_name']['USR_RESUME'] != '') {
G::uploadFile( $_FILES['form']['tmp_name']['USR_RESUME'], PATH_IMAGES_ENVIRONMENT_FILES . $aData['USR_UID'] . '/', $_FILES['form']['name']['USR_RESUME'] );
}
/* Saving preferences */
$def_lang = $_POST['form']['PREF_DEFAULT_LANG'];
$def_menu = $_POST['form']['PREF_DEFAULT_MENUSELECTED'];
$def_cases_menu = $_POST['form']['PREF_DEFAULT_CASES_MENUSELECTED'];
$oConf = new Configurations();
$aConf = Array ('DEFAULT_LANG' => $def_lang,'DEFAULT_MENU' => $def_menu,'DEFAULT_CASES_MENU' => $def_cases_menu
);
/*UPDATING SESSION VARIABLES*/
$aUser = $RBAC->userObj->load( $_SESSION['USER_LOGGED'] );
$_SESSION['USR_FULLNAME'] = $aUser['USR_FIRSTNAME'] . ' ' . $aUser['USR_LASTNAME'];
$oConf->aConfig = $aConf;
$oConf->saveConfig( 'USER_PREFERENCES', '', '', $_SESSION['USER_LOGGED'] );
G::SendTemporalMessage( 'ID_CHANGES_SAVED', 'info', 'labels' );
G::header( 'location: myInfo' );
} catch (Exception $oException) {
$token = strtotime("now");
PMException::registerErrorLog($oException, $token);
G::outRes( G::LoadTranslation("ID_EXCEPTION_LOG_INTERFAZ", array($token)) );
die;
}

44
workflow/engine/methods/users/usersAjax.php
View File

@@ -380,56 +380,32 @@ switch ($_POST['action']) {
break; break;
case 'testPassword': case 'testPassword':
require_once 'classes/model/UsersProperties.php'; require_once 'classes/model/UsersProperties.php';
$oUserProperty = new UsersProperties(); $userProperty = new UsersProperties();
$aFields = array(); $fields = [];
$color = ''; $color = '';
$img = ''; $img = '';
$dateNow = date('Y-m-d H:i:s'); $dateNow = date('Y-m-d H:i:s');
$aErrors = $oUserProperty->validatePassword($_POST['PASSWORD_TEXT'], $dateNow, $dateNow); $errorInPassword = $userProperty->validatePassword($_POST['PASSWORD_TEXT'], $dateNow, 0);
if (!empty($aErrors)) { if (!empty($errorInPassword)) {
$img = '/images/delete.png'; $img = '/images/delete.png';
$color = 'red'; $color = 'red';
if (!defined('NO_DISPLAY_USERNAME')) { if (!defined('NO_DISPLAY_USERNAME')) {
define('NO_DISPLAY_USERNAME', 1); define('NO_DISPLAY_USERNAME', 1);
} }
$aFields = array(); $fields = $userProperty->getMessageValidatePassword($errorInPassword);
$aFields['DESCRIPTION'] = G::LoadTranslation('ID_POLICY_ALERT') . ':<br />'; $fields['STATUS'] = false;
foreach ($aErrors as $sError) {
switch ($sError) {
case 'ID_PPP_MINIMUM_LENGTH':
$aFields['DESCRIPTION'] .= ' - ' . G::LoadTranslation($sError) . ': ' . PPP_MINIMUM_LENGTH . '<br />';
$aFields[substr($sError, 3)] = PPP_MINIMUM_LENGTH;
break;
case 'ID_PPP_MAXIMUM_LENGTH':
$aFields['DESCRIPTION'] .= ' - ' . G::LoadTranslation($sError) . ': ' . PPP_MAXIMUM_LENGTH . '<br />';
$aFields[substr($sError, 3)] = PPP_MAXIMUM_LENGTH;
break;
case 'ID_PPP_EXPIRATION_IN':
$aFields['DESCRIPTION'] .= ' - ' . G::LoadTranslation($sError) . ' ' . PPP_EXPIRATION_IN . ' ' . G::LoadTranslation('ID_DAYS') . '<br />';
$aFields[substr($sError, 3)] = PPP_EXPIRATION_IN;
break;
default:
$aFields['DESCRIPTION'] .= ' - ' . G::LoadTranslation($sError) . '<br />';
$aFields[substr($sError, 3)] = 1;
break;
}
}
$aFields['DESCRIPTION'] .= G::LoadTranslation('ID_PLEASE_CHANGE_PASSWORD_POLICY') . '</span>';
$aFields['STATUS'] = false;
} else { } else {
$color = 'green'; $color = 'green';
$img = '/images/dialog-ok-apply.png'; $img = '/images/dialog-ok-apply.png';
$aFields['DESCRIPTION'] = G::LoadTranslation('ID_PASSWORD_COMPLIES_POLICIES') . '</span>'; $fields['DESCRIPTION'] = G::LoadTranslation('ID_PASSWORD_COMPLIES_POLICIES') . '</span>';
$aFields['STATUS'] = true; $fields['STATUS'] = true;
} }
$span = '<span style="color: ' . $color . '; font: 9px tahoma,arial,helvetica,sans-serif;">'; $span = '<span style="color: ' . $color . '; font: 9px tahoma,arial,helvetica,sans-serif;">';
$gif = '<img width="13" height="13" border="0" src="' . $img . '">'; $gif = '<img width="13" height="13" border="0" src="' . $img . '">';
$aFields['DESCRIPTION'] = $span . $gif . $aFields['DESCRIPTION']; $fields['DESCRIPTION'] = $span . $gif . $fields['DESCRIPTION'];
print(G::json_encode($aFields)); print(G::json_encode($fields));
break; break;
case 'testUsername': case 'testUsername':
require_once 'classes/model/Users.php'; require_once 'classes/model/Users.php';

297
workflow/engine/methods/users/users_Save.php
View File

@@ -1,297 +0,0 @@
<?php
/**
* users_Save.php
*
* ProcessMaker Open Source Edition
* Copyright (C) 2004 - 2008 Colosa Inc.23
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
* Coral Gables, FL, 33134, USA, or email info@colosa.com.
*/
try {
global $RBAC;
switch ($RBAC->userCanAccess( 'PM_FACTORY' )) {
case - 2:
G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_SYSTEM', 'error', 'labels' );
G::header( 'location: ../login/login' );
die();
break;
case - 1:
G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_PAGE', 'error', 'labels' );
G::header( 'location: ../login/login' );
die();
break;
}
if (empty( $_POST ) || ! isset( $_POST['form'] )) {
if (empty( $_FILES ))
throw (new Exception( G::loadTranslation( 'ID_ERROR_UPLOADING_FILENAME' ) ));
else
throw (new Exception( G::loadTranslation( 'ID_POSTED_DATA_EMPTY' ) ));
}
$form = $_POST['form'];
if (isset( $_GET['USR_UID'] )) {
$form['USR_UID'] = $_GET['USR_UID'];
} else {
$form['USR_UID'] = '';
}
if (isset( $_FILES['form']['name']['USR_RESUME'] )) {
if ($_FILES['form']['tmp_name']['USR_RESUME'] != '') {
$form['USR_RESUME'] = $_FILES['form']['name']['USR_RESUME'];
} else {
$form['USR_RESUME'] = '';
}
}
if (! isset( $form['USR_NEW_PASS'] )) {
$form['USR_NEW_PASS'] = '';
}
if ($form['USR_NEW_PASS'] != '') {
$form['USR_PASSWORD'] = Bootstrap::hashPassword( $form['USR_NEW_PASS'] );
}
if (! isset( $form['USR_CITY'] )) {
$form['USR_CITY'] = '';
}
if (! isset( $form['USR_LOCATION'] )) {
$form['USR_LOCATION'] = '';
}
if (! isset( $form['USR_AUTH_USER_DN'] )) {
$form['USR_AUTH_USER_DN'] = '';
}
if ($form['USR_UID'] == '') {
$aData['USR_USERNAME'] = $form['USR_USERNAME'];
$aData['USR_PASSWORD'] = $form['USR_PASSWORD'];
$aData['USR_FIRSTNAME'] = $form['USR_FIRSTNAME'];
$aData['USR_LASTNAME'] = $form['USR_LASTNAME'];
$aData['USR_EMAIL'] = $form['USR_EMAIL'];
$aData['USR_DUE_DATE'] = $form['USR_DUE_DATE'];
$aData['USR_CREATE_DATE'] = date( 'Y-m-d H:i:s' );
$aData['USR_UPDATE_DATE'] = date( 'Y-m-d H:i:s' );
$aData['USR_BIRTHDAY'] = date( 'Y-m-d' );
$aData['USR_AUTH_USER_DN'] = $form['USR_AUTH_USER_DN'];
//fixing bug in inactive user when the admin create a new user.
$statusWF = $form['USR_STATUS'];
$aData['USR_STATUS'] = $form['USR_STATUS'] == 'ACTIVE' ? 1 : 0;
$sUserUID = $RBAC->createUser( $aData, $form['USR_ROLE'] );
$aData['USR_STATUS'] = $statusWF;
$aData['USR_UID'] = $sUserUID;
$aData['USR_PASSWORD'] = G::encryptOld( $sUserUID ); //fake :p
$aData['USR_COUNTRY'] = $form['USR_COUNTRY'];
$aData['USR_CITY'] = $form['USR_CITY'];
$aData['USR_LOCATION'] = $form['USR_LOCATION'];
$aData['USR_ADDRESS'] = $form['USR_ADDRESS'];
$aData['USR_PHONE'] = $form['USR_PHONE'];
$aData['USR_ZIP_CODE'] = $form['USR_ZIP_CODE'];
$aData['USR_POSITION'] = $form['USR_POSITION'];
// Commented by removal of resume in the addition and modification of user.
// $aData['USR_RESUME'] = $form['USR_RESUME'];
$aData['USR_ROLE'] = $form['USR_ROLE'];
$aData['USR_REPLACED_BY'] = $form['USR_REPLACED_BY'];
require_once 'classes/model/Users.php';
$oUser = new Users();
$oUser->create( $aData );
if ($_FILES['form']['error']['USR_PHOTO'] != 1) {
if ($_FILES['form']['tmp_name']['USR_PHOTO'] != '') {
G::uploadFile( $_FILES['form']['tmp_name']['USR_PHOTO'], PATH_IMAGES_ENVIRONMENT_USERS, $sUserUID . '.gif' );
}
} else {
G::SendTemporalMessage( 'ID_FILE_TOO_BIG', 'error' );
}
if ($_FILES['form']['error']['USR_RESUME'] != 1) {
if ($_FILES['form']['tmp_name']['USR_RESUME'] != '') {
G::uploadFile( $_FILES['form']['tmp_name']['USR_RESUME'], PATH_IMAGES_ENVIRONMENT_FILES . $sUserUID . '/', $_FILES['form']['name']['USR_RESUME'] );
}
} else {
G::SendTemporalMessage( 'ID_FILE_TOO_BIG', 'error' );
}
} else {
$aData['USR_UID'] = $form['USR_UID'];
$aData['USR_USERNAME'] = $form['USR_USERNAME'];
if (isset( $form['USR_PASSWORD'] )) {
if ($form['USR_PASSWORD'] != '') {
$aData['USR_PASSWORD'] = $form['USR_PASSWORD'];
require_once 'classes/model/UsersProperties.php';
$oUserProperty = new UsersProperties();
$aUserProperty = $oUserProperty->loadOrCreateIfNotExists( $form['USR_UID'], array ('USR_PASSWORD_HISTORY' => serialize( array (G::encryptOld( $form['USR_PASSWORD'] )
) )
) );
$RBAC->loadUserRolePermission( 'PROCESSMAKER', $_SESSION['USER_LOGGED'] );
if ($RBAC->aUserInfo['PROCESSMAKER']['ROLE']['ROL_CODE'] == 'PROCESSMAKER_ADMIN') {
$aUserProperty['USR_LAST_UPDATE_DATE'] = date( 'Y-m-d H:i:s' );
$aUserProperty['USR_LOGGED_NEXT_TIME'] = 1;
$oUserProperty->update( $aUserProperty );
}
$aErrors = $oUserProperty->validatePassword( $form['USR_NEW_PASS'], $aUserProperty['USR_LAST_UPDATE_DATE'], 0 );
if (count( $aErrors ) > 0) {
$sDescription = G::LoadTranslation( 'ID_POLICY_ALERT' ) . ':<br /><br />';
foreach ($aErrors as $sError) {
switch ($sError) {
case 'ID_PPP_MINIMUN_LENGTH':
$sDescription .= ' - ' . G::LoadTranslation( $sError ) . ': ' . PPP_MINIMUN_LENGTH . '<br />';
break;
case 'ID_PPP_MAXIMUN_LENGTH':
$sDescription .= ' - ' . G::LoadTranslation( $sError ) . ': ' . PPP_MAXIMUN_LENGTH . '<br />';
break;
case 'ID_PPP_EXPIRATION_IN':
$sDescription .= ' - ' . G::LoadTranslation( $sError ) . ' ' . PPP_EXPIRATION_IN . ' ' . G::LoadTranslation( 'ID_DAYS' ) . '<br />';
break;
default:
$sDescription .= ' - ' . G::LoadTranslation( $sError ) . '<br />';
break;
}
}
$sDescription .= '<br />' . G::LoadTranslation( 'ID_PLEASE_CHANGE_PASSWORD_POLICY' );
G::SendMessageText( $sDescription, 'warning' );
G::header( 'Location: ' . $_SERVER['HTTP_REFERER'] );
die();
}
$aHistory = unserialize( $aUserProperty['USR_PASSWORD_HISTORY'] );
if (! is_array( $aHistory )) {
$aHistory = array ();
}
if (! defined( 'PPP_PASSWORD_HISTORY' )) {
define( 'PPP_PASSWORD_HISTORY', 0 );
}
if (PPP_PASSWORD_HISTORY > 0) {
//it's looking a password igual into aHistory array that was send for post in md5 way
$c = 0;
$sw = 1;
while (count( $aHistory ) >= 1 && count( $aHistory ) > $c && $sw) {
if (strcmp( trim( $aHistory[$c] ), trim( $form['USR_PASSWORD'] ) ) == 0) {
$sw = 0;
}
$c ++;
}
if ($sw == 0) {
$sDescription = G::LoadTranslation( 'ID_POLICY_ALERT' ) . ':<br /><br />';
$sDescription .= ' - ' . G::LoadTranslation( 'PASSWORD_HISTORY' ) . ': ' . PPP_PASSWORD_HISTORY . '<br />';
$sDescription .= '<br />' . G::LoadTranslation( 'ID_PLEASE_CHANGE_PASSWORD_POLICY' ) . '';
G::SendMessageText( $sDescription, 'warning' );
G::header( 'Location: ' . $_SERVER['HTTP_REFERER'] );
die();
}
//
if (count( $aHistory ) >= PPP_PASSWORD_HISTORY) {
$sLastPassw = array_shift( $aHistory );
}
$aHistory[] = $form['USR_PASSWORD'];
}
$aUserProperty['USR_LAST_UPDATE_DATE'] = date( 'Y-m-d H:i:s' );
$aUserProperty['USR_LOGGED_NEXT_TIME'] = 1;
$aUserProperty['USR_PASSWORD_HISTORY'] = serialize( $aHistory );
$oUserProperty->update( $aUserProperty );
}
}
$aData['USR_FIRSTNAME'] = $form['USR_FIRSTNAME'];
$aData['USR_LASTNAME'] = $form['USR_LASTNAME'];
$aData['USR_EMAIL'] = $form['USR_EMAIL'];
$aData['USR_DUE_DATE'] = $form['USR_DUE_DATE'];
$aData['USR_UPDATE_DATE'] = date( 'Y-m-d H:i:s' );
if (isset( $form['USR_STATUS'] )) {
$aData['USR_STATUS'] = $form['USR_STATUS'];
}
if (isset( $form['USR_ROLE'] )) {
$RBAC->updateUser( $aData, $form['USR_ROLE'] );
} else {
$RBAC->updateUser( $aData );
}
$aData['USR_COUNTRY'] = $form['USR_COUNTRY'];
$aData['USR_CITY'] = $form['USR_CITY'];
$aData['USR_LOCATION'] = $form['USR_LOCATION'];
$aData['USR_ADDRESS'] = $form['USR_ADDRESS'];
$aData['USR_PHONE'] = $form['USR_PHONE'];
$aData['USR_ZIP_CODE'] = $form['USR_ZIP_CODE'];
$aData['USR_POSITION'] = $form['USR_POSITION'];
if ($form['USR_RESUME'] != '') {
$aData['USR_RESUME'] = $form['USR_RESUME'];
}
if (isset( $form['USR_ROLE'] )) {
$aData['USR_ROLE'] = $form['USR_ROLE'];
}
if (isset( $form['USR_REPLACED_BY'] )) {
$aData['USR_REPLACED_BY'] = $form['USR_REPLACED_BY'];
}
if (isset( $form['USR_AUTH_USER_DN'] )) {
$aData['USR_AUTH_USER_DN'] = $form['USR_AUTH_USER_DN'];
}
require_once 'classes/model/Users.php';
$oUser = new Users();
$oUser->update( $aData );
$aExtensions = array ("AIS","BMP","BW","CDR","CDT","CGM","CMX","CPT","DCX","DIB","EMF","GBR","GIF","GIH","ICO","IFF","ILBM","JFIF","JIF","JPE","JPEG","JPG","KDC","LBM","MAC","PAT","PCD","PCT","PCX","PIC","PICT","PNG","PNTG","PIX","PSD","PSP","QTI","QTIF","RGB","RGBA","RIF","RLE","SGI","TGA","TIF","TIFF","WMF","XCF"
);
$sPhotoFile = $_FILES['form']['name']['USR_PHOTO'];
$aPhotoFile = explode( '.', $sPhotoFile );
$sExtension = strtoupper( $aPhotoFile[sizeof( $aPhotoFile ) - 1] );
if ((strlen( $sPhotoFile ) > 0) && (! in_array( $sExtension, $aExtensions ))) {
throw (new Exception( G::LoadTranslation( 'ID_ERROR_UPLOADING_IMAGE_TYPE' ) ));
}
if ($_FILES['form']['error']['USR_PHOTO'] != 1) {
if ($_FILES['form']['tmp_name']['USR_PHOTO'] != '') {
$aAux = explode( '.', $_FILES['form']['name']['USR_PHOTO'] );
G::uploadFile( $_FILES['form']['tmp_name']['USR_PHOTO'], PATH_IMAGES_ENVIRONMENT_USERS, $aData['USR_UID'] . '.' . $aAux[1] );
G::resizeImage( PATH_IMAGES_ENVIRONMENT_USERS . $aData['USR_UID'] . '.' . $aAux[1], 96, 96, PATH_IMAGES_ENVIRONMENT_USERS . $aData['USR_UID'] . '.gif' );
}
} else {
G::SendTemporalMessage( 'ID_FILE_TOO_BIG', 'error' );
}
if ($_FILES['form']['error']['USR_RESUME'] != 1) {
if ($_FILES['form']['tmp_name']['USR_RESUME'] != '') {
G::uploadFile( $_FILES['form']['tmp_name']['USR_RESUME'], PATH_IMAGES_ENVIRONMENT_FILES . $aData['USR_UID'] . '/', $_FILES['form']['name']['USR_RESUME'] );
}
} else {
G::SendTemporalMessage( 'ID_FILE_TOO_BIG', 'error' );
}
}
if ($_SESSION['USER_LOGGED'] == $form['USR_UID']) {
/*UPDATING SESSION VARIABLES*/
$aUser = $RBAC->userObj->load( $_SESSION['USER_LOGGED'] );
$_SESSION['USR_FULLNAME'] = $aUser['USR_FIRSTNAME'] . ' ' . $aUser['USR_LASTNAME'];
}
//Save Calendar assigment
if ((isset( $form['USR_CALENDAR'] ))) {
//Save Calendar ID for this user
$calendarObj = new Calendar();
$calendarObj->assignCalendarTo( $aData['USR_UID'], $form['USR_CALENDAR'], 'USER' );
}
G::header( 'location: users_List' );
} catch (Exception $e) {
$G_MAIN_MENU = 'processmaker';
$G_SUB_MENU = 'users';
$G_ID_MENU_SELECTED = 'USERS';
$G_ID_SUB_MENU_SELECTED = '';
$aMessage = array ();
$aMessage['MESSAGE'] = $e->getMessage();
$G_PUBLISH = new Publisher();
$G_PUBLISH->AddContent( 'xmlform', 'xmlform', 'login/showMessage', '', $aMessage );
G::RenderPage( 'publish', 'blank' );
}

42
workflow/engine/src/ProcessMaker/BusinessModel/User.php
View File

@@ -1151,43 +1151,23 @@ class User
*/ */
public function testPassword($sPassword = '') public function testPassword($sPassword = '')
{ {
$oUserProperty = new UsersProperties(); $userProperty = new UsersProperties();
$aFields = array(); $fields = [];
$dateNow = date('Y-m-d H:i:s'); $dateNow = date('Y-m-d H:i:s');
$aErrors = $oUserProperty->validatePassword($sPassword, $dateNow, 0); $errorInPassword = $userProperty->validatePassword($sPassword, $dateNow, 0);
if (!empty($aErrors)) { if (!empty($errorInPassword)) {
if (!defined('NO_DISPLAY_USERNAME')) { if (!defined('NO_DISPLAY_USERNAME')) {
define('NO_DISPLAY_USERNAME', 1); define('NO_DISPLAY_USERNAME', 1);
} }
$aFields = array(); //We will to get the message for test the password
$aFields['DESCRIPTION'] = G::LoadTranslation('ID_POLICY_ALERT'); $fields = $userProperty->getMessageValidatePassword($errorInPassword, true, true);
foreach ($aErrors as $sError) { $fields['STATUS'] = false;
switch ($sError) {
case 'ID_PPP_MINIMUM_LENGTH':
$aFields['DESCRIPTION'] .= ' - ' . G::LoadTranslation($sError) . ': ' . PPP_MINIMUM_LENGTH . '. ';
$aFields[substr($sError, 3)] = PPP_MINIMUM_LENGTH;
break;
case 'ID_PPP_MAXIMUM_LENGTH':
$aFields['DESCRIPTION'] .= ' - ' . G::LoadTranslation($sError) . ': ' . PPP_MAXIMUM_LENGTH . '. ';
$aFields[substr($sError, 3)] = PPP_MAXIMUM_LENGTH;
break;
case 'ID_PPP_EXPIRATION_IN':
$aFields['DESCRIPTION'] .= ' - ' . G::LoadTranslation($sError) . ' ' . PPP_EXPIRATION_IN . ' ' . G::LoadTranslation('ID_DAYS') . '. ';
$aFields[substr($sError, 3)] = PPP_EXPIRATION_IN;
break;
default:
$aFields['DESCRIPTION'] .= ' - ' . G::LoadTranslation($sError);
$aFields[substr($sError, 3)] = 1;
break;
}
}
$aFields['DESCRIPTION'] .= G::LoadTranslation('ID_PLEASE_CHANGE_PASSWORD_POLICY');
$aFields['STATUS'] = false;
} else { } else {
$aFields['DESCRIPTION'] = G::LoadTranslation('ID_PASSWORD_COMPLIES_POLICIES'); $fields['DESCRIPTION'] = G::LoadTranslation('ID_PASSWORD_COMPLIES_POLICIES');
$aFields['STATUS'] = true; $fields['STATUS'] = true;
} }
return $aFields;
return $fields;
} }
/** /**