ltb-project#126: Reverted changes.

Worteks · Aug 23, 2024 · a7b7d24 · a7b7d24
1 parent c9e5033
commit a7b7d24
Show file tree

Hide file tree

Showing 6 changed files with 8 additions and 71 deletions.
diff --git a/conf/config.inc.php b/conf/config.inc.php
@@ -101,7 +101,6 @@
 # Features
 $use_checkpassword = true;
 $use_resetpassword = true;
-$use_resetpassword_requireauth = false;
 $use_resetpassword_resetchoice = true;
 $resetpassword_reset_default = true;
 $show_lockstatus = true;

diff --git a/docs/resetpassword.rst b/docs/resetpassword.rst
@@ -23,18 +23,6 @@ If you do not want to let the choice to reset at next connection, you can hide t
 
 In this case, the value set in ``$resetpassword_reset_default`` will be applied.
 
-Password history
-----------------
-
-The password history can be checked if the user authenticates with their old password.
-
-To enable this feature:
-
-.. code-block::php
-
-    $use_resetpassword_requireauth = true;
-
-
 Notify user by mail
 -------------------
 

diff --git a/htdocs/index.php b/htdocs/index.php
@@ -106,7 +106,6 @@
 $smarty->assign('logout_link',isset($logout_link) ? $logout_link : false);
 $smarty->assign('use_checkpassword',$use_checkpassword);
 $smarty->assign('use_resetpassword',$use_resetpassword);
-$smarty->assign('use_resetpassword_requireauth', $use_resetpassword_requireauth);
 $smarty->assign('use_resetpassword_resetchoice',$use_resetpassword_resetchoice);
 $smarty->assign('resetpassword_reset_default',$resetpassword_reset_default);
 $smarty->assign('show_lockstatus',$show_lockstatus);

diff --git a/htdocs/resetpassword.php b/htdocs/resetpassword.php
@@ -23,13 +23,7 @@
 if (isset($_POST["newpassword"]) and $_POST["newpassword"]) {
     $password = $_POST["newpassword"];
 } else {
-    $result = "newpasswordrequired";
-}
-
-if (isset($_POST["oldpassword"]) and $_POST["oldpassword"]) {
-    $oldpassword = $_POST["oldpassword"];
-} else {
-    $result = "oldpasswordrequired";
+    $result = "passwordrequired";
 }
 
 if (isset($_POST["pwdreset"]) and $_POST["pwdreset"]) {
@@ -43,18 +37,6 @@
     require_once("../lib/hook.inc.php");
 
     # Connect to LDAP
-    if ($use_resetpassword_requireauth) {
-        $ldapInstance = new \Ltb\Ldap(
-            $ldap_url,
-            $ldap_starttls,
-            $dn,
-            $oldpassword,
-            isset($ldap_network_timeout) ? $ldap_network_timeout : null,
-            null,
-            null,
-            null
-        );
-    }
     $ldap_connection = $ldapInstance->connect();
 
     $ldap = $ldap_connection[0];
@@ -95,18 +77,12 @@
         if ( $prehook_return > 0 and !$ignore_prehook_return) {
             $result = "passwordrefused";
         } else {
-            $modification = ldap_mod_replace_ext($ldap, $dn, $entry);
-            $userdn = $dn;
-            $errcode = $errmsg = $refs =  null;
-            if (ldap_parse_result($ldap, $modification, $errcode, $userdn, $errmsg, $refs)) {
-                $errno = ldap_errno($ldap);
-                if ( $errmsg ) {
-                    $result = "passwordreused";
-                } else if ( $errno ) {
-                    $result = "passwordrefused";
-                } else {
-                    $result = "passwordchanged";
-                }
+            $modification = ldap_mod_replace($ldap, $dn, $entry);
+            $errno = ldap_errno($ldap);
+            if ( $errno ) {
+                $result = "passwordrefused";
+            } else {
+                $result = "passwordchanged";
             }
         }
 
@@ -127,7 +103,7 @@
         #==============================================================================
         if ($result === "passwordchanged") {
 
-            if (isset($notify_on_change) && $notify_on_change) {
+            if ($notify_on_change) {
                 # Search for user
                 $attributes = $mail_attributes;
                 $attributes[] = $mail_username_attribute;
@@ -159,9 +135,6 @@
         }
 
     }
-    else {
-        $result = "passwordinvalid";
-    }
 }
 
 if ($audit_log_file) {

diff --git a/lang/en.inc.php b/lang/en.inc.php
@@ -72,19 +72,15 @@
 $messages['lockedaccounts'] = "Locked accounts";
 $messages['logout'] = "Logout";
 $messages['newpassword'] = "New password";
-$messages['newpasswordrequired'] = "Please enter the new password";
 $messages['noentriesfound'] = "No entries found";
 $messages['notdefined'] = "Not defined";
-$messages['oldpassword'] = "Old password";
-$messages['oldpasswordrequired'] = "Please enter the old password";
 $messages['password'] = "Password";
 $messages['passwordchanged'] = "Password changed";
 $messages['passwordexpired'] = "Password is expired";
 $messages['passwordinvalid'] = "Authentication has failed";
 $messages['passwordok'] = "Authentication succeeds!";
 $messages['passwordrefused'] = "Password was refused";
 $messages['passwordrequired'] = "Please enter the password";
-$messages['passwordreused'] = "Password was reused";
 $messages['resetpassword'] = "Reset password";
 $messages['search'] = "Search";
 $messages['searchrequired'] = "Please enter your search";

diff --git a/templates/display.tpl b/templates/display.tpl
@@ -149,24 +149,12 @@
              <div class="card-body">
 
                  <form id="resetpassword" method="post" action="index.php?page=resetpassword">
-                     {if $resetpasswordresult eq 'passwordinvalid'}
-                     <div class="alert alert-danger"><i class="fa fa-fw fa-exclamation-triangle"></i> {$msg_passwordinvalid}</div>
-                     {/if}
-                     {if $resetpasswordresult eq 'oldpasswordrequired'}
-                     <div class="alert alert-warning"><i class="fa fa-fw fa-exclamation-triangle"></i> {$msg_oldpasswordrequired}</div>
-                     {/if}
-                     {if $resetpasswordresult eq 'newpasswordrequired'}
-                     <div class="alert alert-warning"><i class="fa fa-fw fa-exclamation-triangle"></i> {$msg_newpasswordrequired}</div>
-                     {/if}
                      {if $resetpasswordresult eq 'passwordrequired'}
                      <div class="alert alert-warning"><i class="fa fa-fw fa-exclamation-triangle"></i> {$msg_passwordrequired}</div>
                      {/if}
                      {if $resetpasswordresult eq 'passwordrefused'}
                      <div class="alert alert-danger"><i class="fa fa-fw fa-exclamation-triangle"></i> {$msg_passwordrefused}</div>
                      {/if}
-                     {if $resetpasswordresult eq 'passwordreused'}
-                     <div class="alert alert-danger"><i class="fa fa-fw fa-exclamation-triangle"></i> {$msg_passwordreused}</div>
-                     {/if}
                      {if $resetpasswordresult eq 'passwordchanged'}
                      <div class="alert alert-success"><i class="fa fa-fw fa-check"></i> {$msg_passwordchanged}</div>
                      {/if}
@@ -177,12 +165,6 @@
                      <div class="alert alert-warning"><i class="fa fa-fw fa-exclamation-triangle"></i> {$posthookresult}</div>
                      {/if}
                      <input type="hidden" name="dn" value="{$dn}" />
-                     {if $use_resetpassword_requireauth}
-                     <div class="input-group mb-3">
-                        <span class="input-group-text"><i class="fa fa-fw fa-lock"></i></span>
-                        <input type="password" name="oldpassword" id="oldpassword" autocomplete="old-password" class="form-control" placeholder="{$msg_oldpassword}" />
-                     </div>
-                     {/if}
                      <div class="input-group mb-3">
                         <span class="input-group-text"><i class="fa fa-fw fa-lock"></i></span>
                         {if $fake_password_inputs}