-
Notifications
You must be signed in to change notification settings - Fork 8
/
functions.php
93 lines (81 loc) · 2.77 KB
/
functions.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
<?php
/*
* This file is part of ad-change-pass.
*
* ad-change-pass is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* ad-change-pass is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with ad-change-pass. If not, see <http://www.gnu.org/licenses/>.
*/
$ldap_connection = null;
function ldapspecialchars($string) {
$sanitized=array('\\' => '\5c',
'*' => '\2a',
'(' => '\28',
')' => '\29',
"\x00" => '\00');
return str_replace(array_keys($sanitized),array_values($sanitized),$string);
}
function notice($msg) {
?><div style='color:#FF0000'><?php echo $msg;?></div><?php
}
function get_ldap_connection($user,$pass) {
global $config;
global $ldap_connection;
$ldap_connection = ldap_connect($config['ldapServers']);
ldap_set_option($ldap_connection, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap_connection, LDAP_OPT_REFERRALS, 0);
if ($ldap_connection) {
$bind = ldap_bind($ldap_connection, $user.'@'.$config['domain'], $pass);
if (!$bind) {
close_ldap_connection();
}
}
}
function close_ldap_connection() {
global $ldap_connection;
@ldap_close($ldap_connection);
$ldap_connection = null;
}
function check_pass($user,$pass) {
global $ldap_connection;
close_ldap_connection();
get_ldap_connection($user,$pass);
$result = $ldap_connection;
close_ldap_connection();
return $result;
}
function change_pass($user,$new_pass) {
global $config;
global $ldap_connection;
get_ldap_connection($config['user'],$config['pass']);
if ($ldap_connection) {
$filter="(sAMAccountName=$user)";
$result = ldap_search($ldap_connection,$config['domain_dn'],$filter);
ldap_sort($ldap_connection,$result,"sn");
$info = ldap_get_entries($ldap_connection, $result);
$isLocked = $info[0]["lockoutTime"];
if ($isLocked > 0 ) {
return msg('account_locked');
}
$userDn = $info[0]["distinguishedname"][0];
$userdata["unicodePwd"] = iconv("UTF-8", "UTF-16LE", '"' . $new_pass . '"');
$result = ldap_mod_replace($ldap_connection, $userDn , $userdata);
if (!$result) {
return msg(ldap_error($ldap_connection));
}
} else {
return msg("wrong_admin");
}
close_ldap_connection();
return "";
}
?>