From c4aea098ac677c82e46843fcc406ca5efb89664b Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis@dolibarr.fr>
Date: Fri, 4 Jan 2008 21:42:25 +0000
Subject: [PATCH] =?UTF-8?q?Fix:=20v=E9rification=20de=20la=20validit=E9=20?=
 =?UTF-8?q?du=20mot=20de=20passe?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 htdocs/includes/login/functions_ldap.php | 29 +++++++++++++++++++++---
 1 file changed, 26 insertions(+), 3 deletions(-)

diff --git a/htdocs/includes/login/functions_ldap.php b/htdocs/includes/login/functions_ldap.php
index 1697bbb2e60..1ce166291dd 100644
--- a/htdocs/includes/login/functions_ldap.php
+++ b/htdocs/includes/login/functions_ldap.php
@@ -107,7 +107,30 @@ function check_user_password_ldap($usertotest,$passwordtotest)
 		
 		// Code to get user in LDAP (may differ from Dolibarr user)
 		$result=$ldap->connect_bind();
-		$resultCheckUserDN = $ldap->checkPass($usertotest,$passwordtotest);
+		if ($result)
+		{
+			$ldap->fetch($_POST["username"]);
+			// On stop si le mot de passe ldap doit etre modifie
+			if ($ldap->pwdlastset == 0)
+			{
+				session_destroy();
+				dolibarr_syslog('User '.$login.' must change password next logon');
+				if ($ldapdebug) print "DEBUG: User ".$login." must change password<br>\n";
+				$ldap->close();
+						
+				// On repart sur page accueil
+				session_name($sessionname);
+				session_start();
+				$langs->load('ldap');
+				$_SESSION["dol_loginmesg"]=$langs->trans("UserMustChangePassNextLogon");
+				header('Location: '.DOL_URL_ROOT.'/index.php');
+				exit;
+			}
+			else
+			{
+				$resultCheckUserDN = $ldap->checkPass($usertotest,$passwordtotest);
+			}
+		}
 		$ldap->close();
 		
 		$ldap->searchUser=$usertotest;
@@ -133,7 +156,7 @@ function check_user_password_ldap($usertotest,$passwordtotest)
 					if ($ldapdebug) print "DEBUG: pwdLastSet = ".dolibarr_print_date($ldap->pwdlastset,'day')."<br>\n";
 					if ($ldapdebug) print "DEBUG: badPasswordTime = ".dolibarr_print_date($ldap->badpwdtime,'day')."<br>\n";
 					
-					
+					/*
 					// On stop si le mot de passe ldap doit etre modifie
 					if ($ldap->pwdlastset == 0)
 					{
@@ -150,7 +173,7 @@ function check_user_password_ldap($usertotest,$passwordtotest)
 						header('Location: '.DOL_URL_ROOT.'/index.php');
 						exit;
 					}
-					
+					*/
 					
 					// On recherche le user dolibarr en fonction de son SID ldap
 					$sid = $ldap->getObjectSid($login);
-- 
GitLab