You are here

Change Luminis password programmatically

Submitted by vandresv on Thu, 10/20/2011 - 09:21

Forums:

Hello, I'd like to contribute to the community with a small program I wrote based on the advises of a user in LumDev (Thank you Tbird!) and lots of google search. It is my first php program so dont expect a gem but it does works.
This program is called by a form html that provides the two variable that the user is asked to enter, the username that uses in Luminis and a personal password that it is already registered in Banner.

//Author: Andres Valdes 19-Oct-2011
//Goal: Reset Luminis Password and send new password to Personal Email
//Dependencies: PHP 5 module in Apache
// input.hml: HTML page with the Form fields. (it returns luminisid,emailpers)

//return true if a Banner ID it's found(pdsExernalSystem attribute)
//for the loginid provided by the user
//it returns false in any other condition.
function verify_luminisid($loginid) {
global $ldap_server;
global $banner_id;
global $attributes;
global $basedn;
global $filter;
global $uid;
global $dn;
global $ds;
global $banner_id;

$ds = ldap_connect($ldap_server);
if (!$ds) {
echo "No connect to LDAP
";
return false; //could not connect to LDAP Server
}
$r = ldap_bind($ds, "cn=Directory Manager", "managerpassword");
if (!$r) {
echo "No bind to LDAP
";
return false; //could not Bind to LDAP Server
}
$search = ldap_search($ds,$basedn,$filter,$attributes,0,0);

if (!$search) {
return false; //("Search failed\n");
} else {
$data = ldap_get_entries($ds,$search);
if ($data["count"]==0) {
return false;//not found
}
//get uid (immutable id)
$uid=$data[0][$data[0][0]][0];
//dn of the user id to modify;
$dn="uid=".$uid.",".$basedn;
//get ExternalSystemID from ldap
$banner_id=substr($data[0][$data[0][5]][0],0,9);
return true;
}
}
//---------------------------------------------------
function generateRandomString() {
$length = 7;
$numbers = "0123456789";
$lower="abcdefghijklmnopqrstuvwxyz";
$upper="ABCDEFGHIJKLMNOPQRSTUVWXYZ";

$string = "";
//get upper case
for ($p = 0; $p $string .= $upper[mt_rand(0, strlen($upper))];
}
for ($p = 0; $p $string .= $lower[mt_rand(0, strlen($lower))];
}
for ($p = 0; $p $string .= $numbers[mt_rand(0, strlen($numbers))];
}

return $string;
}

//---------------------------------------------------
function verify_email_personal($emailpersonal,$banner_id) {
global $oracleuser;
global $oraclepass;
global $tnsname;
$v_sql="select goremal_pidm from goremal ,spriden where goremal_pidm=spriden_pidm and spriden_change_ind is null and goremal_emal_code='PERS' and spriden_id='".$banner_id."' and goremal_email_address='".$emailpersonal."'";
$ora_connection=oci_connect($oracleuser,$oraclepass,$tnsname);
$statement_id = oci_parse($ora_connection,$v_sql);
oci_execute($statement_id);
$row = oci_fetch_object($statement_id);
//free Resources
oci_free_statement($statement_id);
oci_close($ora_connection);

if (!$row) { return false; }
return true; //success: personal email matched banner ID.
}
//--------------------------------------------------
function modify_ldap_password($password) {
global $ds;
global $dn;
$modifyPass["userPassword"]=$password;
$pass = make_ssha_password($password);
ldap_modify($ds,$dn,$modifyPass);
$modifyExpired["pdsCredentialExpired"]="true";
ldap_modify($ds,$dn,$modifyExpired);
// echo "Nuevo password: $password"."
";
}

//---------------------------------------------------
//Encode clear text password with SSHA encoding. Using random salt
//It is necesarry to write password in the LDAP userPassword attribute
function make_ssha_password($password){
mt_srand((double)microtime()*1000000);
$salt = pack("CCCC", mt_rand(), mt_rand(), mt_rand(), mt_rand());
$hash = "{SSHA}" . base64_encode(pack("H*", sha1($password . $salt)) . $salt);
return $hash;
}

//---------------------------------------------------
//Send Email to user (personal email)
function send_mail($email_address,$password) {
$to = $email_address; $subject="Informacion de Acceso solicitado";
$body = "Your password has changed as requested.\nYour new password is ".$password;
if (mail($to,$subject,$body)) {
return true; //success
} else {
return false; //failure sending email
}
}
//---------------------------------------------------
//Variables capture from POST method on Form page (input.html)
$loginid=$_POST["luminisid"];
$emailpersonal=$_POST["emailpers"];

//--------------------------------------------------
//Global variables

//php_user only needs the following privileges in Oracle:
//grant select on goremal; grant select on spriden, grant connect privilege.
$oracleuser="php_user";
$oraclepass="u_pick_it";
$tnsname="CONNECTIONSTRING";

$ldap_server="192.168.40.101";
$attributes=array('uid','pdsLoginId','mail','userPassword','displayName','pdsExternalSystemID');
$basedn="ou=People,o=host.domain.edu,o=domain.edu";
$filter="(pdsLoginId=$loginid)";

//-------------------------------------------------------------
//main:
//-------------------------------------------------------------
$password=generateRandomString();

if (verify_luminisid($loginid)) {
// Check if the PERS email on GOREMAL matches the one provided by user
if (verify_email_personal($emailpersonal,$banner_id)) {
// echo "Your email matched the one we have in record
";

//Generate Random String with 8 characters, Lower case, Upper Case and numbers
$password=generateRandomString();
modify_ldap_password($password);
ldap_close($ds);
if (send_mail($emailpersonal,$password)) { echo "Mail was sent to ".$emailpersonal." with password information.
";
} else { echo "Problem sending Email.
";}
} else {
echo "The email you provided does not match the one in our system
";
}
} else {
echo "There was a problem changing password
";
}
?>

General:

Luminis Version: