diff --git a/include/class.auth.php b/include/class.auth.php
index 213730e67b06748a6057afb10e34393b18124a18..efab40230af3da62f98219a86c174f29435af4aa 100644
--- a/include/class.auth.php
+++ b/include/class.auth.php
@@ -158,7 +158,7 @@ abstract class AuthenticationBackend {
$backends = static::getAllowedBackends($username);
foreach (static::allRegistered() as $bk) {
if ($backends //Allowed backends
- && $bk->supportsAuthentication()
+ && $bk->supportsInteractiveAuthentication()
&& !in_array($bk::$id, $backends))
// User cannot be authenticated against this backend
continue;
@@ -250,7 +250,7 @@ abstract class AuthenticationBackend {
* Indicates if the backed supports authentication. Useful if the
* backend is used for logging or lockout only
*/
- function supportsAuthentication() {
+ function supportsInteractiveAuthentication() {
return true;
}
@@ -369,7 +369,7 @@ abstract class StaffAuthenticationBackend extends AuthenticationBackend {
Signal::send('auth.login.succeeded', $staff);
- if ($bk->supportsAuthentication())
+ if ($bk->supportsInteractiveAuthentication())
$staff->cancelResetTokens();
return true;
@@ -507,7 +507,7 @@ abstract class UserAuthenticationBackend extends AuthenticationBackend {
$user->getUserName(), $user->getId(), $_SERVER['REMOTE_ADDR']);
$ost->logDebug('User login', $msg);
- if ($bk->supportsAuthentication() && ($acct=$user->getAccount()))
+ if ($bk->supportsInteractiveAuthentication() && ($acct=$user->getAccount()))
$acct->cancelResetTokens();
return true;
@@ -598,7 +598,7 @@ abstract class AuthStrikeBackend extends AuthenticationBackend {
return null;
}
- function supportsAuthentication() {
+ function supportsInteractiveAuthentication() {
return false;
}
@@ -763,7 +763,7 @@ StaffAuthenticationBackend::register('osTicketAuthentication');
class PasswordResetTokenBackend extends StaffAuthenticationBackend {
static $id = "pwreset.staff";
- function supportsAuthentication() {
+ function supportsInteractiveAuthentication() {
return false;
}
@@ -831,9 +831,13 @@ class AuthTokenAuthentication extends UserAuthenticationBackend {
return $user;
}
+ function supportsInteractiveAuthentication() {
+ return false;
+ }
+
protected function getAuthKey($user) {
- if (!$this->supportsAuthentication() || !$user)
+ if (!$user)
return null;
//Generate authkey based the type of ticket user
@@ -912,7 +916,9 @@ class AccessLinkAuthentication extends UserAuthenticationBackend {
function login($user, $bk) {
return true;
}
-
+ function supportsInteractiveAuthentication() {
+ return false;
+ }
}
UserAuthenticationBackend::register('AccessLinkAuthentication');
@@ -938,7 +944,7 @@ UserAuthenticationBackend::register('osTicketClientAuthentication');
class ClientPasswordResetTokenBackend extends UserAuthenticationBackend {
static $id = "pwreset.client";
- function supportsAuthentication() {
+ function supportsInteractiveAuthentication() {
return false;
}
@@ -976,7 +982,7 @@ UserAuthenticationBackend::register('ClientPasswordResetTokenBackend');
class ClientAcctConfirmationTokenBackend extends UserAuthenticationBackend {
static $id = "confirm.client";
- function supportsAuthentication() {
+ function supportsInteractiveAuthentication() {
return false;
}
diff --git a/include/class.user.php b/include/class.user.php
index 97335063c8062e1ac4fd0b23546992a0135b1eef..d51c61639fb8a5509c7f0fefdd049664f8ec0653 100644
--- a/include/class.user.php
+++ b/include/class.user.php
@@ -769,13 +769,14 @@ class UserAccount extends UserAccountModel {
return $user;
}
- static function register($user, $vars, &$errors) {
+ static function register($user, $vars, &$errors) {
if (!$user || !$vars)
return false;
//Require temp password.
- if (!isset($vars['sendemail'])) {
+ if ((!$vars['backend'] || $vars['backend'] != 'client')
+ && !isset($vars['sendemail'])) {
if (!$vars['passwd1'])
$errors['passwd1'] = 'Temp. password required';
elseif ($vars['passwd1'] && strlen($vars['passwd1'])<6)
@@ -792,15 +793,18 @@ class UserAccount extends UserAccountModel {
$account->set('dst', isset($vars['dst'])?1:0);
$account->set('timezone_id', $vars['timezone_id']);
+ $account->set('backend', $vars['backend']);
if ($vars['username'] && strcasecmp($vars['username'], $user->getEmail()))
$account->set('username', $vars['username']);
if ($vars['passwd1'] && !$vars['sendemail']) {
- $account->set('passwd', Password::hash($vars['passwd1']));
+ $account->set('passwd', Passwd::hash($vars['passwd1']));
$account->setStatus(self::CONFIRMED);
if ($vars['pwreset-flag'])
$account->setStatus(self::REQUIRE_PASSWD_RESET);
+ if ($vars['forbid-pwreset-flag'])
+ $account->setStatus(self::FORBID_PASSWD_RESET);
}
$account->save(true);
diff --git a/include/staff/staff.inc.php b/include/staff/staff.inc.php
index 954aaa8f106eda30b116f8c8ef84d3af9c0793c4..c40b2d56be54bc1c883c73de32c65094c4893bae 100644
--- a/include/staff/staff.inc.php
+++ b/include/staff/staff.inc.php
@@ -142,7 +142,7 @@ $info=Format::htmlchars(($errors && $_POST)?$_POST:$info);
">
<option value="">— Use any available backend —</option>
<?php foreach (StaffAuthenticationBackend::allRegistered() as $ab) {
- if (!$ab->supportsAuthentication()) continue; ?>
+ if (!$ab->supportsInteractiveAuthentication()) continue; ?>
<option value="<?php echo $ab::$id; ?>" <?php
if ($info['backend'] == $ab::$id)
echo 'selected="selected"'; ?>><?php
diff --git a/include/staff/templates/user-register.tmpl.php b/include/staff/templates/user-register.tmpl.php
index 8f87c41a3453add53001dc3d1bf62f2671a07bf4..99fbc3f348259f3cab5b7e21fc97b2c76ed5cc71 100644
--- a/include/staff/templates/user-register.tmpl.php
+++ b/include/staff/templates/user-register.tmpl.php
@@ -41,13 +41,30 @@ $user->getName()->getOriginal(); ?></b>.</p></div>
</th>
</tr>
<tr>
- <td width="180">
- Status:
- </td>
+ <td>Authentication Sources:</td>
<td>
- <input type="checkbox" id="sendemail" name="sendemail" value="1"
- <?php echo $info['sendemail'] ? 'checked="checked"' : ''; ?> >
- Send account activation email to <?php echo $user->getEmail(); ?>.
+ <select name="backend" id="backend-selection" onchange="javascript:
+ if (this.value != '' && this.value != 'client') {
+ $('#activation').hide();
+ $('#password').hide();
+ }
+ else {
+ $('#activation').show();
+ if ($('#sendemail').is(':checked'))
+ $('#password').hide();
+ else
+ $('#password').show();
+ }
+ ">
+ <option value="">— Use any available backend —</option>
+ <?php foreach (UserAuthenticationBackend::allRegistered() as $ab) {
+ if (!$ab->supportsInteractiveAuthentication()) continue; ?>
+ <option value="<?php echo $ab::$id; ?>" <?php
+ if ($info['backend'] == $ab::$id)
+ echo 'selected="selected"'; ?>><?php
+ echo $ab::$name; ?></option>
+ <?php } ?>
+ </select>
</td>
</tr>
<tr>
@@ -60,6 +77,18 @@ $user->getName()->getOriginal(); ?></b>.</p></div>
</td>
</tr>
</tbody>
+ <tbody id="activation">
+ <tr>
+ <td width="180">
+ Status:
+ </td>
+ <td>
+ <input type="checkbox" id="sendemail" name="sendemail" value="1"
+ <?php echo $info['sendemail'] ? 'checked="checked"' : ''; ?> >
+ Send account activation email to <?php echo $user->getEmail(); ?>.
+ </td>
+ </tr>
+ </tbody>
<tbody id="password"
style="<?php echo $info['sendemail'] ? 'display:none;' : ''; ?>"
>
@@ -89,6 +118,9 @@ $user->getName()->getOriginal(); ?></b>.</p></div>
<td colspan=2>
<input type="checkbox" name="pwreset-flag" value="1" <?php
echo $info['pwreset-flag'] ? 'checked="checked"' : ''; ?>> Require password change on login
+ <br/>
+ <input type="checkbox" name="forbid-pwreset-flag" value="1" <?php
+ echo $info['forbid-pwreset-flag'] ? 'checked="checked"' : ''; ?>> User cannot change password
</td>
</tr>
</tbody>