Skip to content

Instantly share code, notes, and snippets.

@jackhftang jackhftang/index.php
Last active Jul 13, 2019

What would you like to do?
LDAP PHP Change Password Page (modified). Original can be found at
* LDAP PHP Change Password Webpage
* Copyright (C) 2010 Matt Rude <>
* Copyright (C) 2019 Jack Tang <>
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <>.
$message = array();
function changePassword($user, $oldPassword, $newPassword, $newPasswordCnf)
global $message;
$server = '';
# base DN for all users
$dn = 'ou=users,dc=example,dc=com';
# bind DN for search users, need to have `read` permission on attributes: uid, mail, pwdaccountlockedtime
$bindDn = 'uid=readonly,dc=example,dc=com';
$bindDnPwd = 'secret';
$con = ldap_connect($server);
ldap_set_option($con, LDAP_OPT_PROTOCOL_VERSION, 3);
// bind rdn and find user by uid
if (ldap_bind($con, $bindDn, $bindDnPwd) === false) {
$message[] = "Error E201 - Unable to connect to server, you may not change your password at this time, sorry.";
return false;
$userSearch = ldap_search($con, $dn, "(|(uid=$user)(mail=$user))");
$userGet = ldap_get_entries($con, $userSearch);
if (!$userGet) {
$message[] = "Error E202 - Unable to connect to server, you may not change your password at this time, sorry.";
return false;
// find the first match and search again
$userEntry = ldap_first_entry($con, $userSearch);
$userDn = ldap_get_dn($con, $userEntry);
$userId = $userGet[0]["uid"][0];
$userSearchArray = array("pwdaccountlockedtime");
$userSearchFilter = "(|(uid=$userId)(mail=$user))";
$userSearchOpt = ldap_search($con, $userDn, $userSearchFilter, $userSearchArray);
$userGetOpt = ldap_get_entries($con, $userSearchOpt);
$pwdAccountLockedTime = $userGetOpt[0]["pwdaccountlockedtime"][0];
// Start the testing
if ($pwdAccountLockedTime) {
$message[] = "Error E101 - Your Account is Locked Out!!! Please contact the administrator to unlock.";
return false;
if (ldap_bind($con, $userDn, $oldPassword) === false) {
$message[] = "Error E101 - Current Username or Password is wrong.";
return false;
if ($newPassword != $newPasswordCnf) {
$message[] = "Error E102 - Your New passwords do not match!";
return false;
$encoded_newPassword = "{SHA}" . base64_encode(pack("H*", sha1($newPassword)));
if (strlen($newPassword) < 8) {
$message[] = "Error E103 - Your new password is too short.<br/>Your password must be at least 8 characters long.";
return false;
if (!preg_match("/[0-9]/", $newPassword)) {
$message[] = "Error E104 - Your new password must contain at least one number.";
return false;
if (!preg_match("/[a-zA-Z]/", $newPassword)) {
$message[] = "Error E105 - Your new password must contain at least one letter.";
return false;
if (!preg_match("/[A-Z]/", $newPassword)) {
$message[] = "Error E106 - Your new password must contain at least one uppercase letter.";
return false;
if (!preg_match("/[a-z]/", $newPassword)) {
$message[] = "Error E107 - Your new password must contain at least one lowercase letter.";
return false;
// And Finally, Change the password
$entry = array();
$entry["userPassword"] = "$encoded_newPassword";
if (ldap_modify($con, $userDn, $entry)) {
$message[] = "The password for $userId has been changed.<br/>Your new password is now fully Active.";
} else {
$error = ldap_error($con);
$errno = ldap_errno($con);
$message[] = "E201 - Your password cannot be change, please contact the administrator.";
$message[] = "$errno - $error";
$message[] = "Your password was not changed.";
return true;
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "">
<html xmlns="" xml:lang="en" lang="en">
<title>Password Change Page</title>
<style type="text/css">
body {
font-family: Verdana, Arial, Courier New, serif;
font-size: 0.7em;
th {
text-align: right;
padding: 0.8em;
#container {
text-align: center;
width: 500px;
margin: 5% auto;
.msg_yes {
text-align: center;
color: green;
background: #D4EAD4;
border: 1px solid green;
border-radius: 10px;
margin: 2px;
.msg_no {
text-align: center;
color: red;
background: #FFF0F0;
border: 1px solid red;
border-radius: 10px;
margin: 2px;
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<div id="container">
<h2>Password Change Page</h2>
Your new password must be 8 characters long or longer and have at least:<br/>
one capital letter, one lowercase letter, &amp; one number.<br/>
You must use a new password, your current password<br/>
can not be the same as your new password.
if (isset($_POST["submitted"])) {
$ok = changePassword($_POST['username'], $_POST['oldPassword'], $_POST['newPassword1'], $_POST['newPassword2']);
if ($ok) {
echo '<div class="msg_yes">';
} else {
echo '<div class="msg_no">';
foreach ($message as $msg) {
echo "<p>$msg</p>";
echo '</div>';
<form method="POST" action="/">
<table style="width: 400px; margin: 0 auto;">
<th><label for="username"> Username or Email Address:</label></th>
<td><input id="username" name="username" type="text" size="20px"/></td>
<th><label for="oldPassword">Current password:</label></th>
<td><input id="oldPassword" name="oldPassword" size="20px" type="password"/></td>
<th><label for="newPassword1">New password:</label></th>
<td><input id="newPassword1" name="newPassword1" size="20px" type="password"/></td>
<th><label for="newPassword2">New password (again):</label></th>
<td><input id="newPassword2" name="newPassword2" size="20px" type="password"/></td>
<td colspan="2" style="text-align: center;">
<input name="submitted" type="submit" value="Change Password"/>
<button onclick="location.reload()">Cancel</button>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.