diff --git a/app/controllers/studip_controller.php b/app/controllers/studip_controller.php
index 1ddce67db501828156ccdfbcd41c133f7f674386..6c12a56cf43b3f061700e72c392d2e5e288948cf 100644
--- a/app/controllers/studip_controller.php
+++ b/app/controllers/studip_controller.php
@@ -210,9 +210,11 @@ abstract class StudipController extends Trails_Controller
break;
case 'option':
- if (preg_match('/[^\\w,-]/', $arg)) {
+ //NSI MOD BEGIN
+ if (preg_match('/[^\\w\.,-]/', $arg)) {
throw new Trails_Exception(400);
}
+ //NSI MOD END
break;
case 'sorm':
diff --git a/lib/classes/auth_plugins/StudipAuthNsi.class.php b/lib/classes/auth_plugins/StudipAuthNsi.class.php
new file mode 100644
index 0000000000000000000000000000000000000000..a41ec89e5a8dec7a6a670aee84355e173e4b98ba
--- /dev/null
+++ b/lib/classes/auth_plugins/StudipAuthNsi.class.php
@@ -0,0 +1,76 @@
+<?php
+# Lifter007: TODO
+# Lifter003: TODO
+# Lifter010: TODO
+// +---------------------------------------------------------------------------+
+// This file is part of Stud.IP
+// StudipAuthStandard.class.php
+// Basic Stud.IP authentication, using the Stud.IP database
+//
+// Copyright (c) 2003 André Noack <noack@data-quest.de>
+// Suchi & Berg GmbH <info@data-quest.de>
+// +---------------------------------------------------------------------------+
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License
+// as published by the Free Software Foundation; either version 2
+// of the License, or any later version.
+// +---------------------------------------------------------------------------+
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+// You should have received a copy of the GNU General Public License
+// along with this program; if not, write to the Free Software
+// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+// +---------------------------------------------------------------------------+
+
+/**
+ * Basic Stud.IP authentication, using the Stud.IP database
+ *
+ * Basic Stud.IP authentication, using the Stud.IP database
+ *
+ * @access public
+ * @author André Noack <noack@data-quest.de>
+ * @package
+ */
+class StudipAuthNsi extends StudipAuthStandard
+{
+
+ public $error_head = 'NSI-Portal';
+
+ /**
+ *
+ *
+ *
+ * @access public
+ *
+ */
+ function isAuthenticated($username, $password)
+ {
+ $username = mb_strtolower($username);
+ $user = User::findByUsername($username);
+ if (!$user || !$password || mb_strlen($password) > 72) {
+ $this->error_msg= _("Ungültige Benutzername/Passwort-Kombination!") ;
+ return false;
+ } elseif ($user->auth_plugin != $this->plugin_name) {
+ $this->error_msg = sprintf(_("Dieser Benutzername wird bereits über %s authentifiziert!"),$user->auth_plugin) ;
+ return false;
+ } else {
+ $pass = $user->password;
+ }
+ if (mb_strlen($pass) != 60) {
+ $this->error_msg = sprintf(_("Sie benötigen die Anmeldedaten des NSI-Portals. Bitte stellen Sie sicher, dass Sie sich bereits einmal im
+%s angemeldet haben. Bei einer Passwortänderung im NSI-Portal kann es bis zu 24 Stunden dauern, bis die Änderung in Stud.IP wirksam wird."), '<a href="https://www.nsi-hsvn.de/login.html" target="_blank">NSI-Portal</a>') ;
+ return false;
+ }
+ $hasher = UserManagement::getPwdHasher();
+ $check = $hasher->CheckPassword($password, $pass);
+ if (!$check) {
+ $this->error_msg= _("Das Passwort ist falsch!");
+ return false;
+ } else {
+ return true;
+ }
+ }
+
+}
diff --git a/templates/loginform.php b/templates/loginform.php
index edbd565f82336e8e4ee2648732f82b23dbc7a608..a7d1aab10bc782c7410095eb3070361235af49d6 100644
--- a/templates/loginform.php
+++ b/templates/loginform.php
@@ -74,9 +74,12 @@ if (!match_route('web_migrate.php')) {
<? if (Config::get()->ENABLE_REQUEST_NEW_PASSWORD_BY_USER && in_array('Standard', $GLOBALS['STUDIP_AUTH_PLUGIN'])): ?>
<a href="<?= URLHelper::getLink('dispatch.php/new_password?cancel_login=1') ?>">
<? else: ?>
- <a href="mailto:<?= $GLOBALS['UNI_CONTACT'] ?>?subject=<?= rawurlencode('Stud.IP Passwort vergessen - '.Config::get()->UNI_NAME_CLEAN) ?>&body=<?= rawurlencode('Ich habe mein Passwort vergessen. Bitte senden Sie mir ein Neues.\nMein Nutzername: ' . htmlReady($uname) . "\n") ?>">
+ <? /* MOD NSI BEGIN */ ?>
+ <!-- <a href="mailto:<?= $GLOBALS['UNI_CONTACT'] ?>?subject=<?= rawurlencode('Stud.IP Passwort vergessen - '.Config::get()->UNI_NAME_CLEAN) ?>&body=<?= rawurlencode('Ich habe mein Passwort vergessen. Bitte senden Sie mir ein Neues.\nMein Nutzername: ' . htmlReady($uname) . "\n") ?>"> -->
+ <a href="https://www.nsi-hsvn.de/login.html?tx_nsiportal_login%5Baction%5D=requestPasswordUpdateForm&tx_nsiportal_login%5Bcontroller%5D=Account&cHash=4ca05d2bd995bbb12b5b107570a03e89">Passwort vergessen? - Bitte benutzen Sie das NSI-Portal
<? endif; ?>
- <?= _('Passwort vergessen') ?>
+ <!--<?= _('Passwort vergessen') ?> -->
+ <? /* MOD NSI END */ ?>
</a>
<? if ($self_registration_activated): ?>
/