X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=plugins%2Fchange_password%2Ffunctions.php;h=f956ef7f3eeed2019850c0742f1efe14a4f32814;hb=cdb3b004685f28cd34a38cec8d446aba1f0f72ff;hp=123ed5d7b2a6e54b6df71ab737de1f7f02ee5b3f;hpb=882acf90e4d2345143c3c2f7b1b9e18cdba61260;p=squirrelmail.git diff --git a/plugins/change_password/functions.php b/plugins/change_password/functions.php index 123ed5d7..f956ef7f 100644 --- a/plugins/change_password/functions.php +++ b/plugins/change_password/functions.php @@ -3,9 +3,8 @@ /** * functions.php - Change Password plugin * - * Copyright (c) 2003-2004 The SquirrelMail Project Team - * Licensed under the GNU GPL. For full terms see the file COPYING. - * + * @copyright © 2003-2007 The SquirrelMail Project Team + * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @version $Id$ * @package plugins * @subpackage change_password @@ -15,7 +14,7 @@ * Will verify the input against a set of criteria: * is every field supplied, does verify password match, * does current password validate, .. - * These criteria are (for now) backend-independant. + * These criteria are (for now) backend-independent. * * @return array Array with zero or more error messages. */ @@ -33,11 +32,6 @@ function cpw_check_input() $msg = array(); - if(!$currentpw) { - $msg[] = _("You must type in your current password."); - } elseif($currentpw != OneTimePadDecrypt($key, $onetimepad)) { - $msg[] = _("Your current password is not correct."); - } if(!$newpw) { $msg[] = _("You must type in a new password."); } @@ -46,6 +40,15 @@ function cpw_check_input() } elseif ($verifypw != $newpw) { $msg[] = _("Your new password does not match the verify password."); } + + $orig_pw = OneTimePadDecrypt($key, $onetimepad); + + if(!$currentpw) { + $msg[] = _("You must type in your current password."); + } elseif ($currentpw != $orig_pw) { + $msg[] = _("Your current password is not correct."); + } + if($newpw && (strlen($newpw) < $cpw_pass_min_length || strlen($newpw) > $cpw_pass_max_length ) ) { $msg[] = sprintf(_("Your new password should be %s to %s characters long."), @@ -82,12 +85,12 @@ function cpw_do_change() require_once(SM_PATH . 'plugins/change_password/backend/'.$cpw_backend.'.php'); - $msgs = do_hook_function('change_password_dochange', - array ( - 'username' => $username, - 'curpw' => $curpw, - 'newpw' => $newpw - ) ); + $msgs = do_hook('change_password_dochange', + $temp=array ( + 'username' => &$username, + 'curpw' => &$curpw, + 'newpw' => &$newpw + ) ); /* something bad happened, return */ if(count($msgs) > 0) { @@ -96,12 +99,13 @@ function cpw_do_change() /* update our password stored in the session */ $onetimepad = OneTimePadCreate(strlen($newpw)); - $_SESSION['onetimepad'] = $onetimepad; + sqsession_register($onetimepad,'onetimepad'); $key = OneTimePadEncrypt($newpw, $onetimepad); setcookie('key', $key, 0, $base_uri); /* make sure we write the session data before we redirect */ session_write_close(); - header('Location: '.SM_PATH. 'src/options.php?optmode=submit&plugin_change_password=1'); + header('Location: '.SM_PATH. 'src/options.php?optmode=submit&optpage=change_password&plugin_change_password=1'); exit; } +