<?php
+/**
+ * functions.php - Change Password plugin
+ *
+ * @copyright © 2003-2006 The SquirrelMail Project Team
+ * @license http://opensource.org/licenses/gpl-license.php GNU Public License
+ * @version $Id$
+ * @package plugins
+ * @subpackage change_password
+ */
+
/**
* Will verify the input against a set of criteria:
* is every field supplied, does verify password match,
* does current password validate, ..
- * These criteria are for now backend-independant.
+ * These criteria are (for now) backend-independent.
+ *
* @return array Array with zero or more error messages.
*/
function cpw_check_input()
$msg = array();
- if(!$currentpw) {
- $msg[] = _("You must type in your current password.");
- } elseif($currentpw != OneTimePadDecrypt($key, $onetimepad)) {
- $msg[] = _("Your current password is not correct.");
- }
if(!$newpw) {
$msg[] = _("You must type in a new password.");
}
} elseif ($verifypw != $newpw) {
$msg[] = _("Your new password does not match the verify password.");
}
+
+ $orig_pw = OneTimePadDecrypt($key, $onetimepad);
+
+ if(!$currentpw) {
+ $msg[] = _("You must type in your current password.");
+ } elseif ($currentpw != $orig_pw) {
+ $msg[] = _("Your current password is not correct.");
+ }
+
if($newpw && (strlen($newpw) < $cpw_pass_min_length ||
strlen($newpw) > $cpw_pass_max_length ) ) {
$msg[] = sprintf(_("Your new password should be %s to %s characters long."),
}
// do we need to do checks that are backend-specific and should
- // be handled by a hook? I know of none now, but if there's a need
- // for it we can add a hook for that here.
- // those checks can also be done in the backend dochange() function.
+ // be handled by a hook? I know of none now, bnd those checks can
+ // also be done in the backend dochange() function. If there turns
+ // out to be a need for it we can add a hook for that here.
return $msg;
}
function cpw_do_change()
{
global $cpw_backend;
- sqgetGlobalVar('cpw_current', $curpw, SQ_POST);
- sqgetGlobalVar('cpw_new', $newpw, SQ_POST);
+ sqgetGlobalVar('cpw_curpass', $curpw, SQ_POST);
+ sqgetGlobalVar('cpw_newpass', $newpw, SQ_POST);
sqgetGlobalVar('base_uri', $base_uri, SQ_SESSION);
sqgetGlobalVar('onetimepad', $onetimepad, SQ_SESSION);
sqgetGlobalVar('key', $key, SQ_COOKIE);
$msgs = do_hook_function('change_password_dochange',
array (
'username' => $username,
- 'curpw' => $curpw,
- 'newpw' => $newpw
- ) );
+ 'curpw' => $curpw,
+ 'newpw' => $newpw
+ ) );
/* something bad happened, return */
if(count($msgs) > 0) {
/* update our password stored in the session */
$onetimepad = OneTimePadCreate(strlen($newpw));
- $_SESSION['onetimepad'] = $onetimepad;
+ sqsession_register($onetimepad,'onetimepad');
$key = OneTimePadEncrypt($newpw, $onetimepad);
setcookie('key', $key, 0, $base_uri);
/* make sure we write the session data before we redirect */
session_write_close();
- header('Location: '.get_location(). '/options.php?optmode=submit&plugin_change_password=1');
+ header('Location: '.SM_PATH. 'src/options.php?optmode=submit&optpage=change_password&plugin_change_password=1');
exit;
}
+
+?>
\ No newline at end of file
projects / squirrelmail.git / blobdiff