Plugins like listcommands should not close their own pages without displaying errors...

[squirrelmail.git] / plugins / change_password / functions.php

diff --git a/plugins/change_password/functions.php b/plugins/change_password/functions.php
index 123ed5d7b2a6e54b6df71ab737de1f7f02ee5b3f..f956ef7f3eeed2019850c0742f1efe14a4f32814 100644 (file)
--- a/plugins/change_password/functions.php
+++ b/plugins/change_password/functions.php
@@ -3,9 +3,8 @@
 /**
  * functions.php - Change Password plugin
  *
- * Copyright (c) 2003-2004 The SquirrelMail Project Team
- * Licensed under the GNU GPL. For full terms see the file COPYING.
- *
+ * @copyright © 2003-2007 The SquirrelMail Project Team
+ * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
  * @package plugins
  * @subpackage change_password
@@ -15,7 +14,7 @@
  * Will verify the input against a set of criteria:
  * is every field supplied, does verify password match,
  * does current password validate, ..
- * These criteria are (for now) backend-independant.
+ * These criteria are (for now) backend-independent.
  *
  * @return array Array with zero or more error messages.
  */
@@ -33,11 +32,6 @@ function cpw_check_input()
 
     $msg = array();
 
-    if(!$currentpw) {
-        $msg[] = _("You must type in your current password.");
-    } elseif($currentpw != OneTimePadDecrypt($key, $onetimepad)) {
-        $msg[] = _("Your current password is not correct.");
-    }
     if(!$newpw) {
         $msg[] = _("You must type in a new password.");
     }
@@ -46,6 +40,15 @@ function cpw_check_input()
     } elseif ($verifypw != $newpw) {
         $msg[] = _("Your new password does not match the verify password.");
     }
+
+    $orig_pw = OneTimePadDecrypt($key, $onetimepad);
+
+    if(!$currentpw) {
+        $msg[] = _("You must type in your current password.");
+    } elseif ($currentpw != $orig_pw) {
+        $msg[] = _("Your current password is not correct.");
+    }
+
     if($newpw && (strlen($newpw) < $cpw_pass_min_length ||
                   strlen($newpw) > $cpw_pass_max_length ) ) {
         $msg[] = sprintf(_("Your new password should be %s to %s characters long."),
@@ -82,12 +85,12 @@ function cpw_do_change()
 
     require_once(SM_PATH . 'plugins/change_password/backend/'.$cpw_backend.'.php');
 
-    $msgs = do_hook_function('change_password_dochange',
-        array (
-            'username' => $username,
-           'curpw' => $curpw,
-           'newpw' => $newpw
-       ) );
+    $msgs = do_hook('change_password_dochange',
+        $temp=array (
+            'username' => &$username,
+            'curpw' => &$curpw,
+            'newpw' => &$newpw
+        ) );
 
     /* something bad happened, return */
     if(count($msgs) > 0) {
@@ -96,12 +99,13 @@ function cpw_do_change()
 
     /* update our password stored in the session */
     $onetimepad = OneTimePadCreate(strlen($newpw));
-    $_SESSION['onetimepad'] = $onetimepad;
+    sqsession_register($onetimepad,'onetimepad');
     $key = OneTimePadEncrypt($newpw, $onetimepad);
     setcookie('key', $key, 0, $base_uri);
 
     /* make sure we write the session data before we redirect */
     session_write_close();
-    header('Location: '.SM_PATH. 'src/options.php?optmode=submit&plugin_change_password=1');
+    header('Location: '.SM_PATH. 'src/options.php?optmode=submit&optpage=change_password&plugin_change_password=1');
     exit;
 }
+