X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=plugins%2Fchange_password%2Ffunctions.php;h=0ab38fc100a4dbc0c2752ca6a9fd304016b1bb37;hp=123ed5d7b2a6e54b6df71ab737de1f7f02ee5b3f;hb=e7d5ff29db69101e42cd491d2fa42d4f83cd35a4;hpb=882acf90e4d2345143c3c2f7b1b9e18cdba61260 diff --git a/plugins/change_password/functions.php b/plugins/change_password/functions.php index 123ed5d7..0ab38fc1 100644 --- a/plugins/change_password/functions.php +++ b/plugins/change_password/functions.php @@ -3,9 +3,8 @@ /** * functions.php - Change Password plugin * - * Copyright (c) 2003-2004 The SquirrelMail Project Team - * Licensed under the GNU GPL. For full terms see the file COPYING. - * + * @copyright 2003-2017 The SquirrelMail Project Team + * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @version $Id$ * @package plugins * @subpackage change_password @@ -15,7 +14,7 @@ * Will verify the input against a set of criteria: * is every field supplied, does verify password match, * does current password validate, .. - * These criteria are (for now) backend-independant. + * These criteria are (for now) backend-independent. * * @return array Array with zero or more error messages. */ @@ -33,11 +32,6 @@ function cpw_check_input() $msg = array(); - if(!$currentpw) { - $msg[] = _("You must type in your current password."); - } elseif($currentpw != OneTimePadDecrypt($key, $onetimepad)) { - $msg[] = _("Your current password is not correct."); - } if(!$newpw) { $msg[] = _("You must type in a new password."); } @@ -46,6 +40,15 @@ function cpw_check_input() } elseif ($verifypw != $newpw) { $msg[] = _("Your new password does not match the verify password."); } + + $orig_pw = OneTimePadDecrypt($key, $onetimepad); + + if(!$currentpw) { + $msg[] = _("You must type in your current password."); + } elseif ($currentpw != $orig_pw) { + $msg[] = _("Your current password is not correct."); + } + if($newpw && (strlen($newpw) < $cpw_pass_min_length || strlen($newpw) > $cpw_pass_max_length ) ) { $msg[] = sprintf(_("Your new password should be %s to %s characters long."), @@ -82,12 +85,12 @@ function cpw_do_change() require_once(SM_PATH . 'plugins/change_password/backend/'.$cpw_backend.'.php'); - $msgs = do_hook_function('change_password_dochange', - array ( - 'username' => $username, - 'curpw' => $curpw, - 'newpw' => $newpw - ) ); + $msgs = do_hook('change_password_dochange', + $temp=array ( + 'username' => &$username, + 'curpw' => &$curpw, + 'newpw' => &$newpw + ) ); /* something bad happened, return */ if(count($msgs) > 0) { @@ -96,12 +99,13 @@ function cpw_do_change() /* update our password stored in the session */ $onetimepad = OneTimePadCreate(strlen($newpw)); - $_SESSION['onetimepad'] = $onetimepad; + sqsession_register($onetimepad,'onetimepad'); $key = OneTimePadEncrypt($newpw, $onetimepad); - setcookie('key', $key, 0, $base_uri); + sqsetcookie('key', $key, 0, $base_uri); /* make sure we write the session data before we redirect */ session_write_close(); - header('Location: '.SM_PATH. 'src/options.php?optmode=submit&plugin_change_password=1'); + header('Location: '.SM_PATH. 'src/options.php?optmode=submit&optpage=change_password&plugin_change_password=1&smtoken=' . sm_generate_security_token()); exit; } +