X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=plugins%2Fchange_password%2Ffunctions.php;h=d798966ee9e7cae2040dfb99f88c24a2383e03ab;hp=e9cf52f48887f3e213dcde0270b034a83e105201;hb=775edf4f6bc3908670e0e9f749ece01fec51c2fb;hpb=5c34b0bbf0fc464baa22d6ae069d4b7bd305d2cf

diff --git a/plugins/change_password/functions.php b/plugins/change_password/functions.php
index e9cf52f4..d798966e 100644
--- a/plugins/change_password/functions.php
+++ b/plugins/change_password/functions.php
@@ -1,10 +1,22 @@
 <?php
 
+/**
+ * functions.php - Change Password plugin
+ *
+ * Copyright (c) 2003-2005 The SquirrelMail Project Team
+ * Licensed under the GNU GPL. For full terms see the file COPYING.
+ *
+ * @version $Id$
+ * @package plugins
+ * @subpackage change_password
+ */
+
 /**
  * Will verify the input against a set of criteria:
  * is every field supplied, does verify password match,
  * does current password validate, ..
- * These criteria are for now backend-independant.
+ * These criteria are (for now) backend-independent.
+ *
  * @return array Array with zero or more error messages.
  */
 function cpw_check_input()
@@ -21,11 +33,6 @@ function cpw_check_input()
 
     $msg = array();
 
-    if(!$currentpw) {
-        $msg[] = _("You must type in your current password.");
-    } elseif($currentpw != OneTimePadDecrypt($key, $onetimepad)) {
-        $msg[] = _("Your current password is not correct.");
-    }
     if(!$newpw) {
         $msg[] = _("You must type in a new password.");
     }
@@ -34,6 +41,15 @@ function cpw_check_input()
     } elseif ($verifypw != $newpw) {
         $msg[] = _("Your new password does not match the verify password.");
     }
+
+    $orig_pw = OneTimePadDecrypt($key, $onetimepad);
+
+    if(!$currentpw) {
+        $msg[] = _("You must type in your current password.");
+    } elseif ($currentpw != $orig_pw) {
+        $msg[] = _("Your current password is not correct.");
+    }
+
     if($newpw && (strlen($newpw) < $cpw_pass_min_length ||
                   strlen($newpw) > $cpw_pass_max_length ) ) {
         $msg[] = sprintf(_("Your new password should be %s to %s characters long."),
@@ -41,9 +57,9 @@ function cpw_check_input()
     }
 
     // do we need to do checks that are backend-specific and should
-    // be handled by a hook? I know of none now, but if there's a need
-    // for it we can add a hook for that here.
-    // those checks can also be done in the backend dochange() function.
+    // be handled by a hook? I know of none now, bnd those checks can
+    // also be done in the backend dochange() function. If there turns
+    // out to be a need for it we can add a hook for that here.
 
     return $msg;
 }
@@ -61,8 +77,8 @@ define('CPW_INVALID_PW', _("Your new password contains invalid characters."));
 function cpw_do_change()
 {
     global $cpw_backend;
-    sqgetGlobalVar('cpw_current', $curpw,      SQ_POST);
-    sqgetGlobalVar('cpw_new',     $newpw,      SQ_POST);
+    sqgetGlobalVar('cpw_curpass', $curpw,      SQ_POST);
+    sqgetGlobalVar('cpw_newpass', $newpw,      SQ_POST);
     sqgetGlobalVar('base_uri',    $base_uri,   SQ_SESSION);
     sqgetGlobalVar('onetimepad',  $onetimepad, SQ_SESSION);
     sqgetGlobalVar('key',         $key,        SQ_COOKIE);
@@ -73,9 +89,9 @@ function cpw_do_change()
     $msgs = do_hook_function('change_password_dochange',
         array (
             'username' => $username,
-	    'curpw' => $curpw,
-	    'newpw' => $newpw
-	) );
+            'curpw' => $curpw,
+            'newpw' => $newpw
+        ) );
 
     /* something bad happened, return */
     if(count($msgs) > 0) {
@@ -84,12 +100,14 @@ function cpw_do_change()
 
     /* update our password stored in the session */
     $onetimepad = OneTimePadCreate(strlen($newpw));
-    $_SESSION['onetimepad'] = $onetimepad;
+    sqsession_register($onetimepad,'onetimepad');
     $key = OneTimePadEncrypt($newpw, $onetimepad);
     setcookie('key', $key, 0, $base_uri);
 
     /* make sure we write the session data before we redirect */
     session_write_close();
-    header('Location: '.SM_PATH. 'src/options.php?optmode=submit&plugin_change_password=1');
+    header('Location: '.SM_PATH. 'src/options.php?optmode=submit&optpage=change_password&plugin_change_password=1');
     exit;
 }
+
+?>
\ No newline at end of file