diff options
| author | alecpl <alec@alec.pl> | 2009-09-19 08:01:55 +0000 |
|---|---|---|
| committer | alecpl <alec@alec.pl> | 2009-09-19 08:01:55 +0000 |
| commit | 0dd842dbf5a63af81fc2abfc884dd9889e59b269 (patch) | |
| tree | 35fef97b038da2a10d34800ec3083c25c8fd5ee0 | |
| parent | df7d6f553766a2cecb639f8621858210bde1ea70 (diff) | |
- added server side password inconsistency check
| -rw-r--r-- | plugins/password/password.js | 2 | ||||
| -rw-r--r-- | plugins/password/password.php | 9 |
2 files changed, 8 insertions, 3 deletions
diff --git a/plugins/password/password.js b/plugins/password/password.js index c3252f031..8a079de2d 100644 --- a/plugins/password/password.js +++ b/plugins/password/password.js @@ -25,7 +25,7 @@ if (window.rcmail) { } else if (input_confpasswd && input_confpasswd.value=='') { alert(rcmail.gettext('nopassword', 'password')); input_confpasswd.focus(); - } else if ((input_newpasswd && input_confpasswd) && (input_newpasswd.value != input_confpasswd.value)) { + } else if (input_newpasswd && input_confpasswd && input_newpasswd.value != input_confpasswd.value) { alert(rcmail.gettext('passwordinconsistency', 'password')); input_newpasswd.focus(); } else { diff --git a/plugins/password/password.php b/plugins/password/password.php index 3a7050bdc..0a44aa997 100644 --- a/plugins/password/password.php +++ b/plugins/password/password.php @@ -89,8 +89,12 @@ class password extends rcube_plugin $curpwd = get_input_value('_curpasswd', RCUBE_INPUT_POST); $newpwd = get_input_value('_newpasswd', RCUBE_INPUT_POST); + $conpwd = get_input_value('_confpasswd', RCUBE_INPUT_POST); - if ($confirm && $rcmail->decrypt($_SESSION['password']) != $curpwd) { + if ($conpwd != $newpwd) { + $rcmail->output->command('display_message', $this->gettext('passwordinconsistency'), 'error'); + } + else if ($confirm && $rcmail->decrypt($_SESSION['password']) != $curpwd) { $rcmail->output->command('display_message', $this->gettext('passwordincorrect'), 'error'); } else if ($required_length && strlen($newpwd) < $required_length) { @@ -103,7 +107,8 @@ class password extends rcube_plugin else if (!($res = $this->_save($curpwd,$newpwd))) { $rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation'); $_SESSION['password'] = $rcmail->encrypt($newpwd); - } else + } + else $rcmail->output->command('display_message', $res, 'error'); } |