- added server side password inconsistency check

author: alecpl <alec@alec.pl> 2009-09-19 08:01:55 +0000
committer: alecpl <alec@alec.pl> 2009-09-19 08:01:55 +0000
commit: 0dd842dbf5a63af81fc2abfc884dd9889e59b269 (patch)
tree: 35fef97b038da2a10d34800ec3083c25c8fd5ee0 /plugins/password/password.php
parent: df7d6f553766a2cecb639f8621858210bde1ea70 (diff)
1 files changed, 7 insertions, 2 deletions
diff --git a/plugins/password/password.php b/plugins/password/password.php
index 3a7050bdc..0a44aa997 100644
--- a/plugins/password/password.php
+++ b/plugins/password/password.php
@@ -89,8 +89,12 @@ class password extends rcube_plugin
 
       $curpwd = get_input_value('_curpasswd', RCUBE_INPUT_POST);
       $newpwd = get_input_value('_newpasswd', RCUBE_INPUT_POST);
+      $conpwd = get_input_value('_confpasswd', RCUBE_INPUT_POST);
 
-      if ($confirm && $rcmail->decrypt($_SESSION['password']) != $curpwd) {
+      if ($conpwd != $newpwd) {
+        $rcmail->output->command('display_message', $this->gettext('passwordinconsistency'), 'error');
+      }
+      else if ($confirm && $rcmail->decrypt($_SESSION['password']) != $curpwd) {
         $rcmail->output->command('display_message', $this->gettext('passwordincorrect'), 'error');
       }
       else if ($required_length && strlen($newpwd) < $required_length) {
@@ -103,7 +107,8 @@ class password extends rcube_plugin
       else if (!($res = $this->_save($curpwd,$newpwd))) {
         $rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation');
         $_SESSION['password'] = $rcmail->encrypt($newpwd);
-      } else
+      }
+      else
         $rcmail->output->command('display_message', $res, 'error');
     }
author	alecpl <alec@alec.pl>	2009-09-19 08:01:55 +0000
committer	alecpl <alec@alec.pl>	2009-09-19 08:01:55 +0000
commit	0dd842dbf5a63af81fc2abfc884dd9889e59b269 (patch)
tree	35fef97b038da2a10d34800ec3083c25c8fd5ee0 /plugins/password/password.php
parent	df7d6f553766a2cecb639f8621858210bde1ea70 (diff)