From 6f7eafce186b7310598eaa69e1f35119f2a13a7a Mon Sep 17 00:00:00 2001 From: Steffen185 Date: Fri, 22 Mar 2013 15:16:45 +0100 Subject: Save new password even if it has not changed I have recently changed the password scheme of my Dovecot/Postfix/Roundcube installation. New passwords are encrypted stronger than before. It is not possible to automatically update existing passwords (because the old encryption is not so bad that I can easily crack it). But I'd like to tell my users that they can upgrade to the new password scheme by simply submitting the "change password" form with their old password in all three input fields. Currently a minor optimization prevents this. I think this minor optimization should be removed. --- plugins/password/password.php | 4 ---- 1 file changed, 4 deletions(-) (limited to 'plugins/password') diff --git a/plugins/password/password.php b/plugins/password/password.php index 39020a0bf..ec5bac3a9 100644 --- a/plugins/password/password.php +++ b/plugins/password/password.php @@ -146,10 +146,6 @@ class password extends rcube_plugin else if ($check_strength && (!preg_match("/[0-9]/", $newpwd) || !preg_match("/[^A-Za-z0-9]/", $newpwd))) { $rcmail->output->command('display_message', $this->gettext('passwordweak'), 'error'); } - // password is the same as the old one, do nothing, return success - else if ($sespwd == $newpwd) { - $rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation'); - } // try to save the password else if (!($res = $this->_save($curpwd, $newpwd))) { $rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation'); -- cgit v1.2.3 From 6db9f84737b399aba9f80d0a7f220bad72cc56ef Mon Sep 17 00:00:00 2001 From: Steffen185 Date: Tue, 2 Apr 2013 09:37:03 +0300 Subject: Added config option "password_force_save" --- plugins/password/config.inc.php.dist | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'plugins/password') diff --git a/plugins/password/config.inc.php.dist b/plugins/password/config.inc.php.dist index 16e3737d6..e2d8eeb10 100644 --- a/plugins/password/config.inc.php.dist +++ b/plugins/password/config.inc.php.dist @@ -31,6 +31,10 @@ $rcmail_config['password_login_exceptions'] = null; //$rcmail_config['password_hosts'] = array('mail.example.com', 'mail2.example.org'); $rcmail_config['password_hosts'] = null; +// Enables saving the new password even if it matches the old password. Useful +// for upgrading the stored passwords after the encryption scheme has changed. +$rcmail_config['password_force_save'] = false; + // SQL Driver options // ------------------ -- cgit v1.2.3 From b343adf3cb316b15d6751dc723f8e9348a3e4502 Mon Sep 17 00:00:00 2001 From: Steffen185 Date: Tue, 2 Apr 2013 09:41:29 +0300 Subject: Use new config option "password_force_save" --- plugins/password/password.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins/password') diff --git a/plugins/password/password.php b/plugins/password/password.php index ec5bac3a9..43cab7f5e 100644 --- a/plugins/password/password.php +++ b/plugins/password/password.php @@ -147,7 +147,7 @@ class password extends rcube_plugin $rcmail->output->command('display_message', $this->gettext('passwordweak'), 'error'); } // try to save the password - else if (!($res = $this->_save($curpwd, $newpwd))) { + else if ($sespwd == $newpwd && !$rcmail->config->get('password_force_save')) { $rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation'); // allow additional actions after password change (e.g. reset some backends) -- cgit v1.2.3 From 859a7a117acd8c7830a53a8c528790612e1638c4 Mon Sep 17 00:00:00 2001 From: Steffen185 Date: Tue, 2 Apr 2013 09:42:49 +0300 Subject: Fixed wrong copy-paste --- plugins/password/password.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'plugins/password') diff --git a/plugins/password/password.php b/plugins/password/password.php index 43cab7f5e..e16b4d0b9 100644 --- a/plugins/password/password.php +++ b/plugins/password/password.php @@ -146,9 +146,13 @@ class password extends rcube_plugin else if ($check_strength && (!preg_match("/[0-9]/", $newpwd) || !preg_match("/[^A-Za-z0-9]/", $newpwd))) { $rcmail->output->command('display_message', $this->gettext('passwordweak'), 'error'); } - // try to save the password + // password is the same as the old one, do nothing, return success else if ($sespwd == $newpwd && !$rcmail->config->get('password_force_save')) { $rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation'); + } + // try to save the password + else if (!($res = $this->_save($curpwd, $newpwd))) { + $rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation'); // allow additional actions after password change (e.g. reset some backends) $plugin = $rcmail->plugins->exec_hook('password_change', array( -- cgit v1.2.3