Changeset 4595 in subversion

Timestamp:

Mar 7, 2011 2:52:35 AM (2 years ago)

Author:

alec

Message:

• When old and new passwords are the same, do nothing, return success (#1487823)

Location:

trunk/plugins/password

Files:

• README (modified) (1 diff)
• drivers/sql.php (modified) (1 diff)
• package.xml (modified) (3 diffs)
• password.php (modified) (3 diffs)

trunk/plugins/password/README

@@ -257 +257 @@
  Driver file (<driver_name>.php) must define 'password_save' function with
  two arguments. First - current password, second - new password. Function
- may return PASSWORD_SUCCESS on success or any of PASSWORD_CONNECT_ERROR,
+ should return PASSWORD_SUCCESS on success or any of PASSWORD_CONNECT_ERROR,
  PASSWORD_CRYPT_ERROR, PASSWORD_ERROR when driver was unable to change password.
- See existing drivers in drivers/ directory for examples.
-
+ Extended result (as a hash-array with 'message' and 'code' items) can be returned
+ too. See existing drivers in drivers/ directory for examples.

trunk/plugins/password/drivers/sql.php

@@ -138 +138 @@
             if ($result = $db->fetch_array($res))
                         return PASSWORD_SUCCESS;
-            } else { 
+            } else {
+            // This is the good case: 1 row updated
             if ($db->affected_rows($res) == 1)
-                        return PASSWORD_SUCCESS; // This is the good case: 1 row updated
+                    return PASSWORD_SUCCESS;
+            // @TODO: Some queries don't affect any rows
+            // Should we assume a success if there was no error?
             }
     }

trunk/plugins/password/package.xml

@@ -16 +16 @@
                 <active>yes</active>
         </lead>
-        <date>2011-02-15</date>
-        <time>12:00</time>
+        <date></date>
+        <time></time>
         <version>
-                <release>2.2</release>
+                <release></release>
                 <api>1.6</api>
         </version>
@@ -28 +28 @@
         <license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license>
         <notes>
-- hMail driver: add username_domain detection (#1487100)
-- hMail driver: HTML tags in logged messages should be stripped off (#1487099)
-- Chpasswd driver: add newline at end of input to chpasswd binary (#1487141)
-- Fix usage of configured temp_dir instead of /tmp (#1487447)
-- ldap_simple driver: fix parse error
-- ldap/ldap_simple drivers: support %dc variable in config
-- ldap/ldap_simple drivers: support Samba password change
-- Fix extended error messages handling (#1487676)
-- Fix double request when clicking on Password tab in Firefox
-- Fix deprecated split() usage in xmail and directadmin drivers (#1487769)
-- Added option (password_log) for logging password changes
-- Virtualmin driver: Add option for setting username format (#1487781)
+- When old and new passwords are the same, do nothing, return success (#1487823)
     </notes>
         <contents>
@@ -246 +235 @@
             </notes>
         </release>
+        <release>
+                <date>2011-02-15</date>
+                <time>12:00</time>
+                <version>
+                        <release>2.2</release>
+                        <api>1.6</api>
+                </version>
+                <stability>
+                        <release>stable</release>
+                        <api>stable</api>
+                </stability>
+                <license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license>
+                <notes>
+- hMail driver: add username_domain detection (#1487100)
+- hMail driver: HTML tags in logged messages should be stripped off (#1487099)
+- Chpasswd driver: add newline at end of input to chpasswd binary (#1487141)
+- Fix usage of configured temp_dir instead of /tmp (#1487447)
+- ldap_simple driver: fix parse error
+- ldap/ldap_simple drivers: support %dc variable in config
+- ldap/ldap_simple drivers: support Samba password change
+- Fix extended error messages handling (#1487676)
+- Fix double request when clicking on Password tab in Firefox
+- Fix deprecated split() usage in xmail and directadmin drivers (#1487769)
+- Added option (password_log) for logging password changes
+- Virtualmin driver: Add option for setting username format (#1487781)
+            </notes>
+        </release>
     </changelog>
 </package>

trunk/plugins/password/password.php

@@ -92 +92 @@
             $rc_charset = strtoupper($rcmail->output->get_charset());
 
-            $curpwd = get_input_value('_curpasswd', RCUBE_INPUT_POST, true, $charset);
+            $sespwd = $rcmail->decrypt($_SESSION['password']);
+            $curpwd = $confirm ? get_input_value('_curpasswd', RCUBE_INPUT_POST, true, $charset) : $sespwd;
             $newpwd = get_input_value('_newpasswd', RCUBE_INPUT_POST, true);
             $conpwd = get_input_value('_confpasswd', RCUBE_INPUT_POST, true);
@@ -116 +117 @@
                 $rcmail->output->command('display_message', $this->gettext('passwordinconsistency'), 'error');
             }
-            else if ($confirm && $rcmail->decrypt($_SESSION['password']) != $curpwd) {
+            else if ($confirm && $sespwd != $curpwd) {
                 $rcmail->output->command('display_message', $this->gettext('passwordincorrect'), 'error');
             }
@@ -125 +126 @@
             else if ($check_strength && (!preg_match("/[0-9]/", $newpwd) || !preg_match("/[^A-Za-z0-9]/", $newpwd))) {
                 $rcmail->output->command('display_message', $this->gettext('passwordweak'), 'error');
+            }
+            // password is the same as the old one, do nothing, return success
+            else if ($sespwd == $newpwd) {
+                $rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation');
             }
             // try to save the password