[Svn] r2969 - trunk/roundcubemail/plugins/password

trac at roundcube.net trac at roundcube.net
Sat Sep 19 10:01:55 CEST 2009


Author: alec
Date: 2009-09-19 03:01:55 -0500 (Sat, 19 Sep 2009)
New Revision: 2969

Modified:
   trunk/roundcubemail/plugins/password/password.js
   trunk/roundcubemail/plugins/password/password.php
Log:
- added server side password inconsistency check


Modified: trunk/roundcubemail/plugins/password/password.js
===================================================================
--- trunk/roundcubemail/plugins/password/password.js	2009-09-18 14:51:23 UTC (rev 2968)
+++ trunk/roundcubemail/plugins/password/password.js	2009-09-19 08:01:55 UTC (rev 2969)
@@ -25,7 +25,7 @@
       } else if (input_confpasswd && input_confpasswd.value=='') {
           alert(rcmail.gettext('nopassword', 'password'));
           input_confpasswd.focus();
-      } else if ((input_newpasswd && input_confpasswd) && (input_newpasswd.value != input_confpasswd.value)) {
+      } else if (input_newpasswd && input_confpasswd && input_newpasswd.value != input_confpasswd.value) {
           alert(rcmail.gettext('passwordinconsistency', 'password'));
           input_newpasswd.focus();
       } else {

Modified: trunk/roundcubemail/plugins/password/password.php
===================================================================
--- trunk/roundcubemail/plugins/password/password.php	2009-09-18 14:51:23 UTC (rev 2968)
+++ trunk/roundcubemail/plugins/password/password.php	2009-09-19 08:01:55 UTC (rev 2969)
@@ -89,8 +89,12 @@
 
       $curpwd = get_input_value('_curpasswd', RCUBE_INPUT_POST);
       $newpwd = get_input_value('_newpasswd', RCUBE_INPUT_POST);
+      $conpwd = get_input_value('_confpasswd', RCUBE_INPUT_POST);
 
-      if ($confirm && $rcmail->decrypt($_SESSION['password']) != $curpwd) {
+      if ($conpwd != $newpwd) {
+        $rcmail->output->command('display_message', $this->gettext('passwordinconsistency'), 'error');
+      }
+      else if ($confirm && $rcmail->decrypt($_SESSION['password']) != $curpwd) {
         $rcmail->output->command('display_message', $this->gettext('passwordincorrect'), 'error');
       }
       else if ($required_length && strlen($newpwd) < $required_length) {
@@ -103,7 +107,8 @@
       else if (!($res = $this->_save($curpwd,$newpwd))) {
         $rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation');
         $_SESSION['password'] = $rcmail->encrypt($newpwd);
-      } else
+      }
+      else
         $rcmail->output->command('display_message', $res, 'error');
     }
 

_______________________________________________
http://lists.roundcube.net/mailman/listinfo/svn



More information about the Svn mailing list