- When old and new passwords are the same, do nothing, return success (#1487823)

git-svn-id: https://svn.roundcube.net/trunk@4595 208e9e7b-5314-0410-a742-e7e81cd9613c
author: alec <alec@208e9e7b-5314-0410-a742-e7e81cd9613c> 2011-03-07 07:52:35 +0000
committer: alec <alec@208e9e7b-5314-0410-a742-e7e81cd9613c> 2011-03-07 07:52:35 +0000
commit: 4ae9a39aabee5816b6321d24e771ddb56d824ab7 (patch)
tree: 602b0a5917555d3637c7a07d77ac28b068f88ac9 /plugins/password
parent: b8c247a8773b945369a5858275c86e2448cdc7db (diff)
4 files changed, 46 insertions, 22 deletions
diff --git a/plugins/password/README b/plugins/password/README
index 81e4f1ead..80421ce8f 100644
--- a/plugins/password/README
+++ b/plugins/password/README
@@ -256,7 +256,7 @@
 
  Driver file (<driver_name>.php) must define 'password_save' function with
  two arguments. First - current password, second - new password. Function
- may return PASSWORD_SUCCESS on success or any of PASSWORD_CONNECT_ERROR,
+ should return PASSWORD_SUCCESS on success or any of PASSWORD_CONNECT_ERROR,
  PASSWORD_CRYPT_ERROR, PASSWORD_ERROR when driver was unable to change password.
- See existing drivers in drivers/ directory for examples.
-
+ Extended result (as a hash-array with 'message' and 'code' items) can be returned
+ too. See existing drivers in drivers/ directory for examples.
diff --git a/plugins/password/drivers/sql.php b/plugins/password/drivers/sql.php
index 33469ec62..9ea33df2f 100644
--- a/plugins/password/drivers/sql.php
+++ b/plugins/password/drivers/sql.php
@@ -137,9 +137,12 @@ function password_save($curpass, $passwd)
 	    if (strtolower(substr(trim($query),0,6))=='select') {
     	    if ($result = $db->fetch_array($res))
 		        return PASSWORD_SUCCESS;
-	    } else { 
+	    } else {
+            // This is the good case: 1 row updated
     	    if ($db->affected_rows($res) == 1)
-		        return PASSWORD_SUCCESS; // This is the good case: 1 row updated
+	            return PASSWORD_SUCCESS;
+            // @TODO: Some queries don't affect any rows
+            // Should we assume a success if there was no error?
 	    }
     }
 
diff --git a/plugins/password/package.xml b/plugins/password/package.xml
index a4827dfd0..e740e08d4 100644
--- a/plugins/password/package.xml
+++ b/plugins/password/package.xml
@@ -15,10 +15,10 @@
 		<email>alec@alec.pl</email>
 		<active>yes</active>
 	</lead>
-	<date>2011-02-15</date>
-	<time>12:00</time>
+	<date></date>
+	<time></time>
 	<version>
-		<release>2.2</release>
+		<release></release>
 		<api>1.6</api>
 	</version>
 	<stability>
@@ -27,18 +27,7 @@
 	</stability>
 	<license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license>
 	<notes>
-- hMail driver: add username_domain detection (#1487100)
-- hMail driver: HTML tags in logged messages should be stripped off (#1487099)
-- Chpasswd driver: add newline at end of input to chpasswd binary (#1487141)
-- Fix usage of configured temp_dir instead of /tmp (#1487447)
-- ldap_simple driver: fix parse error
-- ldap/ldap_simple drivers: support %dc variable in config
-- ldap/ldap_simple drivers: support Samba password change
-- Fix extended error messages handling (#1487676)
-- Fix double request when clicking on Password tab in Firefox
-- Fix deprecated split() usage in xmail and directadmin drivers (#1487769)
-- Added option (password_log) for logging password changes
-- Virtualmin driver: Add option for setting username format (#1487781)
+- When old and new passwords are the same, do nothing, return success (#1487823)
     </notes>
 	<contents>
 		<dir baseinstalldir="/" name="/">
@@ -245,5 +234,32 @@
 - hMail driver: Add possibility to connect to remote host
             </notes>
         </release>
+        <release>
+	        <date>2011-02-15</date>
+	        <time>12:00</time>
+        	<version>
+		        <release>2.2</release>
+		        <api>1.6</api>
+	        </version>
+	        <stability>
+		        <release>stable</release>
+		        <api>stable</api>
+	        </stability>
+	        <license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license>
+	        <notes>
+- hMail driver: add username_domain detection (#1487100)
+- hMail driver: HTML tags in logged messages should be stripped off (#1487099)
+- Chpasswd driver: add newline at end of input to chpasswd binary (#1487141)
+- Fix usage of configured temp_dir instead of /tmp (#1487447)
+- ldap_simple driver: fix parse error
+- ldap/ldap_simple drivers: support %dc variable in config
+- ldap/ldap_simple drivers: support Samba password change
+- Fix extended error messages handling (#1487676)
+- Fix double request when clicking on Password tab in Firefox
+- Fix deprecated split() usage in xmail and directadmin drivers (#1487769)
+- Added option (password_log) for logging password changes
+- Virtualmin driver: Add option for setting username format (#1487781)
+            </notes>
+        </release>
     </changelog>
 </package>
diff --git a/plugins/password/password.php b/plugins/password/password.php
index 8fc95ea86..c79f55ef2 100644
--- a/plugins/password/password.php
+++ b/plugins/password/password.php
@@ -91,7 +91,8 @@ class password extends rcube_plugin
             $charset    = strtoupper($rcmail->config->get('password_charset', 'ISO-8859-1'));
             $rc_charset = strtoupper($rcmail->output->get_charset());
 
-            $curpwd = get_input_value('_curpasswd', RCUBE_INPUT_POST, true, $charset);
+            $sespwd = $rcmail->decrypt($_SESSION['password']);
+            $curpwd = $confirm ? get_input_value('_curpasswd', RCUBE_INPUT_POST, true, $charset) : $sespwd;
             $newpwd = get_input_value('_newpasswd', RCUBE_INPUT_POST, true);
             $conpwd = get_input_value('_confpasswd', RCUBE_INPUT_POST, true);
 
@@ -115,7 +116,7 @@ class password extends rcube_plugin
             else if ($conpwd != $newpwd) {
                 $rcmail->output->command('display_message', $this->gettext('passwordinconsistency'), 'error');
             }
-            else if ($confirm && $rcmail->decrypt($_SESSION['password']) != $curpwd) {
+            else if ($confirm && $sespwd != $curpwd) {
                 $rcmail->output->command('display_message', $this->gettext('passwordincorrect'), 'error');
             }
             else if ($required_length && strlen($newpwd) < $required_length) {
@@ -125,6 +126,10 @@ class password extends rcube_plugin
             else if ($check_strength && (!preg_match("/[0-9]/", $newpwd) || !preg_match("/[^A-Za-z0-9]/", $newpwd))) {
                 $rcmail->output->command('display_message', $this->gettext('passwordweak'), 'error');
             }
+            // password is the same as the old one, do nothing, return success
+            else if ($sespwd == $newpwd) {
+                $rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation');
+            }
             // try to save the password
             else if (!($res = $this->_save($curpwd, $newpwd))) {
                 $rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation');
author	alec <alec@208e9e7b-5314-0410-a742-e7e81cd9613c>	2011-03-07 07:52:35 +0000
committer	alec <alec@208e9e7b-5314-0410-a742-e7e81cd9613c>	2011-03-07 07:52:35 +0000
commit	4ae9a39aabee5816b6321d24e771ddb56d824ab7 (patch)
tree	602b0a5917555d3637c7a07d77ac28b068f88ac9 /plugins/password
parent	b8c247a8773b945369a5858275c86e2448cdc7db (diff)