From 4ae9a39aabee5816b6321d24e771ddb56d824ab7 Mon Sep 17 00:00:00 2001 From: alec Date: Mon, 7 Mar 2011 07:52:35 +0000 Subject: - When old and new passwords are the same, do nothing, return success (#1487823) git-svn-id: https://svn.roundcube.net/trunk@4595 208e9e7b-5314-0410-a742-e7e81cd9613c --- plugins/password/README | 6 +++--- plugins/password/drivers/sql.php | 7 ++++-- plugins/password/package.xml | 46 +++++++++++++++++++++++++++------------- plugins/password/password.php | 9 ++++++-- 4 files changed, 46 insertions(+), 22 deletions(-) (limited to 'plugins') diff --git a/plugins/password/README b/plugins/password/README index 81e4f1ead..80421ce8f 100644 --- a/plugins/password/README +++ b/plugins/password/README @@ -256,7 +256,7 @@ Driver file (.php) must define 'password_save' function with two arguments. First - current password, second - new password. Function - may return PASSWORD_SUCCESS on success or any of PASSWORD_CONNECT_ERROR, + should return PASSWORD_SUCCESS on success or any of PASSWORD_CONNECT_ERROR, PASSWORD_CRYPT_ERROR, PASSWORD_ERROR when driver was unable to change password. - See existing drivers in drivers/ directory for examples. - + Extended result (as a hash-array with 'message' and 'code' items) can be returned + too. See existing drivers in drivers/ directory for examples. diff --git a/plugins/password/drivers/sql.php b/plugins/password/drivers/sql.php index 33469ec62..9ea33df2f 100644 --- a/plugins/password/drivers/sql.php +++ b/plugins/password/drivers/sql.php @@ -137,9 +137,12 @@ function password_save($curpass, $passwd) if (strtolower(substr(trim($query),0,6))=='select') { if ($result = $db->fetch_array($res)) return PASSWORD_SUCCESS; - } else { + } else { + // This is the good case: 1 row updated if ($db->affected_rows($res) == 1) - return PASSWORD_SUCCESS; // This is the good case: 1 row updated + return PASSWORD_SUCCESS; + // @TODO: Some queries don't affect any rows + // Should we assume a success if there was no error? } } diff --git a/plugins/password/package.xml b/plugins/password/package.xml index a4827dfd0..e740e08d4 100644 --- a/plugins/password/package.xml +++ b/plugins/password/package.xml @@ -15,10 +15,10 @@ alec@alec.pl yes - 2011-02-15 - + + - 2.2 + 1.6 @@ -27,18 +27,7 @@ GNU GPLv2 -- hMail driver: add username_domain detection (#1487100) -- hMail driver: HTML tags in logged messages should be stripped off (#1487099) -- Chpasswd driver: add newline at end of input to chpasswd binary (#1487141) -- Fix usage of configured temp_dir instead of /tmp (#1487447) -- ldap_simple driver: fix parse error -- ldap/ldap_simple drivers: support %dc variable in config -- ldap/ldap_simple drivers: support Samba password change -- Fix extended error messages handling (#1487676) -- Fix double request when clicking on Password tab in Firefox -- Fix deprecated split() usage in xmail and directadmin drivers (#1487769) -- Added option (password_log) for logging password changes -- Virtualmin driver: Add option for setting username format (#1487781) +- When old and new passwords are the same, do nothing, return success (#1487823) @@ -245,5 +234,32 @@ - hMail driver: Add possibility to connect to remote host + + 2011-02-15 + + + 2.2 + 1.6 + + + stable + stable + + GNU GPLv2 + +- hMail driver: add username_domain detection (#1487100) +- hMail driver: HTML tags in logged messages should be stripped off (#1487099) +- Chpasswd driver: add newline at end of input to chpasswd binary (#1487141) +- Fix usage of configured temp_dir instead of /tmp (#1487447) +- ldap_simple driver: fix parse error +- ldap/ldap_simple drivers: support %dc variable in config +- ldap/ldap_simple drivers: support Samba password change +- Fix extended error messages handling (#1487676) +- Fix double request when clicking on Password tab in Firefox +- Fix deprecated split() usage in xmail and directadmin drivers (#1487769) +- Added option (password_log) for logging password changes +- Virtualmin driver: Add option for setting username format (#1487781) + + diff --git a/plugins/password/password.php b/plugins/password/password.php index 8fc95ea86..c79f55ef2 100644 --- a/plugins/password/password.php +++ b/plugins/password/password.php @@ -91,7 +91,8 @@ class password extends rcube_plugin $charset = strtoupper($rcmail->config->get('password_charset', 'ISO-8859-1')); $rc_charset = strtoupper($rcmail->output->get_charset()); - $curpwd = get_input_value('_curpasswd', RCUBE_INPUT_POST, true, $charset); + $sespwd = $rcmail->decrypt($_SESSION['password']); + $curpwd = $confirm ? get_input_value('_curpasswd', RCUBE_INPUT_POST, true, $charset) : $sespwd; $newpwd = get_input_value('_newpasswd', RCUBE_INPUT_POST, true); $conpwd = get_input_value('_confpasswd', RCUBE_INPUT_POST, true); @@ -115,7 +116,7 @@ class password extends rcube_plugin else if ($conpwd != $newpwd) { $rcmail->output->command('display_message', $this->gettext('passwordinconsistency'), 'error'); } - else if ($confirm && $rcmail->decrypt($_SESSION['password']) != $curpwd) { + else if ($confirm && $sespwd != $curpwd) { $rcmail->output->command('display_message', $this->gettext('passwordincorrect'), 'error'); } else if ($required_length && strlen($newpwd) < $required_length) { @@ -125,6 +126,10 @@ class password extends rcube_plugin else if ($check_strength && (!preg_match("/[0-9]/", $newpwd) || !preg_match("/[^A-Za-z0-9]/", $newpwd))) { $rcmail->output->command('display_message', $this->gettext('passwordweak'), 'error'); } + // password is the same as the old one, do nothing, return success + else if ($sespwd == $newpwd) { + $rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation'); + } // try to save the password else if (!($res = $this->_save($curpwd, $newpwd))) { $rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation'); -- cgit v1.2.3