X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=plugins%2Fpassword%2Fpassword.php;h=b1c7863fcea7ce7391d97fbd256ce4ade9c6b4dd;hb=a2dd2e41259a5e90016efcd7d083020b95e25527;hp=6d3042b5fa52deaf50ed5a9fb67dba675ea1a417;hpb=4212156c5c79d2f58342feb0d3ed1893f177bcab;p=roundcube.git

diff --git a/plugins/password/password.php b/plugins/password/password.php
index 6d3042b..b1c7863 100644
--- a/plugins/password/password.php
+++ b/plugins/password/password.php
@@ -91,7 +91,8 @@ class password extends rcube_plugin
             $charset    = strtoupper($rcmail->config->get('password_charset', 'ISO-8859-1'));
             $rc_charset = strtoupper($rcmail->output->get_charset());
 
-            $curpwd = get_input_value('_curpasswd', RCUBE_INPUT_POST, true, $charset);
+            $sespwd = $rcmail->decrypt($_SESSION['password']);
+            $curpwd = $confirm ? get_input_value('_curpasswd', RCUBE_INPUT_POST, true, $charset) : $sespwd;
             $newpwd = get_input_value('_newpasswd', RCUBE_INPUT_POST, true);
             $conpwd = get_input_value('_confpasswd', RCUBE_INPUT_POST, true);
 
@@ -115,7 +116,7 @@ class password extends rcube_plugin
             else if ($conpwd != $newpwd) {
                 $rcmail->output->command('display_message', $this->gettext('passwordinconsistency'), 'error');
             }
-            else if ($confirm && $rcmail->decrypt($_SESSION['password']) != $curpwd) {
+            else if ($confirm && $sespwd != $curpwd) {
                 $rcmail->output->command('display_message', $this->gettext('passwordincorrect'), 'error');
             }
             else if ($required_length && strlen($newpwd) < $required_length) {
@@ -125,10 +126,26 @@ class password extends rcube_plugin
             else if ($check_strength && (!preg_match("/[0-9]/", $newpwd) || !preg_match("/[^A-Za-z0-9]/", $newpwd))) {
                 $rcmail->output->command('display_message', $this->gettext('passwordweak'), 'error');
             }
+            // password is the same as the old one, do nothing, return success
+            else if ($sespwd == $newpwd) {
+                $rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation');
+            }
             // try to save the password
             else if (!($res = $this->_save($curpwd, $newpwd))) {
                 $rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation');
-                $_SESSION['password'] = $rcmail->encrypt($newpwd);
+
+		// allow additional actions after password change (e.g. reset some backends)
+		$plugin = $rcmail->plugins->exec_hook('password_change', array(
+		    'old_pass' => $curpwd, 'new_pass' => $newpwd));
+
+                // Reset session password
+                $_SESSION['password'] = $rcmail->encrypt($plugin['new_pass']);
+
+                // Log password change
+                if ($rcmail->config->get('password_log')) {
+                    write_log('password', sprintf('Password changed for user %s (ID: %d) from %s',
+                        $rcmail->user->get_username(), $rcmail->user->ID, rcmail_remote_ip()));
+                }
             }
             else {
                 $rcmail->output->command('display_message', $res, 'error');
@@ -232,8 +249,8 @@ class password extends rcube_plugin
         $result = password_save($curpass, $passwd);
 
         if (is_array($result)) {
-            $result  = $result['code'];
             $message = $result['message'];
+            $result  = $result['code'];
         }
 
         switch ($result) {