$charset = strtoupper($rcmail->config->get('password_charset', 'ISO-8859-1'));
$rc_charset = strtoupper($rcmail->output->get_charset());
- $curpwd = get_input_value('_curpasswd', RCUBE_INPUT_POST, true, $charset);
+ $sespwd = $rcmail->decrypt($_SESSION['password']);
+ $curpwd = $confirm ? get_input_value('_curpasswd', RCUBE_INPUT_POST, true, $charset) : $sespwd;
$newpwd = get_input_value('_newpasswd', RCUBE_INPUT_POST, true);
$conpwd = get_input_value('_confpasswd', RCUBE_INPUT_POST, true);
else if ($conpwd != $newpwd) {
$rcmail->output->command('display_message', $this->gettext('passwordinconsistency'), 'error');
}
- else if ($confirm && $rcmail->decrypt($_SESSION['password']) != $curpwd) {
+ else if ($confirm && $sespwd != $curpwd) {
$rcmail->output->command('display_message', $this->gettext('passwordincorrect'), 'error');
}
else if ($required_length && strlen($newpwd) < $required_length) {
else if ($check_strength && (!preg_match("/[0-9]/", $newpwd) || !preg_match("/[^A-Za-z0-9]/", $newpwd))) {
$rcmail->output->command('display_message', $this->gettext('passwordweak'), 'error');
}
+ // password is the same as the old one, do nothing, return success
+ else if ($sespwd == $newpwd) {
+ $rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation');
+ }
// try to save the password
else if (!($res = $this->_save($curpwd, $newpwd))) {
$rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation');
- $_SESSION['password'] = $rcmail->encrypt($newpwd);
+
+ // allow additional actions after password change (e.g. reset some backends)
+ $plugin = $rcmail->plugins->exec_hook('password_change', array(
+ 'old_pass' => $curpwd, 'new_pass' => $newpwd));
+
+ // Reset session password
+ $_SESSION['password'] = $rcmail->encrypt($plugin['new_pass']);
+
+ // Log password change
+ if ($rcmail->config->get('password_log')) {
+ write_log('password', sprintf('Password changed for user %s (ID: %d) from %s',
+ $rcmail->user->get_username(), $rcmail->user->ID, rcmail_remote_ip()));
+ }
}
else {
$rcmail->output->command('display_message', $res, 'error');
{
$config = rcmail::get_instance()->config;
$driver = $this->home.'/drivers/'.$config->get('password_driver', 'sql').'.php';
-
+
if (!is_readable($driver)) {
raise_error(array(
'code' => 600,
), true, false);
return $this->gettext('internalerror');
}
-
+
include($driver);
if (!function_exists('password_save')) {
$result = password_save($curpass, $passwd);
if (is_array($result)) {
- $result = $result['code'];
$message = $result['message'];
+ $result = $result['code'];
}
switch ($result) {
}
return $reason;
- }
+ }
}
projects / roundcube.git / blobdiff