banananetwork
/
postfixadmin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

model/UserHandler.php: fix verifying old password in change_pw()

Browse Source 
- if you want to verify the old password, you should compare it against 
  the OLD and not the NEW password ;-)
- fix database calls

In other words: changing the password in users/password.php works again ;-)

users/password.php:
- switch from obsolete change_pass() to change_pw()



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@916 a1433add-5e2c-0410-b055-b7f2511e0802
pull/2/head
Christian Boltz 15 years ago
parent 8e62ef1630
commit 9c5084af04
2 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File

11
model/UserHandler.php
Unescape Escape View File

@ -38,10 +38,11 @@ class UserHandler {
if ($match == true) { if ($match == true) {
$active = db_get_boolean(True); $active = db_get_boolean(True);
$result = db_query("SELECT * FROM $table_mailbox WHERE username='$username' AND active='$active'"); $result = db_query("SELECT password FROM $table_mailbox WHERE username='$username' AND active='$active'");
$result = $result['result']; $result = db_assoc($result['result']);
if ($new_db_password != $result['password']) { # TODO: comparison might fail because pacrypt() didn't know the salt above (separate pacrypt call?)
db_log ('CONSOLE', $domain, 'edit_password', "FAILURE: " . $this->username); # TODO: replace hardcoded CONSOLE - class is used by XMLRPC and users/ if (pacrypt($old_password, $result['password']) != $result['password']) {
db_log ('CONSOLE', $domain, 'edit_password', "MATCH FAILURE: " . $this->username); # TODO: replace hardcoded CONSOLE - class is used by XMLRPC and users/
$this->errormsg[] = 'Passwords do not match'; # TODO: make translatable $this->errormsg[] = 'Passwords do not match'; # TODO: make translatable
return false; return false;
} }
@ -50,7 +51,7 @@ class UserHandler {
$set = array( $set = array(
'password' => $new_db_password 'password' => $new_db_password
); );
$result = db_update('mailbox', 'username=\''.$username.'\'', $set ); $result = db_update('mailbox', 'username=\''.$username.'\'', $set );
if ($result != 1) { if ($result != 1) {

2
users/password.php
Unescape Escape View File

@ -61,7 +61,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
if ($error == 0) if ($error == 0)
{ {
$uh = new UserHandler($username); $uh = new UserHandler($username);
if($uh->change_pass($fPassword_current, $fPassword)) { if($uh->change_pw($fPassword, $fPassword_current) ) {
flash_info($PALANG['pPassword_result_success']); flash_info($PALANG['pPassword_result_success']);
header("Location: main.php"); header("Location: main.php");
exit(0); exit(0);

Write Preview
Loading…
Cancel
Save