model/UserHandler.php: fix verifying old password in change_pw()

- if you want to verify the old password, you should compare it against the OLD and not the NEW password ;-) - fix database calls In other words: changing the password in users/password.php works again ;-) users/password.php: - switch from obsolete change_pass() to change_pw() git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@916 a1433add-5e2c-0410-b055-b7f2511e0802
14 years ago · 9c5084af04
parent 8e62ef1630
commit 9c5084af04
2 changed files with 7 additions and 6 deletions
--- a/model/UserHandler.php
+++ b/model/UserHandler.php
@ -38,10 +38,11 @@ class UserHandler {

        if ($match == true) {
                $active = db_get_boolean(True);
-                $result = db_query("SELECT * FROM $table_mailbox WHERE username='$username' AND active='$active'");
-                $result = $result['result'];
-                if ($new_db_password != $result['password']) { # TODO: comparison might fail because pacrypt() didn't know the salt above (separate pacrypt call?)
-                      db_log ('CONSOLE', $domain, 'edit_password', "FAILURE: " . $this->username); # TODO: replace hardcoded CONSOLE - class is used by XMLRPC and users/  
+                $result = db_query("SELECT password FROM $table_mailbox WHERE username='$username' AND active='$active'");
+                $result = db_assoc($result['result']);
+
+                if (pacrypt($old_password, $result['password']) != $result['password']) {
+                      db_log ('CONSOLE', $domain, 'edit_password', "MATCH FAILURE: " . $this->username); # TODO: replace hardcoded CONSOLE - class is used by XMLRPC and users/  
                      $this->errormsg[] = 'Passwords do not match'; # TODO: make translatable
                      return false;
                }
--- a/users/password.php
+++ b/users/password.php
@ -61,7 +61,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
    if ($error == 0)
    {
        $uh = new UserHandler($username);
-        if($uh->change_pass($fPassword_current, $fPassword)) {
+        if($uh->change_pw($fPassword, $fPassword_current) ) {
            flash_info($PALANG['pPassword_result_success']);
            header("Location: main.php");
            exit(0);