From 1f13677bc1f88a9a263d479dbd69432c3a01cc49 Mon Sep 17 00:00:00 2001
From: Steven Mondji-Lerider <squidly@nnx.com>
Date: Mon, 10 Sep 2012 09:00:17 +0000
Subject: [PATCH] Allowing only Letters and numberes on sql password

---
 bureau/admin/sql_users_dopassword.php | 9 ++++++---
 bureau/class/m_mysql.php              | 4 ++++
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/bureau/admin/sql_users_dopassword.php b/bureau/admin/sql_users_dopassword.php
index f6998609..86e2130f 100644
--- a/bureau/admin/sql_users_dopassword.php
+++ b/bureau/admin/sql_users_dopassword.php
@@ -36,7 +36,10 @@ $fields = array (
 getFields($fields);
 
 $mysql->change_user_password($id,$password,$passwordconf);
-
-include("sql_users_list.php");
-
+$error=$err->errstr();
+if(isset($error) && $error){
+  include("sql_users_password.php");
+}else{
+  include("sql_users_list.php");
+}
 ?>
diff --git a/bureau/class/m_mysql.php b/bureau/class/m_mysql.php
index 9e0a01f0..ce2d24f6 100644
--- a/bureau/class/m_mysql.php
+++ b/bureau/class/m_mysql.php
@@ -696,6 +696,10 @@ class m_mysql {
 
     $usern=trim($usern);
     $user=addslashes($usern);
+    if(!preg_match("#^[0-9a-zA-Z_]*$#",$password)) {
+      $err->raise("mysql",_("Database password can contain only letters numbers and underscore."));
+      return false;
+    }
     $pass=addslashes($password);
     if ($password != $passconf || !$password) {
       $err->raise("mysql",_("The passwords do not match."));