From 4a87e43bf817bce488716fb174170628341ba29d Mon Sep 17 00:00:00 2001 From: Benjamin Sonntag Date: Mon, 1 Feb 2010 22:13:31 +0000 Subject: [PATCH] password policy enforcment for alternc accounts password change --- bureau/class/m_admin.php | 4 ++-- bureau/class/m_mem.php | 8 +++++++- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/bureau/class/m_admin.php b/bureau/class/m_admin.php index b2791e2b..5c04f27d 100644 --- a/bureau/class/m_admin.php +++ b/bureau/class/m_admin.php @@ -826,7 +826,7 @@ EOF; */ function dom_list() { global $db; - $db->query("SELECT m.uid,m.login,d.domaine,d.gesdns,d.gesmx,d.noerase FROM domaines d LEFT JOIN membres m ON m.uid=d.compte ORDER BY domaine;"); + $db->query("SELECT m.login,d.domaine,d.gesdns,d.gesmx,d.noerase FROM domaines d LEFT JOIN membres m ON m.uid=d.compte ORDER BY domaine;"); while ($db->next_record()) { $c[]=$db->Record; } @@ -1131,7 +1131,7 @@ EOF; $logins=explode("@",$login); $logins[]=$login; foreach($logins as $l) { - if (strpos($l,$password)!==false) { + if (strpos($password,$l)!==false) { $err->raise("admin",17); return false; } diff --git a/bureau/class/m_mem.php b/bureau/class/m_mem.php index 5d75627c..e39762af 100644 --- a/bureau/class/m_mem.php +++ b/bureau/class/m_mem.php @@ -290,7 +290,7 @@ class m_mem { * @return boolean TRUE si le mot de passe a été changé, FALSE sinon. */ function passwd($oldpass,$newpass,$newpass2) { - global $db,$err,$cuid; + global $db,$err,$cuid,$admin; $err->log("mem","passwd"); $oldpass=stripslashes($oldpass); $newpass=stripslashes($newpass); @@ -311,6 +311,12 @@ class m_mem { $err->raise("mem",8); return false; } + $db->query("SELECT login FROM membres WHERE uid='$cuid';"); + $db->next_record(); + $login=$db->Record["login"]; + if (!$admin->checkPolicy("mem",$login,$newpass)) { + return false; // The error has been raised by checkPolicy() + } $newpass=_md5cr($newpass); $db->query("UPDATE membres SET pass='$newpass' WHERE uid='$cuid';"); $err->error=0;