aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorcash <cash.costello@gmail.com>2011-10-10 20:51:19 -0400
committercash <cash.costello@gmail.com>2011-10-10 20:51:19 -0400
commit9ae3735028806f886fe0a062b4993f4664f6e216 (patch)
tree3fd2f7077749616d7b8903dcbd38b0b15693489f
parentff75f99e734b6b99da77ba946e953f08a6e81a5b (diff)
downloadelgg-9ae3735028806f886fe0a062b4993f4664f6e216.tar.gz
elgg-9ae3735028806f886fe0a062b4993f4664f6e216.tar.bz2
Fixes #3952 handling exceptions when password checks fail when changing password
-rw-r--r--engine/lib/user_settings.php24
-rw-r--r--languages/en.php1
2 files changed, 18 insertions, 7 deletions
diff --git a/engine/lib/user_settings.php b/engine/lib/user_settings.php
index 7c29e73c1..bb5d8d6c4 100644
--- a/engine/lib/user_settings.php
+++ b/engine/lib/user_settings.php
@@ -36,15 +36,15 @@ function elgg_set_user_password() {
$current_password = get_input('current_password');
$password = get_input('password');
$password2 = get_input('password2');
- $user_id = get_input('guid');
+ $user_guid = get_input('guid');
- if (!$user_id) {
+ if (!$user_guid) {
$user = elgg_get_logged_in_user_entity();
} else {
- $user = get_entity($user_id);
+ $user = get_entity($user_guid);
}
- if (($user) && ($password != "")) {
+ if ($user && $password) {
// let admin user change anyone's password without knowing it except his own.
if (!elgg_is_admin_logged_in() || elgg_is_admin_logged_in() && $user->guid == elgg_get_logged_in_user_guid()) {
$credentials = array(
@@ -52,13 +52,22 @@ function elgg_set_user_password() {
'password' => $current_password
);
- if (!pam_auth_userpass($credentials)) {
- register_error(elgg_echo('user:password:fail:incorrect_current_password'));
+ try {
+ pam_auth_userpass($credentials);
+ } catch (LoginException $e) {
+ register_error(elgg_echo('LoginException:ChangePasswordFailure'));
return false;
}
}
- if (strlen($password) >= 4) {
+ try {
+ $result = validate_password($password);
+ } catch (RegistrationException $e) {
+ register_error($e->getMessage());
+ return false;
+ }
+
+ if ($result) {
if ($password == $password2) {
$user->salt = generate_random_cleartext_password(); // Reset the salt
$user->password = generate_user_password($user, $password);
@@ -78,6 +87,7 @@ function elgg_set_user_password() {
// no change
return null;
}
+
return false;
}
diff --git a/languages/en.php b/languages/en.php
index 3271967ed..5aecf559e 100644
--- a/languages/en.php
+++ b/languages/en.php
@@ -225,6 +225,7 @@ $english = array(
'LoginException:UsernameFailure' => 'We could not log you in. Please check your username and password.',
'LoginException:PasswordFailure' => 'We could not log you in. Please check your username and password.',
'LoginException:AccountLocked' => 'Your account has been locked for too many log in failures.',
+ 'LoginException:ChangePasswordFailure' => 'Failed current password check.',
'memcache:notinstalled' => 'PHP memcache module not installed, you must install php5-memcache',
'memcache:noservers' => 'No memcache servers defined, please populate the $CONFIG->memcache_servers variable',