diff options
| author | cash <cash.costello@gmail.com> | 2011-10-10 20:51:19 -0400 |
|---|---|---|
| committer | cash <cash.costello@gmail.com> | 2011-10-10 20:51:19 -0400 |
| commit | 9ae3735028806f886fe0a062b4993f4664f6e216 (patch) | |
| tree | 3fd2f7077749616d7b8903dcbd38b0b15693489f | |
| parent | ff75f99e734b6b99da77ba946e953f08a6e81a5b (diff) | |
| download | elgg-9ae3735028806f886fe0a062b4993f4664f6e216.tar.gz elgg-9ae3735028806f886fe0a062b4993f4664f6e216.tar.bz2 | |
Fixes #3952 handling exceptions when password checks fail when changing password
| -rw-r--r-- | engine/lib/user_settings.php | 24 | ||||
| -rw-r--r-- | languages/en.php | 1 |
2 files changed, 18 insertions, 7 deletions
diff --git a/engine/lib/user_settings.php b/engine/lib/user_settings.php index 7c29e73c1..bb5d8d6c4 100644 --- a/engine/lib/user_settings.php +++ b/engine/lib/user_settings.php @@ -36,15 +36,15 @@ function elgg_set_user_password() { $current_password = get_input('current_password'); $password = get_input('password'); $password2 = get_input('password2'); - $user_id = get_input('guid'); + $user_guid = get_input('guid'); - if (!$user_id) { + if (!$user_guid) { $user = elgg_get_logged_in_user_entity(); } else { - $user = get_entity($user_id); + $user = get_entity($user_guid); } - if (($user) && ($password != "")) { + if ($user && $password) { // let admin user change anyone's password without knowing it except his own. if (!elgg_is_admin_logged_in() || elgg_is_admin_logged_in() && $user->guid == elgg_get_logged_in_user_guid()) { $credentials = array( @@ -52,13 +52,22 @@ function elgg_set_user_password() { 'password' => $current_password ); - if (!pam_auth_userpass($credentials)) { - register_error(elgg_echo('user:password:fail:incorrect_current_password')); + try { + pam_auth_userpass($credentials); + } catch (LoginException $e) { + register_error(elgg_echo('LoginException:ChangePasswordFailure')); return false; } } - if (strlen($password) >= 4) { + try { + $result = validate_password($password); + } catch (RegistrationException $e) { + register_error($e->getMessage()); + return false; + } + + if ($result) { if ($password == $password2) { $user->salt = generate_random_cleartext_password(); // Reset the salt $user->password = generate_user_password($user, $password); @@ -78,6 +87,7 @@ function elgg_set_user_password() { // no change return null; } + return false; } diff --git a/languages/en.php b/languages/en.php index 3271967ed..5aecf559e 100644 --- a/languages/en.php +++ b/languages/en.php @@ -225,6 +225,7 @@ $english = array( 'LoginException:UsernameFailure' => 'We could not log you in. Please check your username and password.', 'LoginException:PasswordFailure' => 'We could not log you in. Please check your username and password.', 'LoginException:AccountLocked' => 'Your account has been locked for too many log in failures.', + 'LoginException:ChangePasswordFailure' => 'Failed current password check.', 'memcache:notinstalled' => 'PHP memcache module not installed, you must install php5-memcache', 'memcache:noservers' => 'No memcache servers defined, please populate the $CONFIG->memcache_servers variable', |