aboutsummaryrefslogtreecommitdiff
path: root/engine/lib/user_settings.php
diff options
context:
space:
mode:
authorcash <cash.costello@gmail.com>2011-10-10 20:51:19 -0400
committercash <cash.costello@gmail.com>2011-10-10 20:51:19 -0400
commit9ae3735028806f886fe0a062b4993f4664f6e216 (patch)
tree3fd2f7077749616d7b8903dcbd38b0b15693489f /engine/lib/user_settings.php
parentff75f99e734b6b99da77ba946e953f08a6e81a5b (diff)
downloadelgg-9ae3735028806f886fe0a062b4993f4664f6e216.tar.gz
elgg-9ae3735028806f886fe0a062b4993f4664f6e216.tar.bz2
Fixes #3952 handling exceptions when password checks fail when changing password
Diffstat (limited to 'engine/lib/user_settings.php')
-rw-r--r--engine/lib/user_settings.php24
1 files changed, 17 insertions, 7 deletions
diff --git a/engine/lib/user_settings.php b/engine/lib/user_settings.php
index 7c29e73c1..bb5d8d6c4 100644
--- a/engine/lib/user_settings.php
+++ b/engine/lib/user_settings.php
@@ -36,15 +36,15 @@ function elgg_set_user_password() {
$current_password = get_input('current_password');
$password = get_input('password');
$password2 = get_input('password2');
- $user_id = get_input('guid');
+ $user_guid = get_input('guid');
- if (!$user_id) {
+ if (!$user_guid) {
$user = elgg_get_logged_in_user_entity();
} else {
- $user = get_entity($user_id);
+ $user = get_entity($user_guid);
}
- if (($user) && ($password != "")) {
+ if ($user && $password) {
// let admin user change anyone's password without knowing it except his own.
if (!elgg_is_admin_logged_in() || elgg_is_admin_logged_in() && $user->guid == elgg_get_logged_in_user_guid()) {
$credentials = array(
@@ -52,13 +52,22 @@ function elgg_set_user_password() {
'password' => $current_password
);
- if (!pam_auth_userpass($credentials)) {
- register_error(elgg_echo('user:password:fail:incorrect_current_password'));
+ try {
+ pam_auth_userpass($credentials);
+ } catch (LoginException $e) {
+ register_error(elgg_echo('LoginException:ChangePasswordFailure'));
return false;
}
}
- if (strlen($password) >= 4) {
+ try {
+ $result = validate_password($password);
+ } catch (RegistrationException $e) {
+ register_error($e->getMessage());
+ return false;
+ }
+
+ if ($result) {
if ($password == $password2) {
$user->salt = generate_random_cleartext_password(); // Reset the salt
$user->password = generate_user_password($user, $password);
@@ -78,6 +87,7 @@ function elgg_set_user_password() {
// no change
return null;
}
+
return false;
}