diff options
author | cash <cash.costello@gmail.com> | 2011-10-10 20:51:19 -0400 |
---|---|---|
committer | cash <cash.costello@gmail.com> | 2011-10-10 20:51:19 -0400 |
commit | 9ae3735028806f886fe0a062b4993f4664f6e216 (patch) | |
tree | 3fd2f7077749616d7b8903dcbd38b0b15693489f /engine | |
parent | ff75f99e734b6b99da77ba946e953f08a6e81a5b (diff) | |
download | elgg-9ae3735028806f886fe0a062b4993f4664f6e216.tar.gz elgg-9ae3735028806f886fe0a062b4993f4664f6e216.tar.bz2 |
Fixes #3952 handling exceptions when password checks fail when changing password
Diffstat (limited to 'engine')
-rw-r--r-- | engine/lib/user_settings.php | 24 |
1 files changed, 17 insertions, 7 deletions
diff --git a/engine/lib/user_settings.php b/engine/lib/user_settings.php index 7c29e73c1..bb5d8d6c4 100644 --- a/engine/lib/user_settings.php +++ b/engine/lib/user_settings.php @@ -36,15 +36,15 @@ function elgg_set_user_password() { $current_password = get_input('current_password'); $password = get_input('password'); $password2 = get_input('password2'); - $user_id = get_input('guid'); + $user_guid = get_input('guid'); - if (!$user_id) { + if (!$user_guid) { $user = elgg_get_logged_in_user_entity(); } else { - $user = get_entity($user_id); + $user = get_entity($user_guid); } - if (($user) && ($password != "")) { + if ($user && $password) { // let admin user change anyone's password without knowing it except his own. if (!elgg_is_admin_logged_in() || elgg_is_admin_logged_in() && $user->guid == elgg_get_logged_in_user_guid()) { $credentials = array( @@ -52,13 +52,22 @@ function elgg_set_user_password() { 'password' => $current_password ); - if (!pam_auth_userpass($credentials)) { - register_error(elgg_echo('user:password:fail:incorrect_current_password')); + try { + pam_auth_userpass($credentials); + } catch (LoginException $e) { + register_error(elgg_echo('LoginException:ChangePasswordFailure')); return false; } } - if (strlen($password) >= 4) { + try { + $result = validate_password($password); + } catch (RegistrationException $e) { + register_error($e->getMessage()); + return false; + } + + if ($result) { if ($password == $password2) { $user->salt = generate_random_cleartext_password(); // Reset the salt $user->password = generate_user_password($user, $password); @@ -78,6 +87,7 @@ function elgg_set_user_password() { // no change return null; } + return false; } |