From 9ae3735028806f886fe0a062b4993f4664f6e216 Mon Sep 17 00:00:00 2001
From: cash <cash.costello@gmail.com>
Date: Mon, 10 Oct 2011 20:51:19 -0400
Subject: Fixes #3952 handling exceptions when password checks fail when
 changing password

---
 engine/lib/user_settings.php | 24 +++++++++++++++++-------
 languages/en.php             |  1 +
 2 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/engine/lib/user_settings.php b/engine/lib/user_settings.php
index 7c29e73c1..bb5d8d6c4 100644
--- a/engine/lib/user_settings.php
+++ b/engine/lib/user_settings.php
@@ -36,15 +36,15 @@ function elgg_set_user_password() {
 	$current_password = get_input('current_password');
 	$password = get_input('password');
 	$password2 = get_input('password2');
-	$user_id = get_input('guid');
+	$user_guid = get_input('guid');
 
-	if (!$user_id) {
+	if (!$user_guid) {
 		$user = elgg_get_logged_in_user_entity();
 	} else {
-		$user = get_entity($user_id);
+		$user = get_entity($user_guid);
 	}
 
-	if (($user) && ($password != "")) {
+	if ($user && $password) {
 		// let admin user change anyone's password without knowing it except his own.
 		if (!elgg_is_admin_logged_in() || elgg_is_admin_logged_in() && $user->guid == elgg_get_logged_in_user_guid()) {
 			$credentials = array(
@@ -52,13 +52,22 @@ function elgg_set_user_password() {
 				'password' => $current_password
 			);
 
-			if (!pam_auth_userpass($credentials)) {
-				register_error(elgg_echo('user:password:fail:incorrect_current_password'));
+			try {
+				pam_auth_userpass($credentials);
+			} catch (LoginException $e) {
+				register_error(elgg_echo('LoginException:ChangePasswordFailure'));
 				return false;
 			}
 		}
 
-		if (strlen($password) >= 4) {
+		try {
+			$result = validate_password($password);
+		} catch (RegistrationException $e) {
+			register_error($e->getMessage());
+			return false;
+		}
+
+		if ($result) {
 			if ($password == $password2) {
 				$user->salt = generate_random_cleartext_password(); // Reset the salt
 				$user->password = generate_user_password($user, $password);
@@ -78,6 +87,7 @@ function elgg_set_user_password() {
 		// no change
 		return null;
 	}
+	
 	return false;
 }
 
diff --git a/languages/en.php b/languages/en.php
index 3271967ed..5aecf559e 100644
--- a/languages/en.php
+++ b/languages/en.php
@@ -225,6 +225,7 @@ $english = array(
 	'LoginException:UsernameFailure' => 'We could not log you in. Please check your username and password.',
 	'LoginException:PasswordFailure' => 'We could not log you in. Please check your username and password.',
 	'LoginException:AccountLocked' => 'Your account has been locked for too many log in failures.',
+	'LoginException:ChangePasswordFailure' => 'Failed current password check.',
 
 	'memcache:notinstalled' => 'PHP memcache module not installed, you must install php5-memcache',
 	'memcache:noservers' => 'No memcache servers defined, please populate the $CONFIG->memcache_servers variable',
-- 
cgit v1.2.3