forked from extern/egroupware
applied security relevant patch from nikolaus.jeremic-at-pro-inform.de: checking old password before changeing for a regular user
This commit is contained in:
parent
31fe84bd6f
commit
0ac70368cc
@ -22,6 +22,7 @@
|
|||||||
|
|
||||||
$n_passwd = $_POST['n_passwd'];
|
$n_passwd = $_POST['n_passwd'];
|
||||||
$n_passwd_2 = $_POST['n_passwd_2'];
|
$n_passwd_2 = $_POST['n_passwd_2'];
|
||||||
|
$o_passwd_2 = $_POST['o_passwd_2'];
|
||||||
|
|
||||||
if(!$GLOBALS['phpgw']->acl->check('changepassword', 1) || $_POST['cancel'])
|
if(!$GLOBALS['phpgw']->acl->check('changepassword', 1) || $_POST['cancel'])
|
||||||
{
|
{
|
||||||
@ -34,6 +35,7 @@
|
|||||||
));
|
));
|
||||||
$GLOBALS['phpgw']->template->set_var('lang_enter_password',lang('Enter your new password'));
|
$GLOBALS['phpgw']->template->set_var('lang_enter_password',lang('Enter your new password'));
|
||||||
$GLOBALS['phpgw']->template->set_var('lang_reenter_password',lang('Re-enter your password'));
|
$GLOBALS['phpgw']->template->set_var('lang_reenter_password',lang('Re-enter your password'));
|
||||||
|
$GLOBALS['phpgw']->template->set_var('lang_enter_old_password',lang('Enter your old password'));
|
||||||
$GLOBALS['phpgw']->template->set_var('lang_change',lang('Change'));
|
$GLOBALS['phpgw']->template->set_var('lang_change',lang('Change'));
|
||||||
$GLOBALS['phpgw']->template->set_var('lang_cancel',lang('Cancel'));
|
$GLOBALS['phpgw']->template->set_var('lang_cancel',lang('Cancel'));
|
||||||
$GLOBALS['phpgw']->template->set_var('form_action',$GLOBALS['phpgw']->link('/preferences/changepassword.php'));
|
$GLOBALS['phpgw']->template->set_var('form_action',$GLOBALS['phpgw']->link('/preferences/changepassword.php'));
|
||||||
@ -46,6 +48,13 @@
|
|||||||
|
|
||||||
if ($_POST['change'])
|
if ($_POST['change'])
|
||||||
{
|
{
|
||||||
|
$o_passwd = $GLOBALS['phpgw_info']['user']['passwd'];
|
||||||
|
|
||||||
|
if ($o_passwd != $o_passwd_2)
|
||||||
|
{
|
||||||
|
$errors[] = lang('The old password is not correct');
|
||||||
|
}
|
||||||
|
|
||||||
if ($n_passwd != $n_passwd_2)
|
if ($n_passwd != $n_passwd_2)
|
||||||
{
|
{
|
||||||
$errors[] = lang('The two passwords are not the same');
|
$errors[] = lang('The two passwords are not the same');
|
||||||
@ -65,7 +74,6 @@
|
|||||||
$GLOBALS['phpgw']->common->phpgw_exit(True);
|
$GLOBALS['phpgw']->common->phpgw_exit(True);
|
||||||
}
|
}
|
||||||
|
|
||||||
$o_passwd = $GLOBALS['phpgw_info']['user']['passwd'];
|
|
||||||
$passwd_changed = $GLOBALS['phpgw']->auth->change_password($o_passwd, $n_passwd);
|
$passwd_changed = $GLOBALS['phpgw']->auth->change_password($o_passwd, $n_passwd);
|
||||||
if(!$passwd_changed)
|
if(!$passwd_changed)
|
||||||
{
|
{
|
||||||
@ -83,7 +91,11 @@
|
|||||||
$GLOBALS['hook_values']['account_id'] = $GLOBALS['phpgw_info']['user']['account_id'];
|
$GLOBALS['hook_values']['account_id'] = $GLOBALS['phpgw_info']['user']['account_id'];
|
||||||
$GLOBALS['hook_values']['old_passwd'] = $o_passwd;
|
$GLOBALS['hook_values']['old_passwd'] = $o_passwd;
|
||||||
$GLOBALS['hook_values']['new_passwd'] = $n_passwd;
|
$GLOBALS['hook_values']['new_passwd'] = $n_passwd;
|
||||||
$GLOBALS['phpgw']->hooks->process('changepassword');
|
|
||||||
|
// called for every app now, not only for the ones enabled for the user
|
||||||
|
$GLOBALS['phpgw']->hooks->process($GLOBALS['hook_values']+array(
|
||||||
|
'location' => 'changepassword',
|
||||||
|
),False,True);
|
||||||
$GLOBALS['phpgw']->redirect_link('/preferences/index.php','cd=18');
|
$GLOBALS['phpgw']->redirect_link('/preferences/index.php','cd=18');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -25,6 +25,7 @@ disable the execution a bugfixscript for internet explorer 5.5 and higher to sho
|
|||||||
do you prefer a 24 hour time format, or a 12 hour one with am/pm attached. preferences de Bevorzugen Sie ein 24 Stunden Zeitformat oder 12 Stunden mit angehängtem Vor-/Nachmittag.
|
do you prefer a 24 hour time format, or a 12 hour one with am/pm attached. preferences de Bevorzugen Sie ein 24 Stunden Zeitformat oder 12 Stunden mit angehängtem Vor-/Nachmittag.
|
||||||
edit custom fields preferences de Benutzerdefinierte Felder editieren
|
edit custom fields preferences de Benutzerdefinierte Felder editieren
|
||||||
enter your new password preferences de Neues Passwort eingeben
|
enter your new password preferences de Neues Passwort eingeben
|
||||||
|
enter your old password preferences de Altes Passwort eingeben
|
||||||
error: there was a problem finding the preference file for %1 in %2 preferences de Fehler: Es gab ein Problem, die Einstellungen für %1 in %2 zu finden
|
error: there was a problem finding the preference file for %1 in %2 preferences de Fehler: Es gab ein Problem, die Einstellungen für %1 in %2 zu finden
|
||||||
failed to change password. please contact your administrator. preferences de Passwortänderung fehlgeschlagen. Bitte kontaktieren Sie Ihren Administrator!
|
failed to change password. please contact your administrator. preferences de Passwortänderung fehlgeschlagen. Bitte kontaktieren Sie Ihren Administrator!
|
||||||
forced preferences preferences de Erzwungene Einstellungen
|
forced preferences preferences de Erzwungene Einstellungen
|
||||||
@ -66,6 +67,7 @@ show text on navigation icons preferences de Text zu Icons in der Navigationslei
|
|||||||
show_more_apps common de Mehr Anwendungen anzeigen
|
show_more_apps common de Mehr Anwendungen anzeigen
|
||||||
text only preferences de nur Text
|
text only preferences de nur Text
|
||||||
the default application will be started when you enter phpgroupware or click on the homepage icon.<br>you can also have more than one application showing up on the homepage, if you don't choose a specific application here (has to be configured in the preferences of each application). preferences de Diese Anwendung wird gestartet, wenn sie phpGroupWare neu starten oder auf das Symbol der Startseite klicken. Sie können auch mehrere Anwendungen auf Ihrer Startseite anzeigen, dazu wählen sie keine Anwendung aus. Welche Anwendungen dann angezeigt werden, wird in den Einstellungen der jeweiligen Anwendungen konfiguriert.
|
the default application will be started when you enter phpgroupware or click on the homepage icon.<br>you can also have more than one application showing up on the homepage, if you don't choose a specific application here (has to be configured in the preferences of each application). preferences de Diese Anwendung wird gestartet, wenn sie phpGroupWare neu starten oder auf das Symbol der Startseite klicken. Sie können auch mehrere Anwendungen auf Ihrer Startseite anzeigen, dazu wählen sie keine Anwendung aus. Welche Anwendungen dann angezeigt werden, wird in den Einstellungen der jeweiligen Anwendungen konfiguriert.
|
||||||
|
the old password is not correct preferences de Das alte Passwort ist nicht korrekt
|
||||||
the selectbox shows all available users (can be very slow on big installs with many users). the popup can search users by name or group. preferences de Das Auswahlfeld zeigt alle verfügbaren Benutzer (kann sehr langsam sein bei großen Installationen mit vielen Benutzern). Das Popup ist ein extra Fenster, in dem nach Namen oder Gruppen gesucht werden kann.
|
the selectbox shows all available users (can be very slow on big installs with many users). the popup can search users by name or group. preferences de Das Auswahlfeld zeigt alle verfügbaren Benutzer (kann sehr langsam sein bei großen Installationen mit vielen Benutzern). Das Popup ist ein extra Fenster, in dem nach Namen oder Gruppen gesucht werden kann.
|
||||||
the two passwords are not the same preferences de Die beiden Passworte sind nicht identisch
|
the two passwords are not the same preferences de Die beiden Passworte sind nicht identisch
|
||||||
theme (colors/fonts) selection preferences de Auswahl des Themas (Farben/Schriften)
|
theme (colors/fonts) selection preferences de Auswahl des Themas (Farben/Schriften)
|
||||||
|
@ -22,6 +22,7 @@ description can not exceed 255 characters in length ! preferences en Description
|
|||||||
do you prefer a 24 hour time format, or a 12 hour one with am/pm attached. preferences en Do you prefer a 24 hour time format, or a 12 hour one with am/pm attached.
|
do you prefer a 24 hour time format, or a 12 hour one with am/pm attached. preferences en Do you prefer a 24 hour time format, or a 12 hour one with am/pm attached.
|
||||||
edit custom fields preferences en edit custom fields
|
edit custom fields preferences en edit custom fields
|
||||||
enter your new password preferences en Enter your new password
|
enter your new password preferences en Enter your new password
|
||||||
|
enter your old password preferences en Enter your old password
|
||||||
error: there was a problem finding the preference file for %1 in %2 preferences en Error: There was a problem finding the preference file for %1 in %2
|
error: there was a problem finding the preference file for %1 in %2 preferences en Error: There was a problem finding the preference file for %1 in %2
|
||||||
failed to change password. please contact your administrator. preferences en Failed to change password. Please contact your administrator.
|
failed to change password. please contact your administrator. preferences en Failed to change password. Please contact your administrator.
|
||||||
forced preferences preferences en Forced Preferences
|
forced preferences preferences en Forced Preferences
|
||||||
@ -60,6 +61,7 @@ show text on navigation icons preferences en Show text on navigation icons
|
|||||||
show_more_apps common en Show More Applications
|
show_more_apps common en Show More Applications
|
||||||
text only preferences en Text only
|
text only preferences en Text only
|
||||||
the default application will be started when you enter phpgroupware or click on the homepage icon.<br>you can also have more than one application showing up on the homepage, if you don't choose a specific application here (has to be configured in the preferences of each application). preferences en The default application will be started when you enter eGroupWare or click on the homepage icon.<br>You can also have more than one application showing up on the homepage, if you don't choose a specific application here (has to be configured in the preferences of each application).
|
the default application will be started when you enter phpgroupware or click on the homepage icon.<br>you can also have more than one application showing up on the homepage, if you don't choose a specific application here (has to be configured in the preferences of each application). preferences en The default application will be started when you enter eGroupWare or click on the homepage icon.<br>You can also have more than one application showing up on the homepage, if you don't choose a specific application here (has to be configured in the preferences of each application).
|
||||||
|
the old password is not correct preferences en The old password is not correct
|
||||||
the selectbox shows all available users (can be very slow on big installs with many users). the popup can search users by name or group. preferences en The selectbox shows all available users (can be very slow on big installs with many users). The popup can search users by name or group.
|
the selectbox shows all available users (can be very slow on big installs with many users). the popup can search users by name or group. preferences en The selectbox shows all available users (can be very slow on big installs with many users). The popup can search users by name or group.
|
||||||
the two passwords are not the same preferences en The two passwords are not the same
|
the two passwords are not the same preferences en The two passwords are not the same
|
||||||
theme (colors/fonts) selection preferences en Theme (colors/fonts) Selection
|
theme (colors/fonts) selection preferences en Theme (colors/fonts) Selection
|
||||||
|
42
preferences/templates/default/changepassword.tpl
Normal file
42
preferences/templates/default/changepassword.tpl
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
<br>
|
||||||
|
|
||||||
|
<center>{messages}</center>
|
||||||
|
|
||||||
|
<form method="POST" action="{form_action}">
|
||||||
|
<table border="0">
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
{lang_enter_old_password}
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<input type="password" name="o_passwd_2">
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
{lang_enter_password}
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<input type="password" name="n_passwd">
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
{lang_reenter_password}
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<input type="password" name="n_passwd_2">
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td colspan="2">
|
||||||
|
<table cellspacing="5"><tr>
|
||||||
|
<td><input type="submit" name="change" value="{lang_change}"></td>
|
||||||
|
<td><input type="submit" name="cancel" value="{lang_cancel}"></td>
|
||||||
|
</tr></table>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
</table>
|
||||||
|
</form>
|
||||||
|
<br>
|
||||||
|
<pre>{sql_message}</pre>
|
Loading…
Reference in New Issue
Block a user