fixed: misc: ValidateEmail() buffer overflow
added: notifications for resetting a user's password
(there is no a winix function for this yet)
git-svn-id: svn://ttmath.org/publicrep/winix/trunk@817 e52654a7-88a9-db11-a3e9-0013d4bc506e
This commit is contained in:
@@ -30,13 +30,97 @@ bool Passwd::HasAccess()
|
||||
|
||||
|
||||
|
||||
bool Passwd::ChangePassword(const std::wstring & login, const std::wstring & new_password)
|
||||
bool Passwd::IsPasswordCorrect(const std::wstring & pass, const std::wstring & conf_pass, bool use_ses_log)
|
||||
{
|
||||
up.pass = new_password;
|
||||
system->crypt.PassHashCrypt(up);
|
||||
Error res = db->ChangeUserPass(login, up);
|
||||
if( pass != conf_pass )
|
||||
{
|
||||
log << log2 << "Passwd: passwords are different" << logend;
|
||||
|
||||
return res == WINIX_ERR_OK;
|
||||
if( use_ses_log )
|
||||
slog << logerror << T("adduser_err_passwords_different") << logend;
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
if( pass.size() < config->pass_min_size )
|
||||
{
|
||||
log << log2 << "Passwd: password is too small" << logend;
|
||||
|
||||
if( use_ses_log )
|
||||
slog << logerror << T("adduser_err_password_too_small") << " "
|
||||
<< config->pass_min_size << " " << T("adduser_err_password_too_small2") << logend;
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
if( pass.size() > WINIX_ACCOUNT_MAX_PASSWORD_SIZE )
|
||||
{
|
||||
log << log2 << "Passwd: password can't be longer than: " << WINIX_ACCOUNT_MAX_PASSWORD_SIZE << " characters" << logend;
|
||||
|
||||
if( use_ses_log )
|
||||
slog << logerror << T("adduser_err_password_too_big") << " " << WINIX_ACCOUNT_MAX_PASSWORD_SIZE
|
||||
<< " " << T("adduser_err_password_too_big2") << logend;
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
|
||||
bool Passwd::ChangePassword(long user_id, const std::wstring & new_password)
|
||||
{
|
||||
bool result = false;
|
||||
|
||||
User * puser = system->users.GetUser(user_id);
|
||||
|
||||
if( puser )
|
||||
{
|
||||
up.pass = new_password;
|
||||
system->crypt.PassHashCrypt(up);
|
||||
result = (db->ChangeUserPass(user_id, up) == WINIX_ERR_OK);
|
||||
|
||||
if( result )
|
||||
log << log2 << "Passwd: password for user " << puser->name << " has been changed" << logend;
|
||||
else
|
||||
log << log1 << "Passwd: I cannot change password -- database problem" << logend;
|
||||
}
|
||||
else
|
||||
{
|
||||
log << log1 << "Passwd: there is no a user with id: " << user_id << logend;
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
void Passwd::ChangePassword(User * puser)
|
||||
{
|
||||
long user_id;
|
||||
|
||||
const std::wstring & pass_cur = cur->request->PostVar(L"passwordcur");
|
||||
const std::wstring & pass_new = cur->request->PostVar(L"passwordnew");
|
||||
const std::wstring & pass_conf = cur->request->PostVar(L"passwordconfirm");
|
||||
|
||||
if( !cur->session->puser->super_user && !functions->fun_login.CheckUserPass(puser->name, pass_cur, user_id) )
|
||||
{
|
||||
log << log3 << "Passwd: incorrect current password" << logend;
|
||||
slog << logerror << T("passwd_err_bad_current_password") << logend;
|
||||
return;
|
||||
}
|
||||
|
||||
if( !IsPasswordCorrect(pass_new, pass_conf) )
|
||||
return;
|
||||
|
||||
if( ChangePassword(cur->session->puser->id, pass_new) )
|
||||
{
|
||||
slog << loginfo << T("passwd_password_changed") << logend;
|
||||
system->RedirectToLastItem();
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -49,38 +133,21 @@ return res == WINIX_ERR_OK;
|
||||
*/
|
||||
void Passwd::MakePost()
|
||||
{
|
||||
long user_id;
|
||||
const std::wstring * plogin;
|
||||
|
||||
if( !cur->session->puser )
|
||||
return;
|
||||
|
||||
bool is_root = cur->session->puser->super_user;
|
||||
|
||||
if( is_root )
|
||||
plogin = &cur->request->PostVar(L"login");
|
||||
else
|
||||
plogin = &cur->session->puser->name;
|
||||
|
||||
const std::wstring & pass_cur = cur->request->PostVar(L"passwordcur");
|
||||
const std::wstring & pass_new = cur->request->PostVar(L"passwordnew");
|
||||
const std::wstring & pass_conf = cur->request->PostVar(L"passwordconfirm");
|
||||
|
||||
if( !is_root && !functions->fun_login.CheckUserPass(*plogin, pass_cur, user_id) )
|
||||
if( cur->session->puser )
|
||||
{
|
||||
log << log3 << "Passwd: incorrect current password" << logend;
|
||||
slog << logerror << T("passwd_err_bad_current_password") << logend;
|
||||
return;
|
||||
}
|
||||
if( cur->session->puser->super_user )
|
||||
plogin = &cur->request->PostVar(L"login");
|
||||
else
|
||||
plogin = &cur->session->puser->name;
|
||||
|
||||
if( !functions->fun_adduser.IsPasswordCorrect(pass_new, pass_conf) )
|
||||
return;
|
||||
User * puser = system->users.GetUser(*plogin);
|
||||
|
||||
if( ChangePassword(*plogin, pass_new) )
|
||||
{
|
||||
log << log2 << "Passwd: password for " << plogin << " has been changed" << logend;
|
||||
slog << loginfo << T("passwd_password_changed") << logend;
|
||||
system->RedirectToLastItem();
|
||||
if( puser )
|
||||
ChangePassword(puser);
|
||||
else
|
||||
log << log1 << "Passwd: there is no such a user: " << *plogin << logend;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user