- added server side password inconsistency check

alecpl

2009-09-19 0dd842dbf5a63af81fc2abfc884dd9889e59b269

- added server side password inconsistency check

 plugins/password/password.js

@@ -25,7 +25,7 @@
      } else if (input_confpasswd && input_confpasswd.value=='') {
          alert(rcmail.gettext('nopassword', 'password'));
          input_confpasswd.focus();
      } else if ((input_newpasswd && input_confpasswd) && (input_newpasswd.value != input_confpasswd.value)) {
      } else if (input_newpasswd && input_confpasswd && input_newpasswd.value != input_confpasswd.value) {
          alert(rcmail.gettext('passwordinconsistency', 'password'));
          input_newpasswd.focus();
      } else {

 plugins/password/password.php

@@ -89,8 +89,12 @@

      $curpwd = get_input_value('_curpasswd', RCUBE_INPUT_POST);
      $newpwd = get_input_value('_newpasswd', RCUBE_INPUT_POST);
      $conpwd = get_input_value('_confpasswd', RCUBE_INPUT_POST);

      if ($confirm && $rcmail->decrypt($_SESSION['password']) != $curpwd) {
      if ($conpwd != $newpwd) {
        $rcmail->output->command('display_message', $this->gettext('passwordinconsistency'), 'error');
      }
      else if ($confirm && $rcmail->decrypt($_SESSION['password']) != $curpwd) {
        $rcmail->output->command('display_message', $this->gettext('passwordincorrect'), 'error');
      }
      else if ($required_length && strlen($newpwd) < $required_length) {
@@ -103,7 +107,8 @@
      else if (!($res = $this->_save($curpwd,$newpwd))) {
        $rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation');
        $_SESSION['password'] = $rcmail->encrypt($newpwd);
      } else
      }
      else
        $rcmail->output->command('display_message', $res, 'error');
    }