Save new password even if it has not changed
I have recently changed the password scheme of my Dovecot/Postfix/Roundcube installation. New passwords are encrypted stronger than before. It is not possible to automatically update existing passwords (because the old encryption is not so bad that I can easily crack it). But I'd like to tell my users that they can upgrade to the new password scheme by simply submitting the "change password" form with their old password in all three input fields. Currently a minor optimization prevents this. I think this minor optimization should be removed.
| | |
|---|
| | | else if ($check_strength && (!preg_match("/[0-9]/", $newpwd) || !preg_match("/[^A-Za-z0-9]/", $newpwd))) { |
|---|
| | | $rcmail->output->command('display_message', $this->gettext('passwordweak'), 'error'); |
|---|
| | | } |
|---|
| | | // password is the same as the old one, do nothing, return success |
|---|
| | | else if ($sespwd == $newpwd) { |
|---|
| | | $rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation'); |
|---|
| | | } |
|---|
| | | // try to save the password |
|---|
| | | else if (!($res = $this->_save($curpwd, $newpwd))) { |
|---|
| | | $rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation'); |
|---|
