SF.net SVN: postfixadmin:[916] trunk

[<chr...@us...>]

Revision: 916
          http://postfixadmin.svn.sourceforge.net/postfixadmin/?rev=916&view=rev
Author:   christian_boltz
Date:     2010-12-26 20:35:00 +0000 (Sun, 26 Dec 2010)

Log Message:
-----------
model/UserHandler.php: fix verifying old password in change_pw()

- if you want to verify the old password, you should compare it against 
  the OLD and not the NEW password ;-)
- fix database calls

In other words: changing the password in users/password.php works again ;-)

users/password.php:
- switch from obsolete change_pass() to change_pw()

Modified Paths:
--------------
    trunk/model/UserHandler.php
    trunk/users/password.php

Modified: trunk/model/UserHandler.php
===================================================================
--- trunk/model/UserHandler.php	2010-12-26 19:48:10 UTC (rev 915)
+++ trunk/model/UserHandler.php	2010-12-26 20:35:00 UTC (rev 916)
@@ -38,10 +38,11 @@
 
         if ($match == true) {
                 $active = db_get_boolean(True);
-                $result = db_query("SELECT * FROM $table_mailbox WHERE username='$username' AND active='$active'");
-                $result = $result['result'];
-                if ($new_db_password != $result['password']) { # TODO: comparison might fail because pacrypt() didn't know the salt above (separate pacrypt call?)
-                      db_log ('CONSOLE', $domain, 'edit_password', "FAILURE: " . $this->username); # TODO: replace hardcoded CONSOLE - class is used by XMLRPC and users/  
+                $result = db_query("SELECT password FROM $table_mailbox WHERE username='$username' AND active='$active'");
+                $result = db_assoc($result['result']);
+
+                if (pacrypt($old_password, $result['password']) != $result['password']) {
+                      db_log ('CONSOLE', $domain, 'edit_password', "MATCH FAILURE: " . $this->username); # TODO: replace hardcoded CONSOLE - class is used by XMLRPC and users/  
                       $this->errormsg[] = 'Passwords do not match'; # TODO: make translatable
                       return false;
                 }
@@ -50,7 +51,7 @@
         $set = array(
                 'password' => $new_db_password
         );
-        
+
         $result = db_update('mailbox', 'username=\''.$username.'\'', $set );
 
         if ($result != 1) {

Modified: trunk/users/password.php
===================================================================
--- trunk/users/password.php	2010-12-26 19:48:10 UTC (rev 915)
+++ trunk/users/password.php	2010-12-26 20:35:00 UTC (rev 916)
@@ -61,7 +61,7 @@
     if ($error == 0)
     {
         $uh = new UserHandler($username);
-        if($uh->change_pass($fPassword_current, $fPassword)) {
+        if($uh->change_pw($fPassword, $fPassword_current) ) {
             flash_info($PALANG['pPassword_result_success']);
             header("Location: main.php");
             exit(0);


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.