Changeset 2659

Timestamp:

02/01/10 23:13:31 (6 weeks ago)

Author:

benjamin

Message:

password policy enforcment for alternc accounts password change

Location:

alternc/trunk/bureau/class

Files:

• m_admin.php (modified) (2 diffs)
• m_mem.php (modified) (2 diffs)

alternc/trunk/bureau/class/m_admin.php

@@ -827 +827 @@
   function dom_list() {
     global $db;
-    $db->query("SELECT m.uid,m.login,d.domaine,d.gesdns,d.gesmx,d.noerase FROM domaines d LEFT JOIN membres m ON m.uid=d.compte ORDER BY domaine;");
+    $db->query("SELECT m.login,d.domaine,d.gesdns,d.gesmx,d.noerase FROM domaines d LEFT JOIN membres m ON m.uid=d.compte ORDER BY domaine;");
     while ($db->next_record()) {
       $c[]=$db->Record;
@@ -1132 +1132 @@
       $logins[]=$login;
       foreach($logins as $l) {
-        if (strpos($l,$password)!==false) {
+        if (strpos($password,$l)!==false) {
           $err->raise("admin",17);
           return false;

alternc/trunk/bureau/class/m_mem.php

@@ -291 +291 @@
    */
   function passwd($oldpass,$newpass,$newpass2) {
-    global $db,$err,$cuid;
+    global $db,$err,$cuid,$admin;
     $err->log("mem","passwd");
     $oldpass=stripslashes($oldpass);
@@ -311 +311 @@
       $err->raise("mem",8);
       return false;
+    }
+    $db->query("SELECT login FROM membres WHERE uid='$cuid';");   
+    $db->next_record();
+    $login=$db->Record["login"];
+    if (!$admin->checkPolicy("mem",$login,$newpass)) {
+      return false; // The error has been raised by checkPolicy()
     }
     $newpass=_md5cr($newpass);