Changeset 35 for trunk/preferences

Timestamp:

06/29/07 15:18:40 (17 years ago)

Author:

niltonneto

Message:

Melhoria na segurança, na parte de alteração de senha.

Location:

trunk/preferences

Files:

• changepassword.php (modified) (4 diffs)
• index.php (modified) (1 diff)
• setup/phpgw_es-es.lang (modified) (previous)
• setup/phpgw_pt-br.lang (modified) (previous)

trunk/preferences/changepassword.php

@@ -26 +26 @@
         if(!$GLOBALS['phpgw']->acl->check('changepassword', 1) || $_POST['cancel'])
         {
-                $GLOBALS['phpgw']->redirect_link('/preferences/index.php');
+                if ($GLOBALS['phpgw_info']['server']['use_https'] == 1)
+                        Header('Location: http://' . $_SERVER['HTTP_HOST'] . $GLOBALS['phpgw_info']['server']['webserver_url'] . '/preferences/index.php');
+                else
+                        $GLOBALS['phpgw']->redirect_link('/preferences/index.php');
+                
                 $GLOBALS['phpgw']->common->phpgw_exit();
         }
@@ -48 +52 @@
         if ($_POST['change'])
         {
-                if (! $GLOBALS['phpgw']->auth->authenticate($GLOBALS['phpgw_info']['user']['account_lid'], $a_passwd))
-                {
-                        $errors[] = lang('Your actual password is wrong');
-                }
-
-                if ($n_passwd != $n_passwd_2)
-                {
-                        $errors[] = lang('The two passwords are not the same');
-                }
-
-                if (! $n_passwd)
-                {
-                        $errors[] = lang('You must enter a password');
-                }
-                
                 // Default number of letters = 3
                 if (!$GLOBALS['phpgw_info']['server']['num_letters_userpass'])
@@ -69 +58 @@
                 if (!$GLOBALS['phpgw_info']['server']['num_special_letters_userpass'])
                         $GLOBALS['phpgw_info']['server']['num_special_letters_userpass'] = 0;
-
-                if ( strlen( $n_passwd ) < $GLOBALS['phpgw_info']['server']['num_letters_userpass'] )
+                if (! $GLOBALS['phpgw']->auth->authenticate($GLOBALS['phpgw_info']['user']['account_lid'], $a_passwd))
                 {
-                        $errors[] = lang('Your password must contain %1 or more letters', $GLOBALS['phpgw_info']['server']['num_letters_userpass']);
+                        $errors[] = lang('Your actual password is wrong');
                 }
-                
+                else if ($n_passwd != $n_passwd_2)
+                {
+                        $errors[] = lang('The two passwords are not the same');
+                }
+                else if (! $n_passwd)
+                {
+                        $errors[] = lang('You must enter a password');
+                }
+                else if ( strlen( $n_passwd ) < $GLOBALS['phpgw_info']['server']['num_letters_userpass'] )
+                {
+                        $errors[] = lang('Your password must contain %1 or more letters', $GLOBALS['phpgw_info']['server']['num_letters_userpass']);                    
+                }               
                 # password that start with a-Z or 0-9 and contain _.-!@#$%&*+=| will be accepted.
-                if (! ereg ("^([-a-zA-Z0-9_.\-!@#$%&*+=|])*$", $n_passwd ) )
-                {
+                else if (! ereg ("(^[a-zA-Z0-9_.\-\!@#$%&*+=|]*)$", $n_passwd ) )
+                {                       
                         $errors[] = lang('Your password contains characters not allowed');
-                }
-                
+                }               
                 # password must contain 2 special letters, numbers or special characters
-                if (! ereg ("([0-9_.\-!@#$%&*+=|]){".$GLOBALS['phpgw_info']['server']['num_special_letters_userpass'].",}", $n_passwd ) )
+                else if ($GLOBALS['phpgw_info']['server']['num_special_letters_userpass'] && ! ereg ("([0-9_.\-!@#$%&*+=|]){".$GLOBALS['phpgw_info']['server']['num_special_letters_userpass'].",}", $n_passwd ) )
                 {
                         $errors[] = lang('Your password must contain at least %1 numbers or characters special', $GLOBALS['phpgw_info']['server']['num_special_letters_userpass']);
@@ -114 +112 @@
                         $GLOBALS['hook_values']['new_passwd'] = $n_passwd;
                         $GLOBALS['phpgw']->hooks->process('changepassword');
-                        $GLOBALS['phpgw']->redirect_link('/preferences/index.php','cd=18');
+                        
+                        if ($GLOBALS['phpgw_info']['server']['use_https'] == 1)
+                                Header('Location: http://' . $_SERVER['HTTP_HOST'] . $GLOBALS['phpgw_info']['server']['webserver_url'] . '/preferences/index.php');
+                        else
+                                $GLOBALS['phpgw']->redirect_link('/preferences/index.php','cd=18');
                 }
         }

trunk/preferences/index.php

@@ -132 +132 @@
                 while(list($text,$url) = each($file))
                 {
+                        if (($text == 'Change your Password') && ($GLOBALS['phpgw_info']['server']['use_https'] == 1))
+                        {
+                                $url = 'https://' . $_SERVER['HTTP_HOST'] . $GLOBALS['phpgw_info']['server']['webserver_url'] . '/preferences/changepassword.php';
+                        }
                         section_item($url,lang($text));
                 }