diff options
| author | Mark Wells <mark@freeside.biz> | 2015-11-12 16:49:39 -0800 |
|---|---|---|
| committer | Mark Wells <mark@freeside.biz> | 2015-11-12 16:49:39 -0800 |
| commit | c44432a5f0f1c1841ff8b50e734a30bd9aeef945 (patch) | |
| tree | a40fb51c58d18a5b18794a882a12173acdc8e057 /httemplate/edit | |
| parent | bc4c63e61b2113088d164dc86ebca429e219fc0b (diff) | |
limit password reuse, core and svc_acct, #29354
Diffstat (limited to 'httemplate/edit')
| -rwxr-xr-x | httemplate/edit/process/svc_acct.cgi | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/httemplate/edit/process/svc_acct.cgi b/httemplate/edit/process/svc_acct.cgi index 9cac2c568..d75ff92c1 100755 --- a/httemplate/edit/process/svc_acct.cgi +++ b/httemplate/edit/process/svc_acct.cgi @@ -81,7 +81,12 @@ if ( $cgi->param('clear_password') eq '*HIDDEN*' || $cgi->param('clear_password') =~ /^\(.* encrypted\)$/ ) { die "fatal: no previous account to recall hidden password from!" unless $old; } else { - $error ||= $new->set_password($cgi->param('clear_password')); + my $newpass = $cgi->param('clear_password'); + if ( ! $old->check_password($newpass) ) { + # then the password is being changed + $error ||= $new->is_password_allowed($newpass) + || $new->set_password($newpass); + } } if ( ! $error ) { |