diff options
| author | Mark Wells <mark@freeside.biz> | 2015-11-12 16:49:39 -0800 |
|---|---|---|
| committer | Mark Wells <mark@freeside.biz> | 2015-11-12 16:49:39 -0800 |
| commit | c44432a5f0f1c1841ff8b50e734a30bd9aeef945 (patch) | |
| tree | a40fb51c58d18a5b18794a882a12173acdc8e057 /httemplate | |
| parent | bc4c63e61b2113088d164dc86ebca429e219fc0b (diff) | |
limit password reuse, core and svc_acct, #29354
Diffstat (limited to 'httemplate')
| -rwxr-xr-x | httemplate/edit/process/svc_acct.cgi | 7 | ||||
| -rw-r--r-- | httemplate/misc/process/change-password.html | 4 |
2 files changed, 9 insertions, 2 deletions
diff --git a/httemplate/edit/process/svc_acct.cgi b/httemplate/edit/process/svc_acct.cgi index 9cac2c568..d75ff92c1 100755 --- a/httemplate/edit/process/svc_acct.cgi +++ b/httemplate/edit/process/svc_acct.cgi @@ -81,7 +81,12 @@ if ( $cgi->param('clear_password') eq '*HIDDEN*' || $cgi->param('clear_password') =~ /^\(.* encrypted\)$/ ) { die "fatal: no previous account to recall hidden password from!" unless $old; } else { - $error ||= $new->set_password($cgi->param('clear_password')); + my $newpass = $cgi->param('clear_password'); + if ( ! $old->check_password($newpass) ) { + # then the password is being changed + $error ||= $new->is_password_allowed($newpass) + || $new->set_password($newpass); + } } if ( ! $error ) { diff --git a/httemplate/misc/process/change-password.html b/httemplate/misc/process/change-password.html index 7cab9c4e3..d58ce544d 100644 --- a/httemplate/misc/process/change-password.html +++ b/httemplate/misc/process/change-password.html @@ -11,7 +11,9 @@ die "access denied" unless ( ( $curuser->access_right('Edit password') and ! $part_svc->restrict_edit_password ) ); -my $error = $svc_acct->set_password($cgi->param('password')) +my $newpass = $cgi->param('password'); +my $error = $svc_acct->is_password_allowed($newpass) + || $svc_acct->set_password($newpass) || $svc_acct->replace; # annoyingly specific to view/svc_acct.cgi, for now... |