X-Git-Url: http://git.rot13.org/?a=blobdiff_plain;f=opac%2Fopac-passwd.pl;h=440f9a23efbe95479d6fb199371b24c5158c6326;hb=9c5e40e4923179bf0b2b630d3e09797dc4c1fdb0;hp=ca0d111ded849c0f46aebbcc90a92c247b2bcc11;hpb=c596d553740ebb6299b133fc6b71ca47ed0ff2e7;p=koha.git diff --git a/opac/opac-passwd.pl b/opac/opac-passwd.pl index ca0d111ded..440f9a23ef 100755 --- a/opac/opac-passwd.pl +++ b/opac/opac-passwd.pl @@ -14,20 +14,22 @@ # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR # A PARTICULAR PURPOSE. See the GNU General Public License for more details. # -# You should have received a copy of the GNU General Public License along with -# Koha; if not, write to the Free Software Foundation, Inc., 59 Temple Place, -# Suite 330, Boston, MA 02111-1307 USA +# You should have received a copy of the GNU General Public License along +# with Koha; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. use strict; -require Exporter; +use warnings; + use CGI; use C4::Auth; # checkauth, getborrowernumber. use C4::Context; use Digest::MD5 qw(md5_base64); use C4::Circulation; - -use C4::Interface::CGI::Output; +use C4::Members; +use C4::Output; +use Koha::AuthUtils qw(hash_password); my $query = new CGI; my $dbh = C4::Context->dbh; @@ -44,48 +46,64 @@ my ( $template, $borrowernumber, $cookie ) = get_template_and_user( ); # get borrower information .... -my ( $borr, $flags ) = GetMemberDetails( $borrowernumber ); -my $sth = - $dbh->prepare("UPDATE borrowers SET password = ? WHERE borrowernumber=?"); - -if ( $query->param('Oldkey') - && $query->param('Newkey') - && $query->param('Confirm') ) -{ - if ( goodkey( $dbh, $borrowernumber, $query->param('Oldkey') ) ) { - if ( $query->param('Newkey') eq $query->param('Confirm') - && length( $query->param('Confirm') ) > 5 ) - { # Record password - my $clave = md5_base64( $query->param('Newkey') ); - $sth->execute( $clave, $borrowernumber ); - $template->param( 'password_updated' => '1' ); - $template->param( 'borrowernumber' => $borrowernumber ); +my ( $borr ) = GetMemberDetails( $borrowernumber ); +my $minpasslen = C4::Context->preference("minPasswordLength"); +if ( C4::Context->preference("OpacPasswordChange") ) { + my $sth = $dbh->prepare("UPDATE borrowers SET password = ? WHERE borrowernumber=?"); + if ( $query->param('Oldkey') + && $query->param('Newkey') + && $query->param('Confirm') ) + { + if ( goodkey( $dbh, $borrowernumber, $query->param('Oldkey') ) ) { + if ( $query->param('Newkey') eq $query->param('Confirm') + && length( $query->param('Confirm') ) >= $minpasslen ) + { # Record password + my $clave = hash_password( $query->param('Newkey') ); + $sth->execute( $clave, $borrowernumber ); + $template->param( 'password_updated' => '1' ); + $template->param( 'borrowernumber' => $borrowernumber ); + } + elsif ( $query->param('Newkey') ne $query->param('Confirm') ) { + $template->param( 'Ask_data' => '1' ); + $template->param( 'Error_messages' => '1' ); + $template->param( 'PassMismatch' => '1' ); + } + elsif ( length( $query->param('Confirm') ) < $minpasslen ) { + $template->param( 'Ask_data' => '1' ); + $template->param( 'Error_messages' => '1' ); + $template->param( 'ShortPass' => '1' ); + } + else { + $template->param( 'Error_messages' => '1' ); + } } - elsif ( $query->param('Newkey') ne $query->param('Confirm') ) { + else { $template->param( 'Ask_data' => '1' ); $template->param( 'Error_messages' => '1' ); - $template->param( 'PassMismatch' => '1' ); + $template->param( 'WrongPass' => '1' ); } - elsif ( length( $query->param('Confirm') ) <= 5 ) { - $template->param( 'Ask_data' => '1' ); + } + else { + + # Called Empty, Ask for data. + $template->param( 'Ask_data' => '1' ); + if (!$query->param('Oldkey') && ($query->param('Newkey') || $query->param('Confirm'))){ + # Old password is empty but one of the others isnt $template->param( 'Error_messages' => '1' ); - $template->param( 'ShortPass' => '1' ); + $template->param( 'WrongPass' => '1' ); } - else { + elsif ($query->param('Oldkey') && (!$query->param('Newkey') || !$query->param('Confirm'))){ + # Oldpassword is entered but one of the other fields is empty $template->param( 'Error_messages' => '1' ); + $template->param( 'PassMismatch' => '1' ); } } - else { - $template->param( 'Ask_data' => '1' ); - $template->param( 'Error_messages' => '1' ); - $template->param( 'WrongPass' => '1' ); - } -} -else { - - # Called Empty, Ask for data. - $template->param( 'Ask_data' => '1' ); } +$template->param(firstname => $borr->{'firstname'}, + surname => $borr->{'surname'}, + minpasslen => $minpasslen, + passwdview => 1, +); output_html_with_http_headers $query, $cookie, $template->output; @@ -96,8 +114,14 @@ sub goodkey { $dbh->prepare("SELECT password FROM borrowers WHERE borrowernumber=?"); $sth->execute($borrowernumber); if ( $sth->rows ) { - my ($md5password) = $sth->fetchrow; - if ( md5_base64($key) eq $md5password ) { return 1; } + my $hash; + my ($stored_hash) = $sth->fetchrow; + if ( substr($stored_hash,0,2) eq '$2') { + $hash = hash_password($key, $stored_hash); + } else { + $hash = md5_base64($key); + } + if ( $hash eq $stored_hash ) { return 1; } else { return 0; } } else { return 0; }