]>
Commit | Line | Data |
---|---|---|
1 | /* Automatically generated by refactor.pl. | |
2 | * | |
3 | * | |
4 | * CMDNAME: newpass | |
5 | * CMDALIASES: newpassword | |
6 | * CMDLEVEL: QCMD_SECURE | QCMD_AUTHED | |
7 | * CMDARGS: 3 | |
8 | * CMDDESC: Change your password. | |
9 | * CMDFUNC: csa_donewpw | |
10 | * CMDPROTO: int csa_donewpw(void *source, int cargc, char **cargv); | |
11 | * CMDHELP: Usage: @UCOMMAND@ <oldpassword> <newpassword> <newpassword> | |
12 | * CMDHELP: Changes your account password. Your new password must be at least 6 characters | |
13 | * CMDHELP: long, contain at least one number and one letter, and may not contain sequences | |
14 | * CMDHELP: of letters or numbers, also note that your password will be truncated to 10 | |
15 | * CMDHELP: characters. | |
16 | * CMDHELP: Your new password will be sent to your registered email address. | |
17 | * CMDHELP: Where: | |
18 | * CMDHELP: oldpassword - your existing account password | |
19 | * CMDHELP: newpassword - your desired new password. Must be entered the same both times. | |
20 | * CMDHELP: Note: due to the sensitive nature of this command, you must send the message to | |
21 | * CMDHELP: Q@CServe.quakenet.org when using it. | |
22 | */ | |
23 | ||
24 | #include "../chanserv.h" | |
25 | #include "../authlib.h" | |
26 | #include "../../lib/irc_string.h" | |
27 | #include "../../core/hooks.h" | |
28 | #include <stdio.h> | |
29 | #include <string.h> | |
30 | #include <ctype.h> | |
31 | ||
32 | int csa_donewpw(void *source, int cargc, char **cargv) { | |
33 | reguser *rup; | |
34 | nick *sender=source; | |
35 | unsigned int same=0; | |
36 | time_t t; | |
37 | int pq; | |
38 | ||
39 | if (cargc<3) { | |
40 | chanservstdmessage(sender, QM_NOTENOUGHPARAMS, "newpass"); | |
41 | return CMD_ERROR; | |
42 | } | |
43 | ||
44 | if (!(rup=getreguserfromnick(sender))) | |
45 | return CMD_ERROR; | |
46 | ||
47 | if (!checkpassword(rup, cargv[0])) { | |
48 | chanservstdmessage(sender, QM_AUTHFAIL); | |
49 | cs_log(sender,"NEWPASS FAIL username %s bad password %s",rup->username,cargv[0]); | |
50 | return CMD_ERROR; | |
51 | } | |
52 | ||
53 | if (strcmp(cargv[1],cargv[2])) { | |
54 | chanservstdmessage(sender, QM_PWDONTMATCH); /* Sorry, passwords do not match */ | |
55 | cs_log(sender,"NEWPASS FAIL username %s new passwords don't match (%s vs %s)",rup->username,cargv[1],cargv[2]); | |
56 | return CMD_ERROR; | |
57 | } | |
58 | ||
59 | if (!strcmp(cargv[0],cargv[1])) { | |
60 | /* If they are the same then continue anyway but don't send the hook later. */ | |
61 | same=1; | |
62 | } | |
63 | ||
64 | pq = csa_checkpasswordquality(cargv[1]); | |
65 | if(pq == QM_PWTOSHORT) { | |
66 | chanservstdmessage(sender, QM_PWTOSHORT); /* new password too short */ | |
67 | cs_log(sender,"NEWPASS FAIL username %s password too short %s (%zu characters)",rup->username,cargv[1],strlen(cargv[1])); | |
68 | return CMD_ERROR; | |
69 | } else if(pq == QM_PWTOWEAK) { | |
70 | chanservstdmessage(sender, QM_PWTOWEAK); /* new password is weak */ | |
71 | cs_log(sender,"NEWPASS FAIL username %s password too weak %s",rup->username,cargv[1]); | |
72 | return CMD_ERROR; | |
73 | } else if(pq == QM_PWTOLONG) { | |
74 | chanservstdmessage(sender, QM_PWTOLONG); /* new password too long */ | |
75 | cs_log(sender,"NEWPASS FAIL username %s password too long %s",rup->username,cargv[1]); | |
76 | return CMD_ERROR; | |
77 | } else if(pq == QM_PWINVALID) { | |
78 | chanservstdmessage(sender, QM_PWINVALID); | |
79 | cs_log(sender,"NEWPASS FAIL username %s password invalid %s",rup->username,cargv[1]); | |
80 | return CMD_ERROR; | |
81 | } else if(pq == -1) { | |
82 | /* all good */ | |
83 | } else { | |
84 | chanservsendmessage(sender, "unknown error in newpass.c... contact #help"); | |
85 | return CMD_ERROR; | |
86 | } | |
87 | ||
88 | t=time(NULL); | |
89 | if(!UHasStaffPriv(rup)) { | |
90 | if(rup->lockuntil && rup->lockuntil > t) { | |
91 | chanservstdmessage(sender, QM_ACCOUNTLOCKED, rup->lockuntil); | |
92 | return CMD_ERROR; | |
93 | } | |
94 | rup->lockuntil=t+7*24*3600; | |
95 | } else { | |
96 | rup->lockuntil=0; | |
97 | } | |
98 | ||
99 | if(rup->lastemail) { | |
100 | freesstring(rup->lastemail); | |
101 | rup->lastemail=NULL; | |
102 | } | |
103 | ||
104 | rup->lastpasschange=t; | |
105 | csdb_accounthistory_insert(sender, rup->password, cargv[1], NULL, NULL); | |
106 | setpassword(rup, cargv[1]); | |
107 | ||
108 | rup->lastauth=time(NULL); | |
109 | chanservstdmessage(sender, QM_PWCHANGED); | |
110 | cs_log(sender,"NEWPASS OK username %s", rup->username); | |
111 | ||
112 | #ifdef AUTHGATE_WARNINGS | |
113 | if(UHasOperPriv(rup)) | |
114 | chanservsendmessage(sender, "WARNING FOR PRIVILEGED USERS: you MUST go to https://auth.quakenet.org and login successfully to update the cache, if you do not your old password will still be usable in certain circumstances."); | |
115 | #endif | |
116 | ||
117 | csdb_updateuser(rup); | |
118 | csdb_createmail(rup, QMAIL_NEWPW); | |
119 | ||
120 | if (!same) | |
121 | triggerhook(HOOK_CHANSERV_PWCHANGE, sender); | |
122 | ||
123 | return CMD_OK; | |
124 | } |