*
*
* CMDNAME: newpass
- * CMDLEVEL: QCMD_AUTHED
+ * CMDLEVEL: QCMD_SECURE | QCMD_AUTHED
* CMDARGS: 3
* CMDDESC: Change your password.
* CMDFUNC: csa_donewpw
* CMDPROTO: int csa_donewpw(void *source, int cargc, char **cargv);
+ * CMDHELP: Usage: NEWPASS <oldpassword> <newpassword> <newpassword>
+ * CMDHELP: Changes your account password. Your new password must be at least 6 characters
+ * CMDHELP: long, contain at least one number and one letter, and may not contain sequences
+ * CMDHELP: of letters or numbers. Your new password will be sent to your registered email
+ * CMDHELP: address. Where:
+ * CMDHELP: oldpassword - your existing account password
+ * CMDHELP: newpassword - your desired new password. Must be entered the same both times.
+ * CMDHELP: Note: due to the sensitive nature of this command, you must send the message to
+ * CMDHELP: Q@CServe.quakenet.org when using it.
*/
#include "../chanserv.h"
#include "../../lib/irc_string.h"
#include <stdio.h>
#include <string.h>
+#include <ctype.h>
int csa_donewpw(void *source, int cargc, char **cargv) {
reguser *rup;
nick *sender=source;
+ int i, cntweak = 0, cntdigits = 0, cntletters = 0;
if (cargc<3) {
chanservstdmessage(sender, QM_NOTENOUGHPARAMS, "newpass");
if (!(rup=getreguserfromnick(sender)))
return CMD_ERROR;
- if (!checkmasterpassword(rup, cargv[0])) {
+ if (!checkpassword(rup, cargv[0])) {
chanservstdmessage(sender, QM_AUTHFAIL);
- cs_log(sender,"NEWPASS FAIL username %s bad masterpassword %s",rup->username,cargv[0]);
+ cs_log(sender,"NEWPASS FAIL username %s bad password %s",rup->username,cargv[0]);
return CMD_ERROR;
}
return CMD_ERROR;
}
+ for ( i = 0; cargv[1][i] && i < PASSLEN; i++ ) {
+ if ( cargv[1][i] == cargv[1][i+1] || cargv[1][i] + 1 == cargv[1][i+1] || cargv[1][i] - 1 == cargv[1][i+1] )
+ cntweak++;
+ if(isdigit(cargv[1][i]))
+ cntdigits++;
+ if(islower(cargv[1][i]) || isupper(cargv[1][i]))
+ cntletters++;
+ }
+
+ if( cntweak > 3 || !cntdigits || !cntletters) {
+ chanservstdmessage(sender, QM_PWTOWEAK); /* new password is weak */
+ cs_log(sender,"NEWPASS FAIL username %s password to weak %s",rup->username,cargv[1]);
+ return CMD_ERROR;
+ }
+
setpassword(rup, cargv[1]);
rup->lastauth=time(NULL);
chanservstdmessage(sender, QM_PWCHANGED);