* CMDHELP: Usage: @UCOMMAND@ <oldpassword> <newpassword> <newpassword>
* CMDHELP: Changes your account password. Your new password must be at least 6 characters
* CMDHELP: long, contain at least one number and one letter, and may not contain sequences
- * CMDHELP: of letters or numbers. Your new password will be sent to your registered email
- * CMDHELP: address. Where:
+ * CMDHELP: of letters or numbers, also note that your password will be truncated to 10
+ * CMDHELP: characters.
+ * CMDHELP: Your new password will be sent to your registered email address.
+ * CMDHELP: Where:
* CMDHELP: oldpassword - your existing account password
* CMDHELP: newpassword - your desired new password. Must be entered the same both times.
* CMDHELP: Note: due to the sensitive nature of this command, you must send the message to
int csa_donewpw(void *source, int cargc, char **cargv) {
reguser *rup;
nick *sender=source;
- int i, cntweak = 0, cntdigits = 0, cntletters = 0;
unsigned int same=0;
time_t t;
+ int pq;
if (cargc<3) {
chanservstdmessage(sender, QM_NOTENOUGHPARAMS, "newpass");
return CMD_ERROR;
}
- if (strlen(cargv[1]) < 6) {
- chanservstdmessage(sender, QM_PWTOSHORT); /* new password to short */
- cs_log(sender,"NEWPASS FAIL username %s password to short %s (%zu characters)",rup->username,cargv[1],strlen(cargv[1]));
- return CMD_ERROR;
- }
-
if (!strcmp(cargv[0],cargv[1])) {
/* If they are the same then continue anyway but don't send the hook later. */
same=1;
}
- for ( i = 0; cargv[1][i] && i < PASSLEN; i++ ) {
- if ( cargv[1][i] == cargv[1][i+1] || cargv[1][i] + 1 == cargv[1][i+1] || cargv[1][i] - 1 == cargv[1][i+1] )
- cntweak++;
- if(isdigit(cargv[1][i]))
- cntdigits++;
- if(islower(cargv[1][i]) || isupper(cargv[1][i]))
- cntletters++;
- }
-
- if( cntweak > 3 || !cntdigits || !cntletters) {
+ pq = csa_checkpasswordquality(cargv[1]);
+ if(pq == QM_PWTOSHORT) {
+ chanservstdmessage(sender, QM_PWTOSHORT); /* new password too short */
+ cs_log(sender,"NEWPASS FAIL username %s password too short %s (%zu characters)",rup->username,cargv[1],strlen(cargv[1]));
+ return CMD_ERROR;
+ } else if(pq == QM_PWTOWEAK) {
chanservstdmessage(sender, QM_PWTOWEAK); /* new password is weak */
- cs_log(sender,"NEWPASS FAIL username %s password to weak %s",rup->username,cargv[1]);
+ cs_log(sender,"NEWPASS FAIL username %s password too weak %s",rup->username,cargv[1]);
+ return CMD_ERROR;
+ } else if(pq == QM_PWTOLONG) {
+ chanservstdmessage(sender, QM_PWTOLONG); /* new password too long */
+ cs_log(sender,"NEWPASS FAIL username %s password too long %s",rup->username,cargv[1]);
+ return CMD_ERROR;
+ } else if(pq == QM_PWINVALID) {
+ chanservstdmessage(sender, QM_PWINVALID);
+ cs_log(sender,"NEWPASS FAIL username %s password invalid %s",rup->username,cargv[1]);
+ return CMD_ERROR;
+ } else if(pq == -1) {
+ /* all good */
+ } else {
+ chanservsendmessage(sender, "unknown error in newpass.c... contact #help");
return CMD_ERROR;
}
projects / irc / quakenet / newserv.git / blobdiff