X-Git-Url: https://jfr.im/git/irc/quakenet/newserv.git/blobdiff_plain/24e572a95ac1b295c18a24c13da7b448a7eb2d22..f90b99089f472ed3463a9b4accdb15204198a69d:/chanserv/authcmds/newpass.c

diff --git a/chanserv/authcmds/newpass.c b/chanserv/authcmds/newpass.c
index e49f296a..b6be66aa 100644
--- a/chanserv/authcmds/newpass.c
+++ b/chanserv/authcmds/newpass.c
@@ -2,16 +2,19 @@
  *
  *
  * CMDNAME: newpass
+ * CMDALIASES: newpassword
  * CMDLEVEL: QCMD_SECURE | QCMD_AUTHED
  * CMDARGS: 3
  * CMDDESC: Change your password.
  * CMDFUNC: csa_donewpw
  * CMDPROTO: int csa_donewpw(void *source, int cargc, char **cargv);
- * CMDHELP: Usage: NEWPASS <oldpassword> <newpassword> <newpassword>
+ * CMDHELP: Usage: @UCOMMAND@ <oldpassword> <newpassword> <newpassword>
  * CMDHELP: Changes your account password.  Your new password must be at least 6 characters
  * CMDHELP: long, contain at least one number and one letter, and may not contain sequences
- * CMDHELP: of letters or numbers.  Your new password will be sent to your registered email
- * CMDHELP: address.  Where:
+ * CMDHELP: of letters or numbers, also note that your password will be truncated to 10
+ * CMDHELP: characters.
+ * CMDHELP: Your new password will be sent to your registered email address.
+ * CMDHELP: Where:
  * CMDHELP: oldpassword - your existing account password
  * CMDHELP: newpassword - your desired new password.  Must be entered the same both times.
  * CMDHELP: Note: due to the sensitive nature of this command, you must send the message to
@@ -21,6 +24,7 @@
 #include "../chanserv.h"
 #include "../authlib.h"
 #include "../../lib/irc_string.h"
+#include "../../core/hooks.h"
 #include <stdio.h>
 #include <string.h>
 #include <ctype.h>
@@ -28,8 +32,9 @@
 int csa_donewpw(void *source, int cargc, char **cargv) {
   reguser *rup;
   nick *sender=source;
-  int i, cntweak = 0, cntdigits = 0, cntletters = 0;
+  unsigned int same=0;
   time_t t;
+  int pq;
 
   if (cargc<3) {
     chanservstdmessage(sender, QM_NOTENOUGHPARAMS, "newpass");
@@ -51,34 +56,44 @@ int csa_donewpw(void *source, int cargc, char **cargv) {
     return CMD_ERROR;
   }
 
-  if (strlen(cargv[1]) < 6) {
-    chanservstdmessage(sender, QM_PWTOSHORT); /* new password to short */
-    cs_log(sender,"NEWPASS FAIL username %s password to short %s (%zu characters)",rup->username,cargv[1],strlen(cargv[1]));
-    return CMD_ERROR;
-  }
-
-  for ( i = 0; cargv[1][i] && i < PASSLEN; i++ ) {
-    if ( cargv[1][i] == cargv[1][i+1] || cargv[1][i] + 1 == cargv[1][i+1] || cargv[1][i] - 1 == cargv[1][i+1] )
-      cntweak++;
-    if(isdigit(cargv[1][i]))
-      cntdigits++;
-    if(islower(cargv[1][i]) || isupper(cargv[1][i]))
-      cntletters++;
+  if (!strcmp(cargv[0],cargv[1])) {
+    /* If they are the same then continue anyway but don't send the hook later. */
+    same=1;
   }
 
-  if( cntweak > 3 || !cntdigits || !cntletters) {
+  pq = csa_checkpasswordquality(cargv[1]);
+  if(pq == QM_PWTOSHORT) {
+    chanservstdmessage(sender, QM_PWTOSHORT); /* new password too short */
+    cs_log(sender,"NEWPASS FAIL username %s password too short %s (%zu characters)",rup->username,cargv[1],strlen(cargv[1]));
+    return CMD_ERROR;
+  } else if(pq == QM_PWTOWEAK) {
     chanservstdmessage(sender, QM_PWTOWEAK); /* new password is weak */
-    cs_log(sender,"NEWPASS FAIL username %s password to weak %s",rup->username,cargv[1]);
+    cs_log(sender,"NEWPASS FAIL username %s password too weak %s",rup->username,cargv[1]);
+    return CMD_ERROR;
+  } else if(pq == QM_PWTOLONG) {
+    chanservstdmessage(sender, QM_PWTOLONG); /* new password too long */
+    cs_log(sender,"NEWPASS FAIL username %s password too long %s",rup->username,cargv[1]);
+    return CMD_ERROR;
+  } else if(pq == QM_PWINVALID) {
+    chanservstdmessage(sender, QM_PWINVALID);
+    cs_log(sender,"NEWPASS FAIL username %s password invalid %s",rup->username,cargv[1]);
+    return CMD_ERROR;
+  } else if(pq == -1) {
+    /* all good */
+  } else {
+    chanservsendmessage(sender, "unknown error in newpass.c... contact #help");
     return CMD_ERROR;
   }
 
-  if(!UHasHelperPriv(rup)) {
-    t=time(NULL);
+  t=time(NULL);
+  if(!UHasStaffPriv(rup)) {
     if(rup->lockuntil && rup->lockuntil > t) {
       chanservstdmessage(sender, QM_ACCOUNTLOCKED, rup->lockuntil);
       return CMD_ERROR;
     }
     rup->lockuntil=t+7*24*3600;
+  } else {
+    rup->lockuntil=0;
   }
 
   if(rup->lastemail) {
@@ -86,6 +101,7 @@ int csa_donewpw(void *source, int cargc, char **cargv) {
     rup->lastemail=NULL;
   }
 
+  rup->lastpasschange=t;
   csdb_accounthistory_insert(sender, rup->password, cargv[1], NULL, NULL);
   setpassword(rup, cargv[1]);
 
@@ -100,6 +116,9 @@ int csa_donewpw(void *source, int cargc, char **cargv) {
 
   csdb_updateuser(rup);
   csdb_createmail(rup, QMAIL_NEWPW);
+  
+  if (!same)
+    triggerhook(HOOK_CHANSERV_PWCHANGE, sender);
 
   return CMD_OK;
 }