X-Git-Url: https://jfr.im/git/irc/quakenet/newserv.git/blobdiff_plain/74620ebafeb4a94b61a3747e39d27a4ec7a9fe5a..f90b99089f472ed3463a9b4accdb15204198a69d:/chanserv/authcmds/newpass.c

diff --git a/chanserv/authcmds/newpass.c b/chanserv/authcmds/newpass.c
index 0dc3f01e..b6be66aa 100644
--- a/chanserv/authcmds/newpass.c
+++ b/chanserv/authcmds/newpass.c
@@ -2,16 +2,29 @@
  *
  *
  * CMDNAME: newpass
- * CMDLEVEL: QCMD_AUTHED
+ * CMDALIASES: newpassword
+ * CMDLEVEL: QCMD_SECURE | QCMD_AUTHED
  * CMDARGS: 3
  * CMDDESC: Change your password.
  * CMDFUNC: csa_donewpw
  * CMDPROTO: int csa_donewpw(void *source, int cargc, char **cargv);
+ * CMDHELP: Usage: @UCOMMAND@ <oldpassword> <newpassword> <newpassword>
+ * CMDHELP: Changes your account password.  Your new password must be at least 6 characters
+ * CMDHELP: long, contain at least one number and one letter, and may not contain sequences
+ * CMDHELP: of letters or numbers, also note that your password will be truncated to 10
+ * CMDHELP: characters.
+ * CMDHELP: Your new password will be sent to your registered email address.
+ * CMDHELP: Where:
+ * CMDHELP: oldpassword - your existing account password
+ * CMDHELP: newpassword - your desired new password.  Must be entered the same both times.
+ * CMDHELP: Note: due to the sensitive nature of this command, you must send the message to
+ * CMDHELP: Q@CServe.quakenet.org when using it.
  */
 
 #include "../chanserv.h"
 #include "../authlib.h"
 #include "../../lib/irc_string.h"
+#include "../../core/hooks.h"
 #include <stdio.h>
 #include <string.h>
 #include <ctype.h>
@@ -19,7 +32,9 @@
 int csa_donewpw(void *source, int cargc, char **cargv) {
   reguser *rup;
   nick *sender=source;
-  int i, cntweak = 0, cntdigits = 0, cntletters = 0;
+  unsigned int same=0;
+  time_t t;
+  int pq;
 
   if (cargc<3) {
     chanservstdmessage(sender, QM_NOTENOUGHPARAMS, "newpass");
@@ -29,9 +44,9 @@ int csa_donewpw(void *source, int cargc, char **cargv) {
   if (!(rup=getreguserfromnick(sender)))
     return CMD_ERROR;
 
-  if (!checkmasterpassword(rup, cargv[0])) {
+  if (!checkpassword(rup, cargv[0])) {
     chanservstdmessage(sender, QM_AUTHFAIL);
-    cs_log(sender,"NEWPASS FAIL username %s bad masterpassword %s",rup->username,cargv[0]);
+    cs_log(sender,"NEWPASS FAIL username %s bad password %s",rup->username,cargv[0]);
     return CMD_ERROR;
   }
 
@@ -41,33 +56,69 @@ int csa_donewpw(void *source, int cargc, char **cargv) {
     return CMD_ERROR;
   }
 
-  if (strlen(cargv[1]) < 6) {
-    chanservstdmessage(sender, QM_PWTOSHORT); /* new password to short */
-    cs_log(sender,"NEWPASS FAIL username %s password to short %s (%d characters)",rup->username,cargv[1],strlen(cargv[1]));
+  if (!strcmp(cargv[0],cargv[1])) {
+    /* If they are the same then continue anyway but don't send the hook later. */
+    same=1;
+  }
+
+  pq = csa_checkpasswordquality(cargv[1]);
+  if(pq == QM_PWTOSHORT) {
+    chanservstdmessage(sender, QM_PWTOSHORT); /* new password too short */
+    cs_log(sender,"NEWPASS FAIL username %s password too short %s (%zu characters)",rup->username,cargv[1],strlen(cargv[1]));
+    return CMD_ERROR;
+  } else if(pq == QM_PWTOWEAK) {
+    chanservstdmessage(sender, QM_PWTOWEAK); /* new password is weak */
+    cs_log(sender,"NEWPASS FAIL username %s password too weak %s",rup->username,cargv[1]);
+    return CMD_ERROR;
+  } else if(pq == QM_PWTOLONG) {
+    chanservstdmessage(sender, QM_PWTOLONG); /* new password too long */
+    cs_log(sender,"NEWPASS FAIL username %s password too long %s",rup->username,cargv[1]);
+    return CMD_ERROR;
+  } else if(pq == QM_PWINVALID) {
+    chanservstdmessage(sender, QM_PWINVALID);
+    cs_log(sender,"NEWPASS FAIL username %s password invalid %s",rup->username,cargv[1]);
+    return CMD_ERROR;
+  } else if(pq == -1) {
+    /* all good */
+  } else {
+    chanservsendmessage(sender, "unknown error in newpass.c... contact #help");
     return CMD_ERROR;
   }
 
-  for ( i = 0; cargv[1][i] && i < PASSLEN; i++ ) {
-    if ( cargv[1][i] == cargv[1][i+1] || cargv[1][i] + 1 == cargv[1][i+1] || cargv[1][i] - 1 == cargv[1][i+1] )
-      cntweak++;
-    if(isdigit(cargv[1][i]))
-      cntdigits++;
-    if(islower(cargv[1][i]) || isupper(cargv[1][i]))
-      cntletters++;
+  t=time(NULL);
+  if(!UHasStaffPriv(rup)) {
+    if(rup->lockuntil && rup->lockuntil > t) {
+      chanservstdmessage(sender, QM_ACCOUNTLOCKED, rup->lockuntil);
+      return CMD_ERROR;
+    }
+    rup->lockuntil=t+7*24*3600;
+  } else {
+    rup->lockuntil=0;
   }
 
-  if( cntweak > 3 || !cntdigits || !cntletters) {
-    chanservstdmessage(sender, QM_PWTOWEAK); /* new password is weak */
-    cs_log(sender,"NEWPASS FAIL username %s password to weak %s",rup->username,cargv[1]);
-    return CMD_ERROR;
+  if(rup->lastemail) {
+    freesstring(rup->lastemail);
+    rup->lastemail=NULL;
   }
 
+  rup->lastpasschange=t;
+  csdb_accounthistory_insert(sender, rup->password, cargv[1], NULL, NULL);
   setpassword(rup, cargv[1]);
+
   rup->lastauth=time(NULL);
   chanservstdmessage(sender, QM_PWCHANGED);
   cs_log(sender,"NEWPASS OK username %s", rup->username);
+
+#ifdef AUTHGATE_WARNINGS
+  if(UHasOperPriv(rup))
+    chanservsendmessage(sender, "WARNING FOR PRIVILEGED USERS: you MUST go to https://auth.quakenet.org and login successfully to update the cache, if you do not your old password will still be usable in certain circumstances.");
+#endif
+
   csdb_updateuser(rup);
   csdb_createmail(rup, QMAIL_NEWPW);
+  
+  if (!same)
+    triggerhook(HOOK_CHANSERV_PWCHANGE, sender);
 
   return CMD_OK;
 }