X-Git-Url: https://jfr.im/git/irc/quakenet/newserv.git/blobdiff_plain/d72584f9108c9cd2c3603f37473e9c956007e96d..f90b99089f472ed3463a9b4accdb15204198a69d:/chanserv/authcmds/newpass.c diff --git a/chanserv/authcmds/newpass.c b/chanserv/authcmds/newpass.c index 69e78f2d..b6be66aa 100644 --- a/chanserv/authcmds/newpass.c +++ b/chanserv/authcmds/newpass.c @@ -11,8 +11,10 @@ * CMDHELP: Usage: @UCOMMAND@ * CMDHELP: Changes your account password. Your new password must be at least 6 characters * CMDHELP: long, contain at least one number and one letter, and may not contain sequences - * CMDHELP: of letters or numbers. Your new password will be sent to your registered email - * CMDHELP: address. Where: + * CMDHELP: of letters or numbers, also note that your password will be truncated to 10 + * CMDHELP: characters. + * CMDHELP: Your new password will be sent to your registered email address. + * CMDHELP: Where: * CMDHELP: oldpassword - your existing account password * CMDHELP: newpassword - your desired new password. Must be entered the same both times. * CMDHELP: Note: due to the sensitive nature of this command, you must send the message to @@ -30,9 +32,9 @@ int csa_donewpw(void *source, int cargc, char **cargv) { reguser *rup; nick *sender=source; - int i, cntweak = 0, cntdigits = 0, cntletters = 0; unsigned int same=0; time_t t; + int pq; if (cargc<3) { chanservstdmessage(sender, QM_NOTENOUGHPARAMS, "newpass"); @@ -54,29 +56,32 @@ int csa_donewpw(void *source, int cargc, char **cargv) { return CMD_ERROR; } - if (strlen(cargv[1]) < 6) { - chanservstdmessage(sender, QM_PWTOSHORT); /* new password to short */ - cs_log(sender,"NEWPASS FAIL username %s password to short %s (%zu characters)",rup->username,cargv[1],strlen(cargv[1])); - return CMD_ERROR; - } - if (!strcmp(cargv[0],cargv[1])) { /* If they are the same then continue anyway but don't send the hook later. */ same=1; } - for ( i = 0; cargv[1][i] && i < PASSLEN; i++ ) { - if ( cargv[1][i] == cargv[1][i+1] || cargv[1][i] + 1 == cargv[1][i+1] || cargv[1][i] - 1 == cargv[1][i+1] ) - cntweak++; - if(isdigit(cargv[1][i])) - cntdigits++; - if(islower(cargv[1][i]) || isupper(cargv[1][i])) - cntletters++; - } - - if( cntweak > 3 || !cntdigits || !cntletters) { + pq = csa_checkpasswordquality(cargv[1]); + if(pq == QM_PWTOSHORT) { + chanservstdmessage(sender, QM_PWTOSHORT); /* new password too short */ + cs_log(sender,"NEWPASS FAIL username %s password too short %s (%zu characters)",rup->username,cargv[1],strlen(cargv[1])); + return CMD_ERROR; + } else if(pq == QM_PWTOWEAK) { chanservstdmessage(sender, QM_PWTOWEAK); /* new password is weak */ - cs_log(sender,"NEWPASS FAIL username %s password to weak %s",rup->username,cargv[1]); + cs_log(sender,"NEWPASS FAIL username %s password too weak %s",rup->username,cargv[1]); + return CMD_ERROR; + } else if(pq == QM_PWTOLONG) { + chanservstdmessage(sender, QM_PWTOLONG); /* new password too long */ + cs_log(sender,"NEWPASS FAIL username %s password too long %s",rup->username,cargv[1]); + return CMD_ERROR; + } else if(pq == QM_PWINVALID) { + chanservstdmessage(sender, QM_PWINVALID); + cs_log(sender,"NEWPASS FAIL username %s password invalid %s",rup->username,cargv[1]); + return CMD_ERROR; + } else if(pq == -1) { + /* all good */ + } else { + chanservsendmessage(sender, "unknown error in newpass.c... contact #help"); return CMD_ERROR; }