liquid_feedback_frontend
diff app/main/member/_action/update_password.lua @ 9:0ee1e0c42d4c
Version beta5
Minor security fix: Added missing security filter for admin section. Reading of member listing including login names was possible for all users. Write access has not been possible though.
Changing of name and login is possible while a history of these changes is written and accessible by all users.
Statistics shown in area list
Trimming of user input also converts multiple whitespaces to single space character.
Minor security fix: Added missing security filter for admin section. Reading of member listing including login names was possible for all users. Write access has not been possible though.
Changing of name and login is possible while a history of these changes is written and accessible by all users.
Statistics shown in area list
Trimming of user input also converts multiple whitespaces to single space character.
| author | bsw |
|---|---|
| date | Mon Jan 04 12:00:00 2010 +0100 (2010-01-04) |
| parents | |
| children | 32cc544d5a5b |
line diff
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/app/main/member/_action/update_password.lua Mon Jan 04 12:00:00 2010 +0100 1.3 @@ -0,0 +1,23 @@ 1.4 +local old_password = param.get("old_password") 1.5 +local new_password1 = param.get("new_password1") 1.6 +local new_password2 = param.get("new_password2") 1.7 + 1.8 +if not Member:by_login_and_password(app.session.member.login, old_password) then 1.9 + slot.put_into("error", _"Old password is wrong") 1.10 + return false 1.11 +end 1.12 + 1.13 +if new_password1 ~= new_password2 then 1.14 + slot.put_into("error", _"New passwords does not match.") 1.15 + return false 1.16 +end 1.17 + 1.18 +if #new_password1 < 8 then 1.19 + slot.put_into("error", _"New passwords is too short.") 1.20 + return false 1.21 +end 1.22 + 1.23 +app.session.member:set_password(new_password1) 1.24 +app.session.member:save() 1.25 + 1.26 +slot.put_into("notice", _"Your password has been updated successfully")