correction mdp

This commit is contained in:
Christophe 2020-10-20 17:13:29 +02:00
parent de6df0fdf4
commit bb30b39bcb
2 changed files with 26 additions and 10 deletions

View file

@ -31,7 +31,15 @@
<legend><:comptespip:mot_de_passe:></legend>
[(#SET{min,#VAL{minlength=}|concat{#ENV{pass_longeur_mini,6}}})]
[(#SET{chaine_langue,#VAL{comptespip:champ_password}|_T{#ARRAY{min,#ENV{pass_longeur_mini}}}})]
<div style="height: 0;">
[(#SAISIE{input,new_password}
{type=hidden}
)]
[(#SAISIE{input,new_password_confirmation}
{type=hidden}
)]
</div>
[(#SAISIE{input,password}
{type=password}
{attributs=#GET{min}}
@ -62,15 +70,21 @@
//var alea = "#ENV{alea}";
['#champ_password', "#champ_password_confirmation"].forEach((champ)=>{
var pass = $(champ).val();
$(champ).val('');
if (!pass.match(/^\{([0-9a-f]{32});([0-9a-f]{32})\}$/i)
if (pass
&& !pass.match(/^\{([0-9a-f]{32});([0-9a-f]{32})\}$/i)
&& !pass.match(/^\{([0-9a-f]{64});([0-9a-f]{64});([0-9a-f]{32});([0-9a-f]{32})\}$/i)
&& sha256_self_test() // verifions que le hash sha est operationnel
) {
//var hash = hex_sha256(alea + pass);
var hash = hex_sha256(pass);
if ( hash ) {
$('input'+champ).val(hash);
if (champ === "#champ_password") {
$('input#champ_new_password').val(hash);
} else {
$('input#champ_new_password_confirmation').val(hash);
}
}
}
});

View file

@ -20,6 +20,8 @@ function formulaires_editer_compte_spip_charger_dist($id_auteur = 'new', $redir
}
$valeurs['alea'] = '';
$valeurs['new_password'] = '';
$valeurs['new_password_confirmation'] = '';
$valeurs['password'] = '';
$valeurs['password_confirmation'] = '';
$valeurs['pass_longeur_mini'] = _PASS_LONGUEUR_MINI;
@ -37,8 +39,8 @@ function formulaires_editer_compte_spip_verifier_dist($id_auteur = 'new', $redi
}
// mot de passe
if (_request('password') != _request('password_confirmation')){
$erreurs['password_confirmation'] = _T('info_passes_identiques');
if (_request('new_password') != _request('new_password_confirmation')){
$erreurs['new_password_confirmation'] = _T('info_passes_identiques');
}
//if ( strlen(_request('password')) > 0 and strlen(_request('password')) < _PASS_LONGUEUR_MINI ){
@ -47,11 +49,11 @@ function formulaires_editer_compte_spip_verifier_dist($id_auteur = 'new', $redi
// Mais si l'un des deux champs n'est pas rempli, cette erreur prend le dessus
if ($id_auteur === 'new') {
if (!_request('password')){
$erreurs['password'] = _T('info_obligatoire');
if (!_request('new_password')){
$erreurs['new_password'] = _T('info_obligatoire');
}
if (!_request('password_confirmation')){
$erreurs['password_confirmation'] = _T('info_obligatoire');
if (!_request('new_password_confirmation')){
$erreurs['new_password_confirmation'] = _T('info_obligatoire');
}
}
@ -119,7 +121,7 @@ function formulaires_editer_compte_spip_traiter_dist($id_auteur = 'new', $redir
include_spip('action/editer_auteur');
include_spip('inc/acces');
$password = _request('password');
$password = _request('new_password');
$update = true;
$set = [];