/* this is very similar to the check in mod_coffice: */
__CREATE_QUERY("
SELECT id, passwd FROM co_sec_user WHERE deleted=0 AND id=%d;
", par_id)
__SQL_GET_RESULT
if (!ok) {
/*cou_error(cnx, "Unknown user or deleted account");*/
cou_sendMessageX( cnx, "Unknown user or deleted account", CO_MSG_FORCE);
__CLEAR_RESULT
return 0;
}
if (ok>1) {
cou_error(cnx, "Impossible happened: non-unique id in co_sec_user");
}
encoded_real_pw = cor_GetValue(cnx, corec, 0, 1);
cou_logError(cnx, CO_LOG_DEBUG, "old_passwd='%s' encoded was: '%s'", passwd_old,encoded_real_pw);
if( (*encoded_real_pw != '\0') /* there was password */
&& strcmp(encoded_real_pw,crypt(passwd_old,encoded_real_pw))) {
/*cou_error(cnx, "User password mismatch: changing password not allowed");*/
cou_sendMessageX( cnx, "User password mismatch: changing password not allowed", CO_MSG_FORCE);
__CLEAR_RESULT
return 0;
}
cou_logError(cnx, CO_LOG_DEBUG, "Clearing result");
__CLEAR_RESULT
cou_logError(cnx, CO_LOG_DEBUG, "...Cleared");
/* we have user found that user knows the old password */
/* so he is allowed to change it */
__CREATE_QUERY("
UPDATE co_sec_user SET version=version+1, passwd='%s' WHERE deleted=0 AND id=%d;
", crypt(passwd_new, co_priv_getSalt()), par_id)
__SQL_EXEC
if (ok) {
cou_sendMessageX( cnx, "Password changed", CO_MSG_FORCE);
} else {
cou_sendMessageX( cnx, "Changing password failed", CO_MSG_FORCE);
}