Fix some ZKP password issues, a=chris
Fix some ZKP password issues, a=chris
diff --git a/src/controllers/components/AccountaccessComponent.php b/src/controllers/components/AccountaccessComponent.php
index 0d1c9b189..1c599adcd 100644
--- a/src/controllers/components/AccountaccessComponent.php
+++ b/src/controllers/components/AccountaccessComponent.php
@@ -162,11 +162,16 @@ class AccountaccessComponent extends Component
$arg = (isset($_REQUEST['arg'])) ? $_REQUEST['arg'] : "";
switch ($arg) {
case "updateuser":
- if (isset($_REQUEST['new_password']) &&
- strlen($_REQUEST['new_password']) > C\LONG_NAME_LEN) {
- return $parent->redirectWithMessage(
- tl('accountaccess_component_passwords_too_long'),
- ["edit", "edit_pass"]);
+ if (isset($_REQUEST['new_password']) ) {
+ $pass_len = strlen($_REQUEST['new_password']);
+ if ($pass_len > C\ZKP_PASSWORD_LEN ||
+ (C\AUTHENTICATION_MODE != C\ZKP_AUTHENTICATION &&
+ $pass_len > C\LONG_NAME_LEN
+ )) {
+ return $parent->redirectWithMessage(
+ tl('accountaccess_component_passwords_too_long'),
+ ["edit", "edit_pass"]);
+ }
}
if (isset($data['EDIT_PASSWORD']) &&
(!isset($_REQUEST['retype_password']) ||
@@ -337,9 +342,13 @@ class AccountaccessComponent extends Component
$data['PAGING'] = "";
if (isset($_REQUEST['arg']) &&
in_array($_REQUEST['arg'], $possible_arguments)) {
+ $pass_len = (isset($_REQUEST['new_password'])) ?
+ strlen($_REQUEST['new_password']) : 0;
switch ($_REQUEST['arg']) {
case "adduser":
- if (strlen($_REQUEST['password']) > C\LONG_NAME_LEN) {
+ if ($pass_len > C\ZKP_PASSWORD_LEN ||
+ (C\AUTHENTICATION_MODE != C\ZKP_AUTHENTICATION &&
+ $pass_len > C\LONG_NAME_LEN )) {
return $parent->redirectWithMessage(
tl('accountaccess_component_passwords_too_long'),
$request_fields);
@@ -365,7 +374,7 @@ class AccountaccessComponent extends Component
if (C\AUTHENTICATION_MODE == C\ZKP_AUTHENTICATION) {
$zkp_password =
substr($parent->clean($_REQUEST['password'],
- "string"), 0, ZKP_PASSWORD_LEN);
+ "string"), 0, C\ZKP_PASSWORD_LEN);
} else {
$norm_password =
substr($parent->clean($_REQUEST['password'],