BUGFIX: made the invalid password message translatable; disallow new blank password (as it makes it impossible to login); Member::checkPassword now returns ValidationResult - handle that properly (#5420, patch submitted by walec51)

MINOR: typo git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@103226 467b73ca-7a2a-4603-9d3b-597d59a354a9
2024-10-22 14:05:37 +02:00 · 2010-04-21 02:18:21 +00:00 · 2010-04-21 02:18:21 +00:00 · 20e348d573
commit 20e348d573
parent b6ab3b4ed0
3 changed files with 16 additions and 6 deletions
--- a/lang/en_GB.php
+++ b/lang/en_GB.php
@ -337,7 +337,7 @@ $lang['en_GB']['Member']['EMAILSIGNUPINTRO2'] = 'You can login to the website us
 $lang['en_GB']['Member']['EMAILSIGNUPSUBJECT'] = 'Thanks for signing up';
 $lang['en_GB']['Member']['ENTEREMAIL'] = 'Please enter an email address to get a password reset link.';
 $lang['en_GB']['Member']['ERRORLOCKEDOUT'] = 'Your account has been temporarily disabled because of too many failed attempts at logging in. Please try again in 20 minutes.';
-$lang['en_GB']['Member']['ERRORNEWPASSWORD'] = 'Your have entered your new password differently, try again';
+$lang['en_GB']['Member']['ERRORNEWPASSWORD'] = 'You have entered your new password differently, try again';
 $lang['en_GB']['Member']['ERRORPASSWORDNOTMATCH'] = 'Your current password does not match, please try again';
 $lang['en_GB']['Member']['ERRORWRONGCRED'] = 'That doesn\'t seem to be the right e-mail address or password. Please try again.';
 $lang['en_GB']['Member']['FIRSTNAME'] = 'First Name';
--- a/lang/en_US.php
+++ b/lang/en_US.php
@ -413,7 +413,7 @@ $lang['en_US']['Member']['EMAILSIGNUPINTRO2'] = 'You can login to the website us
 $lang['en_US']['Member']['EMAILSIGNUPSUBJECT'] = 'Thanks for signing up';
 $lang['en_US']['Member']['ENTEREMAIL'] = 'Please enter an email address to get a password reset link.';
 $lang['en_US']['Member']['ERRORLOCKEDOUT'] = 'Your account has been temporarily disabled because of too many failed attempts at logging in. Please try again in 20 minutes.';
-$lang['en_US']['Member']['ERRORNEWPASSWORD'] = 'Your have entered your new password differently, try again';
+$lang['en_US']['Member']['ERRORNEWPASSWORD'] = 'You have entered your new password differently, try again';
 $lang['en_US']['Member']['ERRORPASSWORDNOTMATCH'] = 'Your current password does not match, please try again';
 $lang['en_US']['Member']['ERRORWRONGCRED'] = 'That doesn\'t seem to be the right e-mail address or password. Please try again.';
 $lang['en_US']['Member']['FIRSTNAME'] = 'First Name';
--- a/security/ChangePasswordForm.php
+++ b/security/ChangePasswordForm.php
@ -47,7 +47,7 @@ class ChangePasswordForm extends Form {
 	function doChangePassword(array $data) {
 		if($member = Member::currentUser()) {
 			// The user was logged in, check the current password
-			if(isset($data['OldPassword']) && $member->checkPassword($data['OldPassword']) == false) {
+			if(empty($data['OldPassword']) || !$member->checkPassword($data['OldPassword'])->valid()) {
 				$this->clearMessage();
 				$this->sessionMessage(
 					_t('Member.ERRORPASSWORDNOTMATCH', "Your current password does not match, please try again"), 
@ -72,7 +72,15 @@ class ChangePasswordForm extends Form {
 		}

 		// Check the new password
-		if($data['NewPassword1'] == $data['NewPassword2']) {
+		if(empty($data['NewPassword1'])) {
+			$this->clearMessage();
+			$this->sessionMessage(
+				_t('Member.EMPTYNEWPASSWORD', "The new password can't be empty, please try again"),
+				"bad");
+			Director::redirectBack();
+			return;
+		}
+		else if($data['NewPassword1'] == $data['NewPassword2']) {
 			$isValid = $member->changePassword($data['NewPassword1']);
 			if($isValid->valid()) {
 				$this->clearMessage();
@ -85,14 +93,16 @@ class ChangePasswordForm extends Form {

 			} else {
 				$this->clearMessage();
-				$this->sessionMessage(nl2br("We couldn't accept that password:\n" . $isValid->starredList()), "bad");
+				$this->sessionMessage(
+					_t('Member.INVALIDNEWPASSWORD', "We couldn't accept that password: %s", nl2br("\n".$isValid->starredList())), 
+					"bad");
 				Director::redirectBack();
 			}

 		} else {
 			$this->clearMessage();
 			$this->sessionMessage(
-				_t('Member.ERRORNEWPASSWORD', "Your have entered your new password differently, try again"),
+				_t('Member.ERRORNEWPASSWORD', "You have entered your new password differently, try again"),
 				"bad");
 			Director::redirectBack();
 		}