From 20e348d5731246710848fd99251df2e6a63f7f51 Mon Sep 17 00:00:00 2001
From: Mateusz Uzdowski <mateusz@silverstripe.com>
Date: Wed, 21 Apr 2010 02:18:21 +0000
Subject: [PATCH] BUGFIX: made the invalid password message translatable;
 disallow new blank password (as it makes it impossible to login);
 Member::checkPassword now returns ValidationResult - handle that properly
 (#5420, patch submitted by walec51) MINOR: typo

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@103226 467b73ca-7a2a-4603-9d3b-597d59a354a9
---
 lang/en_GB.php                  |  2 +-
 lang/en_US.php                  |  2 +-
 security/ChangePasswordForm.php | 18 ++++++++++++++----
 3 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/lang/en_GB.php b/lang/en_GB.php
index 7155a77f7..0eba30e7b 100644
--- a/lang/en_GB.php
+++ b/lang/en_GB.php
@@ -337,7 +337,7 @@ $lang['en_GB']['Member']['EMAILSIGNUPINTRO2'] = 'You can login to the website us
 $lang['en_GB']['Member']['EMAILSIGNUPSUBJECT'] = 'Thanks for signing up';
 $lang['en_GB']['Member']['ENTEREMAIL'] = 'Please enter an email address to get a password reset link.';
 $lang['en_GB']['Member']['ERRORLOCKEDOUT'] = 'Your account has been temporarily disabled because of too many failed attempts at logging in. Please try again in 20 minutes.';
-$lang['en_GB']['Member']['ERRORNEWPASSWORD'] = 'Your have entered your new password differently, try again';
+$lang['en_GB']['Member']['ERRORNEWPASSWORD'] = 'You have entered your new password differently, try again';
 $lang['en_GB']['Member']['ERRORPASSWORDNOTMATCH'] = 'Your current password does not match, please try again';
 $lang['en_GB']['Member']['ERRORWRONGCRED'] = 'That doesn\'t seem to be the right e-mail address or password. Please try again.';
 $lang['en_GB']['Member']['FIRSTNAME'] = 'First Name';
diff --git a/lang/en_US.php b/lang/en_US.php
index ecbb7cc05..32a6e061e 100644
--- a/lang/en_US.php
+++ b/lang/en_US.php
@@ -413,7 +413,7 @@ $lang['en_US']['Member']['EMAILSIGNUPINTRO2'] = 'You can login to the website us
 $lang['en_US']['Member']['EMAILSIGNUPSUBJECT'] = 'Thanks for signing up';
 $lang['en_US']['Member']['ENTEREMAIL'] = 'Please enter an email address to get a password reset link.';
 $lang['en_US']['Member']['ERRORLOCKEDOUT'] = 'Your account has been temporarily disabled because of too many failed attempts at logging in. Please try again in 20 minutes.';
-$lang['en_US']['Member']['ERRORNEWPASSWORD'] = 'Your have entered your new password differently, try again';
+$lang['en_US']['Member']['ERRORNEWPASSWORD'] = 'You have entered your new password differently, try again';
 $lang['en_US']['Member']['ERRORPASSWORDNOTMATCH'] = 'Your current password does not match, please try again';
 $lang['en_US']['Member']['ERRORWRONGCRED'] = 'That doesn\'t seem to be the right e-mail address or password. Please try again.';
 $lang['en_US']['Member']['FIRSTNAME'] = 'First Name';
diff --git a/security/ChangePasswordForm.php b/security/ChangePasswordForm.php
index 7c32d7e4e..eaecdfdae 100755
--- a/security/ChangePasswordForm.php
+++ b/security/ChangePasswordForm.php
@@ -47,7 +47,7 @@ class ChangePasswordForm extends Form {
 	function doChangePassword(array $data) {
 		if($member = Member::currentUser()) {
 			// The user was logged in, check the current password
-			if(isset($data['OldPassword']) && $member->checkPassword($data['OldPassword']) == false) {
+			if(empty($data['OldPassword']) || !$member->checkPassword($data['OldPassword'])->valid()) {
 				$this->clearMessage();
 				$this->sessionMessage(
 					_t('Member.ERRORPASSWORDNOTMATCH', "Your current password does not match, please try again"), 
@@ -72,7 +72,15 @@ class ChangePasswordForm extends Form {
 		}
 
 		// Check the new password
-		if($data['NewPassword1'] == $data['NewPassword2']) {
+		if(empty($data['NewPassword1'])) {
+			$this->clearMessage();
+			$this->sessionMessage(
+				_t('Member.EMPTYNEWPASSWORD', "The new password can't be empty, please try again"),
+				"bad");
+			Director::redirectBack();
+			return;
+		}
+		else if($data['NewPassword1'] == $data['NewPassword2']) {
 			$isValid = $member->changePassword($data['NewPassword1']);
 			if($isValid->valid()) {
 				$this->clearMessage();
@@ -85,14 +93,16 @@ class ChangePasswordForm extends Form {
 
 			} else {
 				$this->clearMessage();
-				$this->sessionMessage(nl2br("We couldn't accept that password:\n" . $isValid->starredList()), "bad");
+				$this->sessionMessage(
+					_t('Member.INVALIDNEWPASSWORD', "We couldn't accept that password: %s", nl2br("\n".$isValid->starredList())), 
+					"bad");
 				Director::redirectBack();
 			}
 
 		} else {
 			$this->clearMessage();
 			$this->sessionMessage(
-				_t('Member.ERRORNEWPASSWORD', "Your have entered your new password differently, try again"),
+				_t('Member.ERRORNEWPASSWORD', "You have entered your new password differently, try again"),
 				"bad");
 			Director::redirectBack();
 		}