git.ipfire.org Git - ipfire-2.x.git/commit

author	Adolf Belka <adolf.belka@ipfire.org>
	Sat, 10 May 2025 10:30:56 +0000 (12:30 +0200)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Mon, 12 May 2025 14:54:08 +0000 (14:54 +0000)
commit	5e11bfd87725698270de1343ae664b0b872d0d12
tree	e7fac91193b7dfb0cdeb9c4803cdd095dcca2d30	tree
parent	70763b5df58be94d15ce6a8036ff2c816b742211	commit \| diff

chpasswd.cgi: Fixes bug12755 - v3 with password verification correction

- v3 version based on feedback from @Michael to use the status value returned from
   using the htpasswd command.
- Also simplified the whole section to carry out the change if the status is 0, ie all
   went well, otherwise give an error but without identifying if the error is in the
   username or the password. This makes it more secure as any attacker only knows it
   failed and doesn't know if any part of the authentication was correct or not.
- Changed the error messages in line with this so the language file changes are in the
   other part of this patch set submission.
- Tested out on my vm test bed and worked fine. If the username was incorrect or the
   password was incorrect or both were incorrect the same error message is given. If
   both are correct then the update is carried out.

Fixes: bug12755
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>