git.ipfire.org Git - ipfire-2.x.git/commit

author	Adolf Belka <adolf.belka@ipfire.org>
	Sat, 10 May 2025 10:30:56 +0000 (12:30 +0200)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Mon, 12 May 2025 14:52:25 +0000 (14:52 +0000)
commit	a461fd70445aec9dfa34bf9c5a29a85e0ad0e2fe
tree	badf517df9db84aa46d22e12401f185969d01565	tree
parent	5bd976ef95fac930eeb5273c792805cbcb49237d	commit \| diff

chpasswd.cgi: Fixes bug12755 - v3 with password verification correction

- v3 version based on feedback from @Michael to use the status value returned from
   using the htpasswd command.
- Also simplified the whole section to carry out the change if the status is 0, ie all
   went well, otherwise give an error but without identifying if the error is in the
   username or the password. This makes it more secure as any attacker only knows it
   failed and doesn't know if any part of the authentication was correct or not.
- Changed the error messages in line with this so the language file changes are in the
   other part of this patch set submission.
- Tested out on my vm test bed and worked fine. If the username was incorrect or the
   password was incorrect or both were incorrect the same error message is given. If
   both are correct then the update is carried out.

Fixes: bug12755
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>