int csa_donewpw(void *source, int cargc, char **cargv) {
reguser *rup;
nick *sender=source;
unsigned int same=0;
time_t t;
int pq;
if (cargc<3) {
chanservstdmessage(sender, QM_NOTENOUGHPARAMS, "newpass");
return CMD_ERROR;
}
if (!(rup=getreguserfromnick(sender)))
return CMD_ERROR;
if (!checkpassword(rup, cargv[0])) {
chanservstdmessage(sender, QM_AUTHFAIL);
cs_log(sender,"NEWPASS FAIL username %s bad password %s",rup->username,cargv[0]);
return CMD_ERROR;
}
if (strcmp(cargv[1],cargv[2])) {
chanservstdmessage(sender, QM_PWDONTMATCH); /* Sorry, passwords do not match */
cs_log(sender,"NEWPASS FAIL username %s new passwords don't match (%s vs %s)",rup->username,cargv[1],cargv[2]);
return CMD_ERROR;
}
if (!strcmp(cargv[0],cargv[1])) {
/* If they are the same then continue anyway but don't send the hook later. */
same=1;
}
pq = csa_checkpasswordquality(cargv[1]);
if(pq == QM_PWTOSHORT) {
chanservstdmessage(sender, QM_PWTOSHORT); /* new password too short */
cs_log(sender,"NEWPASS FAIL username %s password too short %s (%zu characters)",rup->username,cargv[1],strlen(cargv[1]));
return CMD_ERROR;
} else if(pq == QM_PWTOWEAK) {
chanservstdmessage(sender, QM_PWTOWEAK); /* new password is weak */
cs_log(sender,"NEWPASS FAIL username %s password too weak %s",rup->username,cargv[1]);
return CMD_ERROR;
} else if(pq == QM_PWTOLONG) {
chanservstdmessage(sender, QM_PWTOLONG); /* new password too long */
cs_log(sender,"NEWPASS FAIL username %s password too long %s",rup->username,cargv[1]);
return CMD_ERROR;
} else if(pq == QM_PWINVALID) {
chanservstdmessage(sender, QM_PWINVALID);
cs_log(sender,"NEWPASS FAIL username %s password invalid %s",rup->username,cargv[1]);
return CMD_ERROR;
} else if(pq == -1) {
/* all good */
} else {
chanservsendmessage(sender, "unknown error in newpass.c... contact #help");
return CMD_ERROR;
}
t=time(NULL);
if(!UHasStaffPriv(rup)) {
if(rup->lockuntil && rup->lockuntil > t) {
chanservstdmessage(sender, QM_ACCOUNTLOCKED, rup->lockuntil);
return CMD_ERROR;
}
rup->lockuntil=t+7*24*3600;
} else {
rup->lockuntil=0;
}
if(rup->lastemail) {
freesstring(rup->lastemail);
rup->lastemail=NULL;
}
rup->lastpasschange=t;
csdb_accounthistory_insert(sender, rup->password, cargv[1], NULL, NULL);
setpassword(rup, cargv[1]);
rup->lastauth=time(NULL);
chanservstdmessage(sender, QM_PWCHANGED);
cs_log(sender,"NEWPASS OK username %s", rup->username);
#ifdef AUTHGATE_WARNINGS
if(UHasOperPriv(rup))
chanservsendmessage(sender, "WARNING FOR PRIVILEGED USERS: you MUST go to https://auth.quakenet.org and login successfully to update the cache, if you do not your old password will still be usable in certain circumstances.");
#endif
csdb_updateuser(rup);
csdb_createmail(rup, QMAIL_NEWPW);
if (!same)
triggerhook(HOOK_CHANSERV_PWCHANGE, sender);
return CMD_OK;
}
static void sendemail(reguser *rup) {
csdb_createmail(rup, QMAIL_ACTIVATEEMAIL);
}
