1 files changed, 61 insertions, 18 deletions

diff --git a/lib/plugins/usermanager/admin.php b/lib/plugins/usermanager/admin.php
index 156037f09..b67d91b36 100644
--- a/lib/plugins/usermanager/admin.php
+++ b/lib/plugins/usermanager/admin.php
@@ -53,7 +53,7 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin {
         }
 
         // attempt to retrieve any import failures from the session
-        if ($_SESSION['import_failures']){
+        if (!empty($_SESSION['import_failures'])){
             $this->_import_failures = $_SESSION['import_failures'];
         }
     }
@@ -277,6 +277,7 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin {
     protected function _htmlUserForm($cmd,$user='',$userdata=array(),$indent=0) {
         global $conf;
         global $ID;
+        global $lang;
 
         $name = $mail = $groups = '';
         $notes = array();
@@ -299,6 +300,7 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin {
 
         $this->_htmlInputField($cmd."_userid",    "userid",    $this->lang["user_id"],    $user,  $this->_auth->canDo("modLogin"), $indent+6);
         $this->_htmlInputField($cmd."_userpass",  "userpass",  $this->lang["user_pass"],  "",     $this->_auth->canDo("modPass"),  $indent+6);
+        $this->_htmlInputField($cmd."_userpass2", "userpass2", $lang["passchk"],          "",     $this->_auth->canDo("modPass"),  $indent+6);
         $this->_htmlInputField($cmd."_username",  "username",  $this->lang["user_name"],  $name,  $this->_auth->canDo("modName"),  $indent+6);
         $this->_htmlInputField($cmd."_usermail",  "usermail",  $this->lang["user_mail"],  $mail,  $this->_auth->canDo("modMail"),  $indent+6);
         $this->_htmlInputField($cmd."_usergroups","usergroups",$this->lang["user_groups"],$groups,$this->_auth->canDo("modGroups"),$indent+6);
@@ -358,7 +360,7 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin {
         $class = $cando ? '' : ' class="disabled"';
         echo str_pad('',$indent);
 
-        if($name == 'userpass'){
+        if($name == 'userpass' || $name == 'userpass2'){
             $fieldtype = 'password';
             $autocomp  = 'autocomplete="off"';
         }elseif($name == 'usermail'){
@@ -475,7 +477,7 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin {
         if (!checkSecurityToken()) return false;
         if (!$this->_auth->canDo('addUser')) return false;
 
-        list($user,$pass,$name,$mail,$grps) = $this->_retrieveUser();
+        list($user,$pass,$name,$mail,$grps,$passconfirm) = $this->_retrieveUser();
         if (empty($user)) return false;
 
         if ($this->_auth->canDo('modPass')){
@@ -486,6 +488,10 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin {
                     msg($this->lang['add_fail'], -1);
                     return false;
                 }
+            } else {
+                if (!$this->_verifyPassword($pass,$passconfirm)) {
+                    return false;
+                }
             }
         } else {
             if (!empty($pass)){
@@ -606,7 +612,7 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin {
         $oldinfo = $this->_auth->getUserData($olduser);
 
         // get new user data subject to change
-        list($newuser,$newpass,$newname,$newmail,$newgrps) = $this->_retrieveUser();
+        list($newuser,$newpass,$newname,$newmail,$newgrps,$passconfirm) = $this->_retrieveUser();
         if (empty($newuser)) return false;
 
         $changes = array();
@@ -625,27 +631,37 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin {
                 $changes['user'] = $newuser;
             }
         }
-
-        // generate password if left empty and notification is on
-        if($INPUT->has('usernotify') && empty($newpass)){
-            $newpass = auth_pwgen($olduser);
+        if ($this->_auth->canDo('modPass')) {
+            if ($newpass || $passconfirm) {
+                if ($this->_verifyPassword($newpass,$passconfirm)) {
+                    $changes['pass'] = $newpass;
+                } else {
+                    return false;
+                }
+            } else {
+                // no new password supplied, check if we need to generate one (or it stays unchanged)
+                if ($INPUT->has('usernotify')) {
+                    $changes['pass'] = auth_pwgen($olduser);
+                }
+            }
         }
 
-        if (!empty($newpass) && $this->_auth->canDo('modPass'))
-          $changes['pass'] = $newpass;
-        if (!empty($newname) && $this->_auth->canDo('modName') && $newname != $oldinfo['name'])
-          $changes['name'] = $newname;
-        if (!empty($newmail) && $this->_auth->canDo('modMail') && $newmail != $oldinfo['mail'])
-          $changes['mail'] = $newmail;
-        if (!empty($newgrps) && $this->_auth->canDo('modGroups') && $newgrps != $oldinfo['grps'])
-          $changes['grps'] = $newgrps;
+        if (!empty($newname) && $this->_auth->canDo('modName') && $newname != $oldinfo['name']) {
+            $changes['name'] = $newname;
+        }
+        if (!empty($newmail) && $this->_auth->canDo('modMail') && $newmail != $oldinfo['mail']) {
+            $changes['mail'] = $newmail;
+        }
+        if (!empty($newgrps) && $this->_auth->canDo('modGroups') && $newgrps != $oldinfo['grps']) {
+            $changes['grps'] = $newgrps;
+        }
 
         if ($ok = $this->_auth->triggerUserMod('modify', array($olduser, $changes))) {
             msg($this->lang['update_ok'],1);
 
-            if ($INPUT->has('usernotify') && $newpass) {
+            if ($INPUT->has('usernotify') && !empty($changes['pass'])) {
                 $notify = empty($changes['user']) ? $olduser : $newuser;
-                $this->_notifyUser($notify,$newpass);
+                $this->_notifyUser($notify,$changes['pass']);
             }
 
             // invalidate all sessions
@@ -686,6 +702,32 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin {
     }
 
     /**
+     * Verify password meets minimum requirements
+     * :TODO: extend to support password strength
+     *
+     * @param string  $password   candidate string for new password
+     * @param string  $confirm    repeated password for confirmation
+     * @return bool   true if meets requirements, false otherwise
+     */
+    protected function _verifyPassword($password, $confirm) {
+        global $lang;
+
+        if (empty($password) && empty($confirm)) {
+            return false;
+        }
+
+        if ($password !== $confirm) {
+            msg($lang['regbadpass'], -1);
+            return false;
+        }
+
+        // :TODO: test password for required strength
+
+        // if we make it this far the password is good
+        return true;
+    }
+
+    /**
      * Retrieve & clean user data from the form
      *
      * @param bool $clean whether the cleanUser method of the authentication backend is applied
@@ -701,6 +743,7 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin {
         $user[2] = $INPUT->str('username');
         $user[3] = $INPUT->str('usermail');
         $user[4] = explode(',',$INPUT->str('usergroups'));
+        $user[5] = $INPUT->str('userpass2');                // repeated password for confirmation
 
         $user[4] = array_map('trim',$user[4]);
         if($clean) $user[4] = array_map(array($auth,'cleanGroup'),$user[4]);