From 765d694a7c932a32c01e6fbfa15d16b5a6454d5a Mon Sep 17 00:00:00 2001
From: Mischa POSLAWSKY <perl@shiar.org>
Date: Sat, 9 Jun 2018 09:18:58 +0200
Subject: [PATCH] login/pass: require new password value to be confirmed

---
 login/edit.php       | 1 +
 login/pass.inc.php   | 4 ++++
 login/pass/index.php | 1 +
 3 files changed, 6 insertions(+)

diff --git a/login/edit.php b/login/edit.php
index 2adfc51..4cb3f11 100644
--- a/login/edit.php
+++ b/login/edit.php
@@ -110,6 +110,7 @@ if (isset($user['pass'])) {
 		<label for="newpass">Wachtwoord:</label>
 		<input type="password" name="oldpass" value="" placeholder="Huidig wachtwoord" />
 		<input type="password" name="newpass" value="" placeholder="Nieuw wachtwoord" />
+		<input type="password" name="passconf" value="" placeholder="Nogmaals" />
 <?php
 	if ($error = @$colwarn['pass']) {
 		print " <span class=warn>$error</span>\n";
diff --git a/login/pass.inc.php b/login/pass.inc.php
index cbfb1db..483f8bb 100644
--- a/login/pass.inc.php
+++ b/login/pass.inc.php
@@ -32,6 +32,10 @@ function passform($user, $input = [])
 		return "De loginnaam is wel heel makkelijk raadbaar als wachtwoord.";
 	}
 
+	if ($input['newpass'] != $input['passconf']) {
+		return "Zorg dat bij de bevestiging precies het zelfde wachtwoord staat.";
+	}
+
 	if (!file_put_contents($pwfile, $input['newpass'])) {
 		return "Het nieuwe wachtwoord kon niet worden opgeslagen. Het oude wachtwoord is behouden.";
 	}
diff --git a/login/pass/index.php b/login/pass/index.php
index ec87cf5..4724351 100644
--- a/login/pass/index.php
+++ b/login/pass/index.php
@@ -39,6 +39,7 @@ if ($_POST) {
 <input type="password" name="oldpass" value="" placeholder="Huidig wachtwoord" />
 <?php } ?>
 <input type="password" name="newpass" value="" placeholder="Nieuw wachtwoord" />
+<input type="password" name="passconf" value="" placeholder="Nogmaals" />
 <input type="submit" value="Wijzig" />
 </p>
 </form>
-- 
2.30.0