bugfix: faulty validation in user_update made pw change impossible

[cgilite] / users.sh

diff --git a/users.sh b/users.sh
index d738ee94ec70a9ac6a55a5cc2321b0628063be4a..4d7965a57b260f5dc1a50ad4bc3f0411b0c07c0e 100755 (executable)
--- a/users.sh
+++ b/users.sh
@@ -429,7 +429,7 @@ user_update(){
 
         uid="$(POST uid)"
       oldpw="$(POST oldpw)"
-         pw="$(POST pw |grep -xE '.{6}')"
+         pw="$(POST pw |grep -m1 -xE '.{6,}')"
   pwconfirm="$(POST pwconfirm)"
 
 
@@ -442,7 +442,7 @@ user_update(){
       update_user "${uid}" password="$pw"
       REDIRECT "${_BASE}${PATH_INFO}#UPDATE_SUCCESS"
     else
-      REDIRECT "${_BASE}${PATH_INFO}#ERROR_PWMISMATCH"
+      REDIRECT "${_BASE}${PATH_INFO}#ERROR_PW_MISMATCH"
     fi
   elif [ "$UID_" = "$USER_ID" ]; then
     REDIRECT "${_BASE}${PATH_INFO}#ERROR_INVALID_AUTH_PASSWORD"
@@ -638,7 +638,7 @@ w_user_invite(){
 w_user_login_logon(){  # TRANSLATION
   cat <<-EOF
        [form #user_login .login method=POST
-         [input name=uname placeholder="Username or Email" autocomplete=off]
+         [input name=uname placeholder="Username or Email"]
          [input type=password name=pw placeholder="Passphrase"]
          [submit "action" "user_login" Login]
        ]