Fixed bugs in password change API

2025-07-20 16:48:46 +00:00 · 2021-08-01 14:41:30 -07:00
parent 5b0bc3c30f
commit b19d4fc005
2 changed files with 4 additions and 3 deletions
--- a/passwd/change_passwd.cgi
+++ b/passwd/change_passwd.cgi
@ -2,6 +2,7 @@
 # Change a user's password knowing the old one. For user only via anonymous
 # API calls.
 $trust_unknown_referers = 1;
 require './passwd-lib.pl';
 &ReadParse();
 print "Content-type: text/plain\n\n";
@ -27,7 +28,7 @@ $user || &error_exit("User does not exist");
 &useradmin::validate_password($in{'old'}, $user->{'pass'}) ||
 	&error_exit("Incorrect password");
 my $err = &useradmin::check_password_restrictions(
-	$in{'pass'}, $in{'user'}, $user);
+	$in{'new'}, $in{'user'}, $user);
 &error_exit("Invalid password : $err") if ($err);
 # Do the change
@ -35,7 +36,7 @@ my $err = &useradmin::check_password_restrictions(
 &clear_rate_limit($in{'user'});
 eval {
 	local $main::error_must_die = 1;
-	&change_password($user, $in{'pass'}, 1);
+	&change_password($user, $in{'new'}, 1);
 	};
 if ($@) {
 	&error_exit($@);
--- a/passwd/passwd-lib.pl
+++ b/passwd/passwd-lib.pl
@ -168,7 +168,7 @@ if ($rate{$key} > $rate_limit_max) {
 	$rv = "Too many failures for $key";
 	}
 else {
-	sleep($rate{$key} ** 2);
+	sleep(2 ** $rate{$key});
 	$rate{$key}++;
 	}
 &write_file($rate_limit_file, \%rate);