diff --git a/README.md b/README.md index 77f0745..0505916 100644 --- a/README.md +++ b/README.md @@ -64,7 +64,7 @@ Change the variable values to suit your environment. Now go to https://lum.exam Configuration is via environmental variables. Please bear the following in mind: * This tool needs to bind to LDAP as a user that has the permissions to modify everything under the base DN. - * This interface is designed to work with a fresh LDAP server and should only be against existing, populated LDAP directories with caution and at your own risk. + * This interface is designed to work with a fresh LDAP server and should only be used against existing populated LDAP directories with caution and at your own risk. ### Mandatory: @@ -297,7 +297,7 @@ If you need to use this user manager with an existing LDAP directory and your ac `LDAP_ACCOUNT_ADDITIONAL_OBJECTCLASSES` is a comma-separated list of objectClasses to add when creating the account record. For example, `LDAP_ACCOUNT_ADDITIONAL_OBJECTCLASSES=ldappublickey,couriermailaccount`. To add extra fields for new attributes you need to pass a comma-separated string of the attributes and optionally the label for the attribute (which will be shown on the user form) and a default value to `LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES` separated by colons (`:`). -The format for configuring an attribute is: `attribute1:label1,default_value1,attribute2:label2:default_value2`. If you don't supply a label then the form field will be labelled with the attribute name. +The format for configuring an attribute is: `attribute1:label1:default_value1,attribute2:label2:default_value2`. If you don't supply a label then the form field will be labelled with the attribute name. An example (for the couriermailaccount objectClass) would be: `mailbox:Mailbox:domain.com,quota:Mail quota:20` ObjectClasses often have attributes that must have a value, so you should definitely set a default for those attributes. diff --git a/www/change_password/index.php b/www/change_password/index.php index b56568c..dd44f5c 100644 --- a/www/change_password/index.php +++ b/www/change_password/index.php @@ -9,6 +9,7 @@ set_page_access("user"); if (isset($_POST['change_password'])) { + if (!$_POST['password']) { $not_strong_enough = 1; } if ((!is_numeric($_POST['pass_score']) or $_POST['pass_score'] < 3) and $ACCEPT_WEAK_PASSWORDS != TRUE) { $not_strong_enough = 1; } if (preg_match("/\"|'/",$_POST['password'])) { $invalid_chars = 1; } if ($_POST['password'] != $_POST['password_match']) { $mismatched = 1; }