From 935e7a8600c3fc11909592968d876118466cf6fd Mon Sep 17 00:00:00 2001
From: Abhishek Pai <abpai94@gmail.com>
Date: Mon, 16 Sep 2024 14:59:35 +0200
Subject: [PATCH] Resolving comments: - password history check disable by
 default. - added french translation. - readable variable names.

---
 conf/config.inc.php      |  2 +-
 htdocs/checkpassword.php | 10 +++++-----
 lang/fr.inc.php          |  1 +
 3 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/conf/config.inc.php b/conf/config.inc.php
index a8b7d9f..7a13c91 100644
--- a/conf/config.inc.php
+++ b/conf/config.inc.php
@@ -100,7 +100,7 @@
 
 # Features
 $use_checkpassword = true;
-$use_checkpasswordhistory = true;
+$use_checkpasswordhistory = false;
 $use_resetpassword = true;
 $use_resetpassword_resetchoice = true;
 $resetpassword_reset_default = true;
diff --git a/htdocs/checkpassword.php b/htdocs/checkpassword.php
index e472dd4..d53cf71 100644
--- a/htdocs/checkpassword.php
+++ b/htdocs/checkpassword.php
@@ -31,11 +31,11 @@
     $result = $ldap_connection[1];
 
     if ($use_checkpasswordhistory) {
-        $hashed_password_history = $ldapInstance->get_attribute_values($dn, "pwdHistory");
-        foreach ($hashed_password_history as $hashed_password) {
-            preg_match("/(?<={).*(?=})/", $hashed_password, $algorithm);
-            preg_match("/{(?<={).*/", $hashed_password, $password_hash);
-            if (\Ltb\Password::check_password($password, $password_hash[0], $algorithm[0])) {
+        $password_history = $ldapInstance->get_attribute_values($dn, "pwdHistory");
+        foreach ($password_history as $previous_password) {
+            preg_match("/(?<={).*(?=})/", $previous_password, $algorithm);
+            preg_match("/{(?<={).*/", $previous_password, $hash);
+            if (\Ltb\Password::check_password($password, $hash[0], $algorithm[0])) {
                 $result = "passwordinhistory";
             }
         }
diff --git a/lang/fr.inc.php b/lang/fr.inc.php
index a46a7df..19c9cfa 100644
--- a/lang/fr.inc.php
+++ b/lang/fr.inc.php
@@ -80,6 +80,7 @@
 $messages['passwordinvalid'] = "Authentification en échec";
 $messages['passwordok'] = "Authentification réussie !";
 $messages['passwordrefused'] = "Le mot de passe a été refusé";
+$messages['passwordinhistory'] = "Mot de passe déjà dans l'histoire";
 $messages['passwordrequired'] = "Merci de saisir le mot de passe";
 $messages['resetpassword'] = "Réinitialisation du mot de passe";
 $messages['search'] = "Rechercher";