Show hint if password is empty during login

A user might have an empty password due to two reasons:

* The user just created an account and needs to set an initial password.
* The password has been reset by the administrator.

In both cases, the user might be confused as to why the login does not
work. Add a message that helps users debug the issue in both cases.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

1 files changed, 31 insertions, 2 deletions

diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
index aa4c70b9..28f9f937 100644
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@@ -486,8 +486,16 @@ function try_login() {
 			else {
 				$login_error = "Error trying to generate session id.";
 			}
-		}
-		else {
+		} elseif (passwd_is_empty($userID)) {
+			$login_error = __('Your password has been reset. ' .
+				'If you just created a new account, please ' .
+				'use the link from the confirmation email ' .
+				'to set an initial password. Otherwise, ' .
+				'please request a reset key on the %s' .
+				'Password Reset%s page.', '<a href="' .
+				htmlspecialchars(get_uri('/passreset')) . '">',
+				'</a>');
+		} else {
 			$login_error = __("Bad username or password.");
 		}
 	}
@@ -746,6 +754,27 @@ function valid_passwd($userID, $passwd) {
 }
 
 /**
+ * Determine if a user's password is empty
+ *
+ * @param string $uid The user ID to check for an empty password
+ *
+ * @return bool True if the user's password is empty, otherwise false
+ */
+function passwd_is_empty($uid) {
+	$dbh = DB::connect();
+
+	$q = "SELECT * FROM Users WHERE ID = " . $dbh->quote($uid) . " ";
+	$q .= "AND Passwd = " . $dbh->quote('');
+	$result = $dbh->query($q);
+
+	if ($result->fetchColumn()) {
+		return true;
+	} else {
+		return false;
+	}
+}
+
+/**
  * Determine if the PGP key fingerprint is valid (must be 40 hexadecimal digits)
  *
  * @param string $fingerprint PGP fingerprint to check if valid