security fix (sqli)
[mirrors/Kyberia-bloodline.git] / wwwroot / inc / eventz / reset_password.inc
CommitLineData
51ff3226 1<?php
2function reset_password() {
3 global $db,$error;
0f3e30ba 4 $login = mysql_real_escape_string($_POST['login']);
5 $login_type = mysql_real_escape_string($_POST['login_type']);
6 $vercode = mysql_real_escape_string($_POST['vercode']);
7 $password1 = mysql_real_escape_string($_POST['new_password1']);
8 $password2 = mysql_real_escape_string($_POST['new_password2']);
51ff3226 9
10 if ($login == '') {
11 $error="Please enter name or id";
12 return false;
13 }
14
15 if ($password1 == '' || $password2 == '') {
16 $error="Please enter password";
17 return false;
18 }
19
20 if ($password1 != $password2) {
21 $error = "The two passwords that you entered do not match.";
22 return false;
23 }
24
25 switch ($login_type) {
26 case "name":
27 $set=$db->query("select * from users where login='$login'");
28 $set->next();
29 $user_name=$set->getString('login');
30 $user_id=$set->getString('user_id');
31 $hash=$set->getString('hash');
32 break;
33 case "id":
34 $set=$db->query("select * from users where user_id='$login'");
35 $set->next();
36 $user_name=$set->getString('login');
37 $user_id=$set->getString('user_id');
38 $hash=$set->getString('hash');
39 break;
40 }
41
42 if ($hash != $vercode) {
43 $error="Bad verification code!";
44 return false;
45 }
46
0f3e30ba 47 // XXX fix
51ff3226 48 $password = md5($password1);
49 $q="update users set password='$password' where user_id='$user_id'";
50 $db->query($q);
51
0f3e30ba 52// require(INCLUDE_DIR.'ldap.inc');
53// LDAPuser::change_pass_forced($user_id,$password1);
51ff3226 54
55 $error="Password changed. Now you can login with your new password.";
56 return false;
57}
e909f81b 58?>
This page took 0.235158 seconds and 4 git commands to generate.