From: niekt0 <niekt0@kyberia.cz>
Date: Thu, 12 Jan 2012 08:15:19 +0000 (+0100)
Subject: reset_password test
X-Git-Url: https://git.harvie.cz/?p=mirrors%2FKyberia-bloodline.git;a=commitdiff_plain;h=d47273fea89327f93dcd55e48b8800ea2c2134d2

reset_password test
---

diff --git a/wwwroot/backend/mysql/backend.inc b/wwwroot/backend/mysql/backend.inc
index 971bb10..560c5b8 100644
--- a/wwwroot/backend/mysql/backend.inc
+++ b/wwwroot/backend/mysql/backend.inc
@@ -698,7 +698,42 @@ public static function getPoll($user_id,$poll_id) {
 	return $array;
 }
 
+// XXX
+
+public static function resetPassword($login_id,$login,$vercode,$password) {
+	global $db;
+
+	// Security checks
+	$login = db_escape_string($login);
+	if (!is_numeric($login_id)) { return false; } 
+
+	if ($login == '') {
+		$error="Please enter name or id";
+		return false;
+	}
+
+	if ($login_id = 0) {
+		$set=$db->query("select * from users where login='$login'");
+	} else {
+		$set=$db->query("select * from users where user_id='$login'");
+	}
 
+	$set->next();
+	$user_name=$set->getString('login');
+	$user_id=$set->getString('user_id');
+	$hash=$set->getString('hash');	
+
+	if ($hash != $vercode) {
+		$error="Bad verification code!";
+		return false;
+	}
+
+	$password = sha1($password);
+	$q="update users set password='$password',hash='' where user_id='$user_id'";
+	$db->query($q);
+
+	return 0;
 }
 
+}
 ?>
diff --git a/wwwroot/inc/eventz/reset_password.inc b/wwwroot/inc/eventz/reset_password.inc
index 9b0af65..ccea2ff 100644
--- a/wwwroot/inc/eventz/reset_password.inc
+++ b/wwwroot/inc/eventz/reset_password.inc
@@ -1,58 +1,36 @@
 <?php
 function reset_password() {
     global $db,$error;
-    $login = db_escape_string($_POST['login']);
-    $login_type = db_escape_string($_POST['login_type']);
-    $vercode = db_escape_string($_POST['vercode']);
-    $password1 = db_escape_string($_POST['new_password1']);
-    $password2 = db_escape_string($_POST['new_password2']);
-
-    if ($login == '') {
-        $error="Please enter name or id";
-        return false;
-    }
-
-    if ($password1 == '' || $password2 == '') {
-        $error="Please enter password";
-        return false;
-    }
-
-    if ($password1 != $password2) {
-        $error = "The two passwords that you entered do not match.";
-        return false;
-    }
-
-    switch ($login_type) {
-        case "name":
-            $set=$db->query("select * from users where login='$login'");
-            $set->next();
-            $user_name=$set->getString('login');
-            $user_id=$set->getString('user_id');
-            $hash=$set->getString('hash');
-        break;
-        case "id":
-            $set=$db->query("select * from users where user_id='$login'");
-            $set->next();
-            $user_name=$set->getString('login');
-            $user_id=$set->getString('user_id');
-            $hash=$set->getString('hash');
-        break;
-    }
-
-    if ($hash != $vercode) {
-        $error="Bad verification code!";
-        return false;
-    }
-
-    // XXX fix
-    $password = md5($password1);
-    $q="update users set password='$password' where user_id='$user_id'";
-    $db->query($q);
-
-//    require(INCLUDE_DIR.'ldap.inc');
-//    LDAPuser::change_pass_forced($user_id,$password1);
-
-    $error="Password changed. Now you can login with your new password.";
-    return false;
+    $login = $_POST['login'];
+    $login_type = $_POST['login_type'];
+    $vercode = $_POST['vercode'];
+    $password1 = $_POST['new_password1'];
+    $password2 = $_POST['new_password2'];
+
+	if ($login == '') {
+		$error="Please enter name or id";
+		return false;
+	}
+
+	if ($password1 == '' || $password2 == '') {
+		$error="Please enter password";
+		return false;
+	}
+
+	if ($password1 != $password2) {
+		$error = "The two passwords that you entered do not match.";
+		return false;
+	}
+
+	if ($login_type = 'id') {
+		$login_id=$login;
+		$login='';
+	} else {
+		$login_id=0;
+	}
+	$error=resetPassword($login_id,$login,$vercode,$password1);
+	
+	$error="Password changed. Now you can login with your new password.";
+	return 0;
 }
 ?>