From d47273fea89327f93dcd55e48b8800ea2c2134d2 Mon Sep 17 00:00:00 2001 From: niekt0 Date: Thu, 12 Jan 2012 09:15:19 +0100 Subject: [PATCH] reset_password test --- wwwroot/backend/mysql/backend.inc | 35 +++++++++++ wwwroot/inc/eventz/reset_password.inc | 84 ++++++++++----------------- 2 files changed, 66 insertions(+), 53 deletions(-) diff --git a/wwwroot/backend/mysql/backend.inc b/wwwroot/backend/mysql/backend.inc index 971bb10..560c5b8 100644 --- a/wwwroot/backend/mysql/backend.inc +++ b/wwwroot/backend/mysql/backend.inc @@ -698,7 +698,42 @@ public static function getPoll($user_id,$poll_id) { return $array; } +// XXX + +public static function resetPassword($login_id,$login,$vercode,$password) { + global $db; + + // Security checks + $login = db_escape_string($login); + if (!is_numeric($login_id)) { return false; } + + if ($login == '') { + $error="Please enter name or id"; + return false; + } + + if ($login_id = 0) { + $set=$db->query("select * from users where login='$login'"); + } else { + $set=$db->query("select * from users where user_id='$login'"); + } + $set->next(); + $user_name=$set->getString('login'); + $user_id=$set->getString('user_id'); + $hash=$set->getString('hash'); + + if ($hash != $vercode) { + $error="Bad verification code!"; + return false; + } + + $password = sha1($password); + $q="update users set password='$password',hash='' where user_id='$user_id'"; + $db->query($q); + + return 0; } +} ?> diff --git a/wwwroot/inc/eventz/reset_password.inc b/wwwroot/inc/eventz/reset_password.inc index 9b0af65..ccea2ff 100644 --- a/wwwroot/inc/eventz/reset_password.inc +++ b/wwwroot/inc/eventz/reset_password.inc @@ -1,58 +1,36 @@ query("select * from users where login='$login'"); - $set->next(); - $user_name=$set->getString('login'); - $user_id=$set->getString('user_id'); - $hash=$set->getString('hash'); - break; - case "id": - $set=$db->query("select * from users where user_id='$login'"); - $set->next(); - $user_name=$set->getString('login'); - $user_id=$set->getString('user_id'); - $hash=$set->getString('hash'); - break; - } - - if ($hash != $vercode) { - $error="Bad verification code!"; - return false; - } - - // XXX fix - $password = md5($password1); - $q="update users set password='$password' where user_id='$user_id'"; - $db->query($q); - -// require(INCLUDE_DIR.'ldap.inc'); -// LDAPuser::change_pass_forced($user_id,$password1); - - $error="Password changed. Now you can login with your new password."; - return false; + $login = $_POST['login']; + $login_type = $_POST['login_type']; + $vercode = $_POST['vercode']; + $password1 = $_POST['new_password1']; + $password2 = $_POST['new_password2']; + + if ($login == '') { + $error="Please enter name or id"; + return false; + } + + if ($password1 == '' || $password2 == '') { + $error="Please enter password"; + return false; + } + + if ($password1 != $password2) { + $error = "The two passwords that you entered do not match."; + return false; + } + + if ($login_type = 'id') { + $login_id=$login; + $login=''; + } else { + $login_id=0; + } + $error=resetPassword($login_id,$login,$vercode,$password1); + + $error="Password changed. Now you can login with your new password."; + return 0; } ?> -- 2.30.2