mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-07-31 20:00:37 +02:00
Code Issues Releases Wiki Activity

Bugtracker #4490 - show username (login name) rather than display name after password reset

Browse Source
This commit is contained in:
e107steved
2008-08-29 21:16:39 +00:00
parent 8bd45a70c4
commit dde28db6ac
1 changed files with 35 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
fpw.php
View File

@@ -11,8 +11,8 @@
| GNU General Public License (http://gnu.org). | GNU General Public License (http://gnu.org).
| |
| $Source: /cvs_backup/e107_0.8/fpw.php,v $ | $Source: /cvs_backup/e107_0.8/fpw.php,v $
| $Revision: 1.6 $ | $Revision: 1.7 $
| $Date: 2008-06-13 20:20:20 $ | $Date: 2008-08-29 21:16:39 $
| $Author: e107steved $ | $Author: e107steved $
+----------------------------------------------------------------------------+ +----------------------------------------------------------------------------+
*/ */
@@ -39,10 +39,14 @@ else
if ($pref['membersonly_enabled']) if ($pref['membersonly_enabled'])
{ {
if (!$FPW_TABLE_HEADER) { if (!$FPW_TABLE_HEADER)
if (file_exists(THEME."fpw_template.php")) { {
if (file_exists(THEME."fpw_template.php"))
{
require_once(THEME."fpw_template.php"); require_once(THEME."fpw_template.php");
} else { }
else
{
require_once(e_BASE.$THEMES_DIRECTORY."templates/fpw_template.php"); require_once(e_BASE.$THEMES_DIRECTORY."templates/fpw_template.php");
} }
} }
@@ -69,21 +73,22 @@ $fpw_sep = "#";
if (e_QUERY) if (e_QUERY)
{ // User has clicked on link to reset password { // User has clicked on the emailed link
define("FPW_ACTIVE","TRUE"); define("FPW_ACTIVE","TRUE");
$tmp = explode($fpw_sep, e_QUERY); $tmp = explode($fpw_sep, e_QUERY);
$tmpinfo = preg_replace("#[\W_]#", "", $tp -> toDB($tmp[0], true)); $tmpinfo = preg_replace("#[\W_]#", "", $tp -> toDB($tmp[0], true));
if ($sql->db_Select("tmp", "*", "tmp_info LIKE '%{$fpw_sep}{$tmpinfo}' ")) if ($sql->db_Select("tmp", "*", "`tmp_info` LIKE '%{$fpw_sep}{$tmpinfo}' "))
{ {
$row = $sql->db_Fetch(); $row = $sql->db_Fetch();
extract($row); extract($row);
$sql->db_Delete("tmp", "tmp_info LIKE '%{$fpw_sep}{$tmpinfo}' "); $sql->db_Delete("tmp", "`tmp_info` LIKE '%{$fpw_sep}{$tmpinfo}' ");
$newpw = ""; $newpw = "";
$pwlen = rand(8, 12); $pwlen = rand(8, 12);
for($a = 0; $a <= $pwlen; $a++) { for($a = 0; $a <= $pwlen; $a++)
{
$newpw .= chr(rand(97, 122)); $newpw .= chr(rand(97, 122));
} }
list($username, $md5) = explode($fpw_sep, $tmp_info); list($loginName, $md5) = explode($fpw_sep, $tmp_info);
// $mdnewpw = md5($newpw); // $mdnewpw = md5($newpw);
$mdnewpw = $user_info->HashPassword($newpw,$username); $mdnewpw = $user_info->HashPassword($newpw,$username);
@@ -94,13 +99,14 @@ if (e_QUERY)
$do_log['user_password'] = $mdnewpw; $do_log['user_password'] = $mdnewpw;
$admin_log->user_audit(USER_AUDIT_PW_RES,$do_log,0,$do_log['user_name']); $admin_log->user_audit(USER_AUDIT_PW_RES,$do_log,0,$do_log['user_name']);
$sql->db_Update("user", "user_password='{$mdnewpw}', user_viewed='' WHERE user_loginname='".$tp -> toDB($username, true)."' "); $sql->db_Update("user", "`user_password`='{$mdnewpw}', `user_viewed`='' WHERE `user_loginname`='".$tp -> toDB($loginName, true)."' ");
cookie($pref['cookie_name'], "", (time()-2592000)); cookie($pref['cookie_name'], "", (time()-2592000));
$_SESSION[$pref['cookie_name']] = ""; $_SESSION[$pref['cookie_name']] = "";
$txt = "<div>".LAN_FPW8."<br /><br /> $txt = "<div>".LAN_FPW8."<br /><br />
<table style='width:70%'> <table style='width:70%'>
<tr><td>".LAN_218."</td><td style='font-weight:bold'>{$username}</td></tr> <tr><td>".LAN_218."</td><td style='font-weight:bold'>{$loginName}</td></tr>
<tr><td>".LAN_FPW9."</td><td style='font-weight:bold'>{$newpw}</td></tr> <tr><td>".LAN_FPW9."</td><td style='font-weight:bold'>{$newpw}</td></tr>
</table> </table>
<br /><br />".LAN_FPW10." <a href='".e_LOGIN."'>".LAN_FPW11."</a> ".LAN_FPW12."</div>"; <br /><br />".LAN_FPW10." <a href='".e_LOGIN."'>".LAN_FPW11."</a> ".LAN_FPW12."</div>";
@@ -117,36 +123,37 @@ if (e_QUERY)
// Request to reset password // Request to reset password
//-------------------------- //--------------------------
if (isset($_POST['pwsubmit'])) if (isset($_POST['pwsubmit']))
{ { // Request for password reset submitted
require_once(e_HANDLER."mail.php"); require_once(e_HANDLER."mail.php");
$email = $_POST['email']; $email = $_POST['email'];
if ($pref['fpwcode'] && extension_loaded("gd")) if ($pref['fpwcode'] && extension_loaded("gd"))
{ {
if (!$sec_img->verify_code($_POST['rand_num'], $_POST['code_verify'])) { if (!$sec_img->verify_code($_POST['rand_num'], $_POST['code_verify']))
{
fpw_error(LAN_FPW3); fpw_error(LAN_FPW3);
} }
} }
$clean_email = check_email($tp -> toDB($_POST['email'])); $clean_email = check_email($tp -> toDB($_POST['email']));
$clean_username = $tp -> toDB($_POST['username']); $clean_username = $tp -> toDB($_POST['username']);
$query = "user_email='{$clean_email}' "; $query = "`user_email`='{$clean_email}' ";
// Allow admins to remove 'username' from fpw_template.php if they wish. // Allow admins to remove 'username' from fpw_template.php if they wish.
$query .= (isset($_POST['username'])) ? " AND user_loginname='{$clean_username}'" : ""; $query .= (isset($_POST['username'])) ? " AND `user_loginname`='{$clean_username}'" : "";
if ($sql->db_Select("user", "*", $query)) if ($sql->db_Select("user", "*", $query))
{ { // Found user in DB
$row = $sql->db_Fetch(); $row = $sql->db_Fetch();
extract($row); extract($row);
if ($user_admin == 1 && $user_perms == "0") if ($row['user_admin'] == 1 && $row['user_perms'] == "0")
{ // Main admin expected to be competent enough to never forget password! (And its a security check - so warn them) { // Main admin expected to be competent enough to never forget password! (And its a security check - so warn them)
sendemail($pref['siteadminemail'], LAN_06, LAN_07."".$e107->getip()." ".LAN_08); sendemail($pref['siteadminemail'], LAN_06, LAN_07."".$e107->getip()." ".LAN_08);
echo "<script type='text/javascript'>document.location.href='index.php'</script>\n"; echo "<script type='text/javascript'>document.location.href='index.php'</script>\n";
die(); die();
} }
if ($sql->db_Select("tmp", "*", "tmp_ip = 'pwreset' AND tmp_info LIKE '{$user_name}{$fpw_sep}%'")) if ($result = $sql->db_Select("tmp", "*", "`tmp_ip` = 'pwreset' AND `tmp_info` LIKE '{$row['user_loginname']}{$fpw_sep}%'"))
{ {
fpw_error(LAN_FPW4); fpw_error(LAN_FPW4);
exit; exit;
@@ -196,18 +203,22 @@ if (isset($_POST['pwsubmit']))
} }
if (USE_IMAGECODE) { if (USE_IMAGECODE)
{
$FPW_TABLE_SECIMG_LAN = LAN_FPW2; $FPW_TABLE_SECIMG_LAN = LAN_FPW2;
$FPW_TABLE_SECIMG_HIDDEN = "<input type='hidden' name='rand_num' value='".$sec_img->random_number."' />"; $FPW_TABLE_SECIMG_HIDDEN = "<input type='hidden' name='rand_num' value='".$sec_img->random_number."' />";
$FPW_TABLE_SECIMG_SECIMG = $sec_img->r_image(); $FPW_TABLE_SECIMG_SECIMG = $sec_img->r_image();
$FPW_TABLE_SECIMG_TEXTBOC = "<input class='tbox' type='text' name='code_verify' size='15' maxlength='20' />"; $FPW_TABLE_SECIMG_TEXTBOC = "<input class='tbox' type='text' name='code_verify' size='15' maxlength='20' />";
} }
if (!$FPW_TABLE) { if (!$FPW_TABLE)
if (file_exists(THEME."fpw_template.php")) { {
if (file_exists(THEME."fpw_template.php"))
{
require_once(THEME."fpw_template.php"); require_once(THEME."fpw_template.php");
} else { }
else
{
require_once(e_BASE.$THEMES_DIRECTORY."templates/fpw_template.php"); require_once(e_BASE.$THEMES_DIRECTORY."templates/fpw_template.php");
} }
} }