#82 Forgotten password option broken

Current_Release
closed
AnimAlf
Code/Logic (49)
5
2012-09-15
2006-11-21
Anonymous
No

If you use the forgotten password option, you get the desired email, but if you follow the link in the email, you only get an error:

"Invalid Confirmation Code"

blaise@hsyst.com

Discussion

  • AnimAlf
    AnimAlf
    2006-11-22

    Logged In: YES
    user_id=1427259
    Originator: NO

    Already it is solved, but in the version 1.0 if you want change yourself the function reminder3 in login.cgi file:
    ---------------------- 8< ----------------------
    sub reminder3
    {
    if ($username eq '') { user_error($err{enter_name}, $user_data{theme}); }

    # Get user data.
    my $user_profile = file2array("$cfg{memberdir}/$username.dat", 1);
    my $real_confirm = file2scalar("$cfg{memberdir}/$username.cfm", 1);
    if ($confirm ne $real_confirm)
    {
    user_error("

    username:$username
    $confirm ne $real_confirm

    " . $err{bad_confirm_code}, $user_data{theme});
    }

    # Generate a password.
    my $password;
    rand(time ^ $$);
    my @seed = ('a' .. 'k', 'm' .. 'n', 'p' .. 'z', '2' .. '9');

    for (my $i = 0; $i < 8; $i++)
    {
    $password .= $seed[int(rand($#seed + 1))];
    }
    my $enc_password = crypt($password, substr($username, 0, 2));

    # Update user database.
    if ($username =~ /^([\w.]+)$/) { $username = $1; }
    else { user_error($err{bad_input}, $user_data{theme}); }
    sysopen(FH, "$cfg{memberdir}/$username.dat", O_WRONLY | O_TRUNC)
    or
    user_error("$err{not_writable} $cfg{memberdir}/$username.dat. ($!)",
    $user_data{theme});
    flock(FH, LOCK_EX) if $cfg{use_flock};
    #print FH "$enc_password\n";
    $user_profile->[0] = "$enc_password";
    foreach (@{$user_profile}) { print FH "$_\n"; }
    close(FH);

    # Generate info email.
    my $subject =
    $cfg{pagename} . " - " . $msg{password_forC} . $user_profile->[1];
    my $message = <<EOT;
    $inf{hi_you_or} $ENV{REMOTE_ADDR} $inf{requested_that_user} $username $inf{receive_new_pass} $inf{user_pass_are}

    $msg{usernameC} $username
    $msg{passwordC} $password

    $msg{statusC} $user_profile->[7]

    $inf{change_pass}
    EOT

    # Send the email to recipient.
    send_email($cfg{webmaster_email}, $user_profile->[2], $subject, $message);

    # Print info page.
    print_header();
    print_html($user_data{theme}, $nav{reset_pass});

    print "$inf{info_sent} $user_profile->[2]";

    print_html($user_data{theme}, $nav{reset_pass}, 1);
    }
    ---------------------- >8 ----------------------