Thread: [Phpslash-commit] CVS: phpslash-ft/class Author.class,1.40,1.41
Brought to you by:
joestewart,
nhruby
Menu
▾
▴
phpslash-commit
|
From: Joe S. <joe...@us...> - 2003-02-25 15:04:23
|
Update of /cvsroot/phpslash/phpslash-ft/class
In directory sc8-pr-cvs1:/tmp/cvs-serv13468/phpslash-ft/class
Modified Files:
Author.class
Log Message:
change profile and lost password fixes
Index: Author.class
===================================================================
RCS file: /cvsroot/phpslash/phpslash-ft/class/Author.class,v
retrieving revision 1.40
retrieving revision 1.41
diff -C2 -d -r1.40 -r1.41
*** Author.class 12 Feb 2003 22:33:44 -0000 1.40
--- Author.class 25 Feb 2003 15:04:13 -0000 1.41
***************
*** 844,848 ****
function lostpw($ary = "") {
! global $REMOTE_ADDR;
$this->author_templ->set_file(array(
--- 844,848 ----
function lostpw($ary = "") {
! global $challenge;
$this->author_templ->set_file(array(
***************
*** 872,885 ****
if ($this->db->next_record()) {
$cookie_challenge = md5($this->auth->magic .":". $this->psl['basedir']);
! $md5_pw = $this->db->Record['password']; // this is the raw MD5ed user/pass combo
! $cookie_response = md5("$md5_pw:$cookie_challenge");
! // replace the challenge with the date
! $cookie_challenge = date("Ymd");
! $cookie_ary[] = $cookie_response;
! $cookie_ary[] = $this->db->Record['author_name'];
! $cookie_ary[] = $cookie_challenge;
$confirm_hash=serialize($cookie_ary);
$confirm_hash=base64_encode($confirm_hash);
$confirm_hash=urlencode($confirm_hash);
if(!is_valid_email($this->db->Record['email'])) {
--- 872,904 ----
if ($this->db->next_record()) {
+ // This is a site unique challenge word
$cookie_challenge = md5($this->auth->magic .":". $this->psl['basedir']);
!
! // this is the raw MD5ed user/pass combo
! $md5_pw = $this->db->Record['password'];
!
! // create the correct reponse
! $cookie_response = md5("$md5_pw:$cookie_challenge");
!
! // create a unique challenge
! $cookie_challenge2 = md5(uniqid($this->psl['magic']));
!
! // setup and save the confirmation check to the user's record
! $cookie_ary['response'] = $cookie_response;
! $cookie_ary['name'] = $this->db->Record['author_name'];
! $cookie_ary['challenge'] = $cookie_challenge2;
$confirm_hash=serialize($cookie_ary);
$confirm_hash=base64_encode($confirm_hash);
+ if(!$this->setConfirm($this->db->Record['author_name'],$confirm_hash)) {
+ $this->message .= "Username not found";
+ return false;
+ }
+
+ // setup and email the confirmation string
+ $cookie_ary = '';
+ $cookie_ary['challenge'] = $cookie_challenge2;
+ $cookie_ary['name'] = $this->db->Record['author_name'];
+ $confirm_hash=serialize($cookie_ary);
+ $confirm_hash=base64_encode($confirm_hash);
$confirm_hash=urlencode($confirm_hash);
if(!is_valid_email($this->db->Record['email'])) {
***************
*** 891,896 ****
$mail_ary['mail_to_address'] = $this->db->Record['email'];
$mail_ary['vars']['confirm'] = $confirm_hash;
! $mail_ary['vars']['remote_addr'] = $REMOTE_ADDR;
!
if(emailNotify($mail_ary)) {
$this->message .= "Email Confirmation sent";
--- 910,914 ----
$mail_ary['mail_to_address'] = $this->db->Record['email'];
$mail_ary['vars']['confirm'] = $confirm_hash;
! $mail_ary['vars']['remote_addr'] = $_SERVER['REMOTE_ADDR'];
if(emailNotify($mail_ary)) {
$this->message .= "Email Confirmation sent";
***************
*** 906,909 ****
--- 924,1031 ----
+ /**
+ * setConfirm - set confirm string assigned to name
+ *
+ * when given a name, setConfirm sets the confirmation string
+ *
+ * @param string name
+ * @access public
+ * return true or false
+ */
+
+ function setConfirm($name, $confirm) {
+ // debug("setConfirm::name", $name);
+ // debug("setConfirm::confirm", $confirm);
+ if (!$name) {
+ // debug("setConfirm", "no name");
+ $success = false;
+ } else {
+ $q = "UPDATE psl_author
+ SET perms = '$confirm'
+ WHERE author_name = '$name' ";
+ $this->db->query($q);
+ $success = true;
+ }
+ return $success;
+ }
+
+ /**
+ * getConfirm - get confirm string assigned to name
+ *
+ * when given a name, getConfirm gets the confirmation string
+ *
+ * @param string name
+ * @access public
+ * return string
+ */
+
+ function getConfirm($name) {
+ // debug("getConfirm::name", $name);
+ if (!$name) {
+ // debug("getConfirm", "no name");
+ $success = false;
+ } else {
+ $q = "SELECT perms
+ FROM psl_author
+ WHERE author_name = '$name' ";
+ $this->db->query($q);
+ $this->db->next_record();
+ $success = $this->db->f("perms");
+ }
+ return $success;
+ }
+
+
+ /**
+ * confirmAuthor - attempts to confirm a lost password confirmation string
+ *
+ * when given a confirm string, returns false if not confirmed
+ * and true upon success.
+ *
+ * If successful, HTTP_COOKIE_VARS are set with the correct variables for
+ * logging in automatically.
+ *
+ * @param string confirm
+ * @access public
+ * return boolean
+ */
+
+ function confirmAuthor($confirm) {
+ global $HTTP_COOKIE_VARS;
+
+ if ( $confirm) {
+ // explode the confirmation string into an array
+ $confirm_hash = base64_decode($confirm);
+ $confirm_hash = unserialize($confirm_hash);
+
+ // explode the saved array
+ $saved_confirm = $this->getConfirm($confirm_hash['name']);
+ $saved_confirm = base64_decode($saved_confirm);
+ $saved_confirm = unserialize($saved_confirm);
+
+ // if the unique challenge word matches, continue.
+ if($confirm_hash['challenge'] == $saved_confirm['challenge']) {
+
+ // reset the confirmation string - one time use only.
+ $this->setConfirm($saved_confirm['name'], '');
+
+ // setup the cookie variables
+ $confirm_hash = '';
+ $confirm_hash[0] = $saved_confirm['response'];
+ $confirm_hash[1] = $saved_confirm['name'];
+ $confirm_hash[2] = md5($auth->magic .":". $this->psl['basedir']);
+ $HTTP_COOKIE_VARS['user_info'] = base64_encode(serialize($confirm_hash));
+ // login should be successful
+ return true;
+ } else {
+ // confirmation challenge word did not match
+ return false;
+ }
+ } else {
+ // missing confirmation string
+ return false;
+ }
+ }
+
} /* end of Author.class */
?>
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X