From: <oh...@us...> - 2005-02-28 18:44:07
|
Update of /cvsroot/tikiwiki/tiki/lib In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv32092/lib Modified Files: Tag: BRANCH-1-9 userslib.php Log Message: secured 'send new/my password'. anonymous can't reset other users password anymore by using "forgot my password" feature, change from old to new password is done by clicking an emailed link now. Index: userslib.php =================================================================== RCS file: /cvsroot/tikiwiki/tiki/lib/userslib.php,v retrieving revision 1.133.2.32 retrieving revision 1.133.2.33 diff -u -d -r1.133.2.32 -r1.133.2.33 --- userslib.php 16 Feb 2005 12:33:05 -0000 1.133.2.32 +++ userslib.php 28 Feb 2005 18:43:18 -0000 1.133.2.33 @@ -1736,15 +1736,27 @@ } function renew_user_password($user) { - $pass = $this->genPass(); - //$hash = md5($user . $pass . $email); - $hash = md5($user . $pass); - // Note that tiki-generated passwords are due inmediatley - $now = date("U"); - $query = "update `users_users` set `password` = ?, `hash` = ?, - `pass_due` = ? where ".$this->convert_binary()." `login` = ?"; - $result = $this->query($query, array($pass, $hash, (int)$now, $user)); - return $pass; + $pass = $this->genPass(); + // Note that tiki-generated passwords are due inmediatley + // Note: ^ not anymore. old pw is usable until the URL in the password reminder mail is clicked + $now = date("U"); + $query = "update `users_users` set `provpass` = ? where " . $this->convert_binary() . " `login`=?"; + $result = $this->query($query, array($pass, $user)); + return $pass; + } + + function activate_password($user, $actpass) { + // move provpass to password and generate new hash, afterwards clean provpass + $query = "select `provpass` from `users_users` where " . $this->convert_binary() . " `login`=?"; + $pass = $this->getOne($query, array($user)); + if (($pass <> '') && ($actpass == md5($pass))) { + $hash = md5($user . $pass); + $now = date("U"); + $query = "update `users_users` set `password`=?, `hash`=?, `provpass`=?, `pass_due`=? where " . $this->convert_binary() . " `login`=?"; + $result = $this->query($query, array("", $hash, "", (int)$now, $user)); + return true; + } + return false; } function change_user_password($user, $pass) { |