diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2012-03-10 15:47:05 +0100 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2012-03-10 15:47:05 +0100 |
| commit | 50fbf1b6522a235e93ba72c50d0f54e09506604a (patch) | |
| tree | 37c31125df63879026f02df9db8a92d14061a629 /inc/auth.php | |
| parent | 7980e1acf1a671646747e5b924f2c8e208280a2e (diff) | |
| parent | 8a9735e34dc99c24355e0aee74a3cd49aa3b1492 (diff) | |
| download | rpg-50fbf1b6522a235e93ba72c50d0f54e09506604a.tar.gz rpg-50fbf1b6522a235e93ba72c50d0f54e09506604a.tar.bz2 | |
Merge branch 'resetpassword'
No longer autogenerate passwords for password reset when
$conf['autopasswd'] is disabled. Instead allow to change the password
online.
* resetpassword:
added a timelimit for password reset tokens
removed commented line
use correct lang string for password mismatch
removed outdated language string. it has to be retranslated
German translation for password reset
honor autopasswd setting for resend password
Conflicts:
inc/lang/no/lang.php
inc/lang/sl/lang.php
Diffstat (limited to 'inc/auth.php')
| -rw-r--r-- | inc/auth.php | 50 |
1 files changed, 39 insertions, 11 deletions
diff --git a/inc/auth.php b/inc/auth.php index 941dcb8d6..78d98a99e 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -860,32 +860,60 @@ function act_resendpwd(){ $token = preg_replace('/[^a-f0-9]+/','',$_REQUEST['pwauth']); if($token){ - // we're in token phase + // we're in token phase - get user info from token $tfile = $conf['cachedir'].'/'.$token{0}.'/'.$token.'.pwauth'; if(!@file_exists($tfile)){ msg($lang['resendpwdbadauth'],-1); + unset($_REQUEST['pwauth']); return false; } + // token is only valid for 3 days + if( (time() - filemtime($tfile)) > (3*60*60*24) ){ + msg($lang['resendpwdbadauth'],-1); + unset($_REQUEST['pwauth']); + @unlink($tfile); + return false; + } + $user = io_readfile($tfile); - @unlink($tfile); $userinfo = $auth->getUserData($user); if(!$userinfo['mail']) { msg($lang['resendpwdnouser'], -1); return false; } - $pass = auth_pwgen(); - if (!$auth->triggerUserMod('modify', array($user,array('pass' => $pass)))) { - msg('error modifying user data',-1); - return false; - } - if (auth_sendPassword($user,$pass)) { - msg($lang['resendpwdsuccess'],1); - } else { - msg($lang['regmailfail'],-1); + if(!$conf['autopasswd']){ // we let the user choose a password + // password given correctly? + if(!isset($_REQUEST['pass']) || $_REQUEST['pass'] == '') return false; + if($_REQUEST['pass'] != $_REQUEST['passchk']){ + msg($lang['regbadpass'],-1); + return false; + } + $pass = $_REQUEST['pass']; + + if (!$auth->triggerUserMod('modify', array($user,array('pass' => $pass)))) { + msg('error modifying user data',-1); + return false; + } + + }else{ // autogenerate the password and send by mail + + $pass = auth_pwgen(); + if (!$auth->triggerUserMod('modify', array($user,array('pass' => $pass)))) { + msg('error modifying user data',-1); + return false; + } + + if (auth_sendPassword($user,$pass)) { + msg($lang['resendpwdsuccess'],1); + } else { + msg($lang['regmailfail'],-1); + } } + + @unlink($tfile); return true; } else { |