diff options
Diffstat (limited to 'inc/auth.php')
| -rw-r--r-- | inc/auth.php | 57 |
1 files changed, 42 insertions, 15 deletions
diff --git a/inc/auth.php b/inc/auth.php index 941dcb8d6..59ef1cb54 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -422,7 +422,7 @@ function auth_isadmin($user=null,$groups=null){ * @param $memberlist string commaseparated list of allowed users and groups * @param $user string user to match against * @param $groups array groups the user is member of - * @returns bool true for membership acknowledged + * @return bool true for membership acknowledged */ function auth_isMember($memberlist,$user,array $groups){ global $auth; @@ -677,7 +677,7 @@ function auth_sendPassword($user,$password){ if(empty($conf['mailprefix'])) { $subject = $lang['regpwmail']; - } else { + } else { $subject = '['.$conf['mailprefix'].'] '.$lang['regpwmail']; } @@ -860,32 +860,59 @@ function act_resendpwd(){ $token = preg_replace('/[^a-f0-9]+/','',$_REQUEST['pwauth']); if($token){ - // we're in token phase + // we're in token phase - get user info from token $tfile = $conf['cachedir'].'/'.$token{0}.'/'.$token.'.pwauth'; if(!@file_exists($tfile)){ msg($lang['resendpwdbadauth'],-1); + unset($_REQUEST['pwauth']); + return false; + } + // token is only valid for 3 days + if( (time() - filemtime($tfile)) > (3*60*60*24) ){ + msg($lang['resendpwdbadauth'],-1); + unset($_REQUEST['pwauth']); + @unlink($tfile); return false; } + $user = io_readfile($tfile); - @unlink($tfile); $userinfo = $auth->getUserData($user); if(!$userinfo['mail']) { msg($lang['resendpwdnouser'], -1); return false; } - $pass = auth_pwgen(); - if (!$auth->triggerUserMod('modify', array($user,array('pass' => $pass)))) { - msg('error modifying user data',-1); - return false; - } + if(!$conf['autopasswd']){ // we let the user choose a password + // password given correctly? + if(!isset($_REQUEST['pass']) || $_REQUEST['pass'] == '') return false; + if($_REQUEST['pass'] != $_REQUEST['passchk']){ + msg($lang['regbadpass'],-1); + return false; + } + $pass = $_REQUEST['pass']; - if (auth_sendPassword($user,$pass)) { - msg($lang['resendpwdsuccess'],1); - } else { - msg($lang['regmailfail'],-1); + if (!$auth->triggerUserMod('modify', array($user,array('pass' => $pass)))) { + msg('error modifying user data',-1); + return false; + } + + }else{ // autogenerate the password and send by mail + + $pass = auth_pwgen(); + if (!$auth->triggerUserMod('modify', array($user,array('pass' => $pass)))) { + msg('error modifying user data',-1); + return false; + } + + if (auth_sendPassword($user,$pass)) { + msg($lang['resendpwdsuccess'],1); + } else { + msg($lang['regmailfail'],-1); + } } + + @unlink($tfile); return true; } else { @@ -922,10 +949,10 @@ function act_resendpwd(){ if(empty($conf['mailprefix'])) { $subject = $lang['regpwmail']; - } else { + } else { $subject = '['.$conf['mailprefix'].'] '.$lang['regpwmail']; } - + if(mail_send($userinfo['name'].' <'.$userinfo['mail'].'>', $subject, $text, |