forked from science-ation/science-ation
- Move all the password handling code into one function (not duplicated/spread
over 3 files) - Fix a bug to always save the old password (unless it was a reset password) - Fix a bug to save the old password even when the user sets a new one
This commit is contained in:
dave
parent
5ed0135442
commit
a9318b6303
40
user.inc.php
40
user.inc.php
@ -174,6 +174,36 @@ function user_load($user, $load_full=false)
|
||||
return $ret;
|
||||
}
|
||||
|
||||
function user_set_password($id, $password = NULL)
|
||||
{
|
||||
/* pass $u by reference so we can update it */
|
||||
$save_old = false;
|
||||
if($password == NULL) {
|
||||
$q = mysql_query("SELECT passwordset FROM users WHERE id='$id'");
|
||||
$u = mysql_fetch_assoc($q);
|
||||
/* Generate a new password */
|
||||
$password = generatePassword(12);
|
||||
/* save the old password only if it's not an auto-generated one */
|
||||
if($u['passwordset'] != '0000-00-00') $save_old = true;
|
||||
/* Expire the password */
|
||||
$save_set = "'0000-00-00'";
|
||||
} else {
|
||||
/* Set the password, no expiry, save the old */
|
||||
$save_old = true;
|
||||
$save_set = 'NOW()';
|
||||
}
|
||||
|
||||
$p = mysql_escape_string($password);
|
||||
$set = ($save_old == true) ? 'oldpassword=password, ' : '';
|
||||
$set .= "password='$p', passwordset=$save_set ";
|
||||
|
||||
$query = "UPDATE users SET $set WHERE id='$id'";
|
||||
mysql_query($query);
|
||||
echo mysql_error();
|
||||
|
||||
return $password;
|
||||
}
|
||||
|
||||
|
||||
function user_save_volunteer($u)
|
||||
{
|
||||
@ -216,7 +246,7 @@ function user_save_fair($u)
|
||||
|
||||
function user_save($u)
|
||||
{
|
||||
$fields = array('firstname','lastname','username','password',
|
||||
$fields = array('firstname','lastname','username',
|
||||
'email',
|
||||
'phonehome','phonework','phonecell','fax','organization',
|
||||
'address','address2','city','province','postalcode','sex',
|
||||
@ -233,7 +263,6 @@ function user_save($u)
|
||||
|
||||
$data = mysql_escape_string(stripslashes($u[$f]));
|
||||
$set .= "$f='$data'";
|
||||
if($f=="password") $set.=",passwordset=NOW()";
|
||||
}
|
||||
//echo "<pre>";
|
||||
//print_r($u);
|
||||
@ -245,14 +274,16 @@ function user_save($u)
|
||||
echo mysql_error();
|
||||
}
|
||||
|
||||
/* Save the password if it changed */
|
||||
if($u['password'] != $u['orig']['password'])
|
||||
user_set_password($u['id'], $u['password']);
|
||||
|
||||
/* If this was a full load, do a full save */
|
||||
if($u['load_full'] == true) {
|
||||
foreach($u['types'] as $t) {
|
||||
call_user_func("user_save_$t", $u);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
@ -341,6 +372,7 @@ function user_create($type, $u = NULL)
|
||||
mysql_query("INSERT INTO users (`types`,`passwordset`,`created`)
|
||||
VALUES ('$type', '0000-00-00', NOW())");
|
||||
$uid = mysql_insert_id();
|
||||
user_set_password($uid, NULL);
|
||||
} else {
|
||||
/* The user has been specified and already exists,
|
||||
* just add a role */
|
||||
|
||||
@ -295,14 +295,8 @@
|
||||
exit;
|
||||
}
|
||||
|
||||
$password = generatePassword(12);
|
||||
|
||||
/* Save their old password so it can be recovered if someone is just trying
|
||||
* to reset someones password */
|
||||
mysql_query("UPDATE users SET oldpassword=password WHERE id={$r->id}");
|
||||
|
||||
/* Set the new password, and force it to expire */
|
||||
mysql_query("UPDATE users SET password='$password',passwordset='0000-00-00' WHERE id={$r->id}");
|
||||
/* Reset the password, and force it to expire */
|
||||
$password = user_set_password($r->id, NULL);
|
||||
|
||||
/* volunteer_recover_password, judge_recover_password, student_recover_password,
|
||||
committee_recover_password */
|
||||
|
||||
@ -175,22 +175,19 @@
|
||||
/* If we havne't encountered a break; or an exit; yet, then go ahead
|
||||
* and create the account */
|
||||
|
||||
/* Generate a password */
|
||||
$password = generatePassword(12);
|
||||
|
||||
/* Add the user */
|
||||
/* Add the user, user_create sets a random/expired password,
|
||||
* so we'll just use that */
|
||||
$u = user_create($type);
|
||||
$u['firstname'] = $data_fn;
|
||||
$u['lastname'] = $data_ln;
|
||||
$u['username'] = $data_email;
|
||||
$u['password'] = $password;
|
||||
$u['email'] = $data_email;
|
||||
user_save($u);
|
||||
|
||||
/* Send the email */
|
||||
email_send($welcome_email, $data_email,
|
||||
array("FAIRNAME"=>i18n($config['fairname'])),
|
||||
array("PASSWORD"=>$password,
|
||||
array("PASSWORD"=>$u['password'],
|
||||
"EMAIL"=>$data_email)
|
||||
);
|
||||
|
||||
|
||||
@ -66,10 +66,7 @@
|
||||
else if($_POST['pass1'] != $_POST['pass2']) $notice = 'nomatch';
|
||||
else if(user_valid_password($_POST['pass1']) == false) $notice = 'invalidchars';
|
||||
else {
|
||||
mysql_query("UPDATE users SET
|
||||
password='$pass',
|
||||
passwordset=NOW()
|
||||
WHERE id='{$_SESSION['users_id']}'");
|
||||
user_set_password($_SESSION['users_id'], $pass);
|
||||
unset($_SESSION['password_expired']);
|
||||
|
||||
header("location: $back_link?notice=password_changed");
|
||||
|
||||
Loading…
Reference in New Issue
Block a user