forked from science-ation/science-ation
- Move all the password handling code into one function (not duplicated/spread
over 3 files) - Fix a bug to always save the old password (unless it was a reset password) - Fix a bug to save the old password even when the user sets a new one
This commit is contained in:
parent
5ed0135442
commit
a9318b6303
40
user.inc.php
40
user.inc.php
@ -174,6 +174,36 @@ function user_load($user, $load_full=false)
|
|||||||
return $ret;
|
return $ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function user_set_password($id, $password = NULL)
|
||||||
|
{
|
||||||
|
/* pass $u by reference so we can update it */
|
||||||
|
$save_old = false;
|
||||||
|
if($password == NULL) {
|
||||||
|
$q = mysql_query("SELECT passwordset FROM users WHERE id='$id'");
|
||||||
|
$u = mysql_fetch_assoc($q);
|
||||||
|
/* Generate a new password */
|
||||||
|
$password = generatePassword(12);
|
||||||
|
/* save the old password only if it's not an auto-generated one */
|
||||||
|
if($u['passwordset'] != '0000-00-00') $save_old = true;
|
||||||
|
/* Expire the password */
|
||||||
|
$save_set = "'0000-00-00'";
|
||||||
|
} else {
|
||||||
|
/* Set the password, no expiry, save the old */
|
||||||
|
$save_old = true;
|
||||||
|
$save_set = 'NOW()';
|
||||||
|
}
|
||||||
|
|
||||||
|
$p = mysql_escape_string($password);
|
||||||
|
$set = ($save_old == true) ? 'oldpassword=password, ' : '';
|
||||||
|
$set .= "password='$p', passwordset=$save_set ";
|
||||||
|
|
||||||
|
$query = "UPDATE users SET $set WHERE id='$id'";
|
||||||
|
mysql_query($query);
|
||||||
|
echo mysql_error();
|
||||||
|
|
||||||
|
return $password;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
function user_save_volunteer($u)
|
function user_save_volunteer($u)
|
||||||
{
|
{
|
||||||
@ -216,7 +246,7 @@ function user_save_fair($u)
|
|||||||
|
|
||||||
function user_save($u)
|
function user_save($u)
|
||||||
{
|
{
|
||||||
$fields = array('firstname','lastname','username','password',
|
$fields = array('firstname','lastname','username',
|
||||||
'email',
|
'email',
|
||||||
'phonehome','phonework','phonecell','fax','organization',
|
'phonehome','phonework','phonecell','fax','organization',
|
||||||
'address','address2','city','province','postalcode','sex',
|
'address','address2','city','province','postalcode','sex',
|
||||||
@ -233,7 +263,6 @@ function user_save($u)
|
|||||||
|
|
||||||
$data = mysql_escape_string(stripslashes($u[$f]));
|
$data = mysql_escape_string(stripslashes($u[$f]));
|
||||||
$set .= "$f='$data'";
|
$set .= "$f='$data'";
|
||||||
if($f=="password") $set.=",passwordset=NOW()";
|
|
||||||
}
|
}
|
||||||
//echo "<pre>";
|
//echo "<pre>";
|
||||||
//print_r($u);
|
//print_r($u);
|
||||||
@ -245,14 +274,16 @@ function user_save($u)
|
|||||||
echo mysql_error();
|
echo mysql_error();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Save the password if it changed */
|
||||||
|
if($u['password'] != $u['orig']['password'])
|
||||||
|
user_set_password($u['id'], $u['password']);
|
||||||
|
|
||||||
/* If this was a full load, do a full save */
|
/* If this was a full load, do a full save */
|
||||||
if($u['load_full'] == true) {
|
if($u['load_full'] == true) {
|
||||||
foreach($u['types'] as $t) {
|
foreach($u['types'] as $t) {
|
||||||
call_user_func("user_save_$t", $u);
|
call_user_func("user_save_$t", $u);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -341,6 +372,7 @@ function user_create($type, $u = NULL)
|
|||||||
mysql_query("INSERT INTO users (`types`,`passwordset`,`created`)
|
mysql_query("INSERT INTO users (`types`,`passwordset`,`created`)
|
||||||
VALUES ('$type', '0000-00-00', NOW())");
|
VALUES ('$type', '0000-00-00', NOW())");
|
||||||
$uid = mysql_insert_id();
|
$uid = mysql_insert_id();
|
||||||
|
user_set_password($uid, NULL);
|
||||||
} else {
|
} else {
|
||||||
/* The user has been specified and already exists,
|
/* The user has been specified and already exists,
|
||||||
* just add a role */
|
* just add a role */
|
||||||
|
@ -295,14 +295,8 @@
|
|||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
$password = generatePassword(12);
|
/* Reset the password, and force it to expire */
|
||||||
|
$password = user_set_password($r->id, NULL);
|
||||||
/* Save their old password so it can be recovered if someone is just trying
|
|
||||||
* to reset someones password */
|
|
||||||
mysql_query("UPDATE users SET oldpassword=password WHERE id={$r->id}");
|
|
||||||
|
|
||||||
/* Set the new password, and force it to expire */
|
|
||||||
mysql_query("UPDATE users SET password='$password',passwordset='0000-00-00' WHERE id={$r->id}");
|
|
||||||
|
|
||||||
/* volunteer_recover_password, judge_recover_password, student_recover_password,
|
/* volunteer_recover_password, judge_recover_password, student_recover_password,
|
||||||
committee_recover_password */
|
committee_recover_password */
|
||||||
|
@ -175,22 +175,19 @@
|
|||||||
/* If we havne't encountered a break; or an exit; yet, then go ahead
|
/* If we havne't encountered a break; or an exit; yet, then go ahead
|
||||||
* and create the account */
|
* and create the account */
|
||||||
|
|
||||||
/* Generate a password */
|
/* Add the user, user_create sets a random/expired password,
|
||||||
$password = generatePassword(12);
|
* so we'll just use that */
|
||||||
|
|
||||||
/* Add the user */
|
|
||||||
$u = user_create($type);
|
$u = user_create($type);
|
||||||
$u['firstname'] = $data_fn;
|
$u['firstname'] = $data_fn;
|
||||||
$u['lastname'] = $data_ln;
|
$u['lastname'] = $data_ln;
|
||||||
$u['username'] = $data_email;
|
$u['username'] = $data_email;
|
||||||
$u['password'] = $password;
|
|
||||||
$u['email'] = $data_email;
|
$u['email'] = $data_email;
|
||||||
user_save($u);
|
user_save($u);
|
||||||
|
|
||||||
/* Send the email */
|
/* Send the email */
|
||||||
email_send($welcome_email, $data_email,
|
email_send($welcome_email, $data_email,
|
||||||
array("FAIRNAME"=>i18n($config['fairname'])),
|
array("FAIRNAME"=>i18n($config['fairname'])),
|
||||||
array("PASSWORD"=>$password,
|
array("PASSWORD"=>$u['password'],
|
||||||
"EMAIL"=>$data_email)
|
"EMAIL"=>$data_email)
|
||||||
);
|
);
|
||||||
|
|
||||||
|
@ -66,10 +66,7 @@
|
|||||||
else if($_POST['pass1'] != $_POST['pass2']) $notice = 'nomatch';
|
else if($_POST['pass1'] != $_POST['pass2']) $notice = 'nomatch';
|
||||||
else if(user_valid_password($_POST['pass1']) == false) $notice = 'invalidchars';
|
else if(user_valid_password($_POST['pass1']) == false) $notice = 'invalidchars';
|
||||||
else {
|
else {
|
||||||
mysql_query("UPDATE users SET
|
user_set_password($_SESSION['users_id'], $pass);
|
||||||
password='$pass',
|
|
||||||
passwordset=NOW()
|
|
||||||
WHERE id='{$_SESSION['users_id']}'");
|
|
||||||
unset($_SESSION['password_expired']);
|
unset($_SESSION['password_expired']);
|
||||||
|
|
||||||
header("location: $back_link?notice=password_changed");
|
header("location: $back_link?notice=password_changed");
|
||||||
|
Loading…
Reference in New Issue
Block a user