From f0d1578ac354a432eaea8ccaaa0ac63b9beba1ce Mon Sep 17 00:00:00 2001 From: jacob Date: Tue, 12 Oct 2010 16:49:38 +0000 Subject: [PATCH] Added generic "account" password recovery --- admin/communication.php | 1 + db/db.code.version.txt | 2 +- db/db.update.210.sql | 16 +++++++ user_login.php | 95 +++++++++++++++++------------------------ 4 files changed, 57 insertions(+), 57 deletions(-) create mode 100644 db/db.update.210.sql diff --git a/admin/communication.php b/admin/communication.php index 9e7dddd..907593e 100644 --- a/admin/communication.php +++ b/admin/communication.php @@ -289,6 +289,7 @@ case 'dialog_edit': + diff --git a/db/db.code.version.txt b/db/db.code.version.txt index 7fba2b4..cd7da05 100644 --- a/db/db.code.version.txt +++ b/db/db.code.version.txt @@ -1 +1 @@ -209 +210 diff --git a/db/db.update.210.sql b/db/db.update.210.sql new file mode 100644 index 0000000..cbac510 --- /dev/null +++ b/db/db.update.210.sql @@ -0,0 +1,16 @@ +INSERT INTO `emails` ( +`id` , +`val` , +`name` , +`description` , +`from` , +`subject` , +`body` , +`bodyhtml` , +`type` , +`fundraising_campaigns_id` , +`lastsent` +) +VALUES ( +NULL , 'account_recover_password', 'Account - Recover Password', 'Recover the password for an account if they submit a ''forgot password'' request', '', 'Password Recovery for [FAIRNAME]', 'We have received a request for the recovery of your password from this email address. Please find your login information below: User Name: [USERNAME] Password: [PASSWORD] ', '', 'system', NULL , NULL +); diff --git a/user_login.php b/user_login.php index 12dc581..7058937 100644 --- a/user_login.php +++ b/user_login.php @@ -157,28 +157,13 @@ if(isset($_SESSION['accounts_id'])) { $recover_link = "user_login.php?role=$role&action=recover"; ?> -
-
-
+

- - - - -
- : -
- : -
: -
- " /> -
-
+ " />
-
-
+

firstname, $fn)!=0 || strcasecmp($r->lastname, $ln)!=0) { - message_push(error(i18n("The name you entered does not match the one in your account"))); - header("Location: user_login.php?role=$role"); - exit; - } - - /* Reset the password, and force it to expire */ - $password = user_set_password($r->id, NULL); - - /* volunteer_recover_password, judge_recover_password, student_recover_password, - committee_recover_password */ - email_send("{$role}_recover_password", - $email, - array("FAIRNAME"=>i18n($config['fairname'])), - array( "PASSWORD"=>$password, - "EMAIL"=>$email) - ); - - message_push(notice(i18n("Your password has been sent to your email address"))); - header("Location: user_login.php?role=$role"); - exit; - } else { - message_push(error(i18n("Could not find your email address for recovery"))); - header("Location: user_login.php?role=$role"); - exit; - } + if(!isEmailAddress($email)) { + // not a valid email address + message_push(error(i18n("Email address error"))); + header("Location: user_login.php"); + exit; } - message_push(error(i18n("Email address error"))); - header("Location: user_login.php?role=$role"); - exit; + + $email = mysql_real_escape_string($email); + // let's see if we can find this email address on an account + $q = mysql_query("SELECT * FROM accounts WHERE email LIKE '$email'"); + $r = mysql_fetch_object($q); + + if(!$r){ + // didn't find it that way. Let's try finding an unconfirmed e-mail + $q = mysql_query("SELECT * FROM accounts WHERE pendingemail LIKE '$email'"); + $r = mysql_fetch_object($q); + } + + if($r) { + + // found the specified email address + /* volunteer_recover_password, judge_recover_password, student_recover_password, + committee_recover_password */ + email_send("account_recover_password", + $email, + array("FAIRNAME"=>i18n($config['fairname'])), + array( "PASSWORD"=>$r->password, + "USERNAME"=>$r->username) + ); + + message_push(notice(i18n("Your password has been sent to your email address"))); + header("Location: user_login.php"); + }else{ + message_push(error(i18n("Could not find your email address for recovery"))); + header("Location: user_login.php"); + } + } else {