[geeklog-hg] geeklog: A remote service user now bypasses current password che...
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Fri Dec 28 09:12:19 EST 2012
changeset 8897:0f299541fcee
url: http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/0f299541fcee
user: Tom <websitemaster at cogeco.net>
date: Wed Feb 01 10:45:33 2012 -0500
description:
A remote service user now bypasses current password check when account is deleted. (bug #0001417)
diffstat:
public_html/usersettings.php | 21 ++++++++++++---------
1 files changed, 12 insertions(+), 9 deletions(-)
diffs (32 lines):
diff -r 3eaf95b14f5a -r 0f299541fcee public_html/usersettings.php
--- a/public_html/usersettings.php Sun Dec 09 16:16:46 2012 +0100
+++ b/public_html/usersettings.php Wed Feb 01 10:45:33 2012 -0500
@@ -312,16 +312,19 @@
return COM_refresh ($_CONF['site_url'] . '/index.php');
}
- // to change the password, email address, or cookie timeout,
- // we need the user's current password
- $current_password = DB_getItem($_TABLES['users'], 'passwd',
- "uid = {$_USER['uid']}");
- if (empty($_POST['old_passwd']) ||
- (SEC_encryptPassword($_POST['old_passwd']) != $current_password)) {
- return COM_refresh($_CONF['site_url']
- . '/usersettings.php?msg=84');
+ // Do not check current password for remote users. At some point we should reauthenticate with the service when deleting the account
+ if ($_USER['remoteservice'] == '') {
+ // to change the password, email address, or cookie timeout,
+ // we need the user's current password
+ $current_password = DB_getItem($_TABLES['users'], 'passwd',
+ "uid = {$_USER['uid']}");
+ if (empty($_POST['old_passwd']) ||
+ (SEC_encryptPassword($_POST['old_passwd']) != $current_password)) {
+ return COM_refresh($_CONF['site_url']
+ . '/usersettings.php?msg=84');
+ }
}
-
+
$reqid = substr (md5 (uniqid (rand (), 1)), 1, 16);
DB_change ($_TABLES['users'], 'pwrequestid', "$reqid",
'uid', $_USER['uid']);
More information about the geeklog-cvs
mailing list