From 555208a556a013fd6adbeb391d02838c47f3bab4 Mon Sep 17 00:00:00 2001 From: Daniel Winzen Date: Wed, 27 Apr 2016 10:47:42 +0200 Subject: [PATCH] Combine Password reset and setting new nickname --- CHANGELOG | 1 + chat.php | 92 ++++++++++++++++++++++---------------------------- lang_de.php | 6 ++-- lang_en.php | 6 ++-- lang_es_AR.php | 1 - lang_es_ES.php | 1 - lang_fr.php | 1 - lang_id.php | 1 - 8 files changed, 47 insertions(+), 62 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 97e41b0..3d20cca 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,4 +1,5 @@ Add timezone settings +Combine Password reset and setting new nickname Version 1.17 - Apr. 20, 2016 Make nocache refresh hack configurable in profile diff --git a/chat.php b/chat.php index 925fad0..7046124 100644 --- a/chat.php +++ b/chat.php @@ -1769,12 +1769,7 @@ function send_profile($arg=''){ echo " $I[oldpass]"; echo " $I[newpass]"; echo " $I[confirmpass]"; - echo ''; - thr(); - echo ""; - echo '
$I[changenickname]
'; - echo ""; - echo ""; + echo ""; echo '
 $I[newnickname]
 $I[newpass]
 $I[newnickname]
'; thr(); } @@ -1854,7 +1849,7 @@ function send_login(){ send_captcha(); if($ga!==0){ if(get_setting('guestreg')!=0){ - echo "$I[regpass]"; + echo "$I[regpass]"; } if($englobal===2){ echo "$I[globalloginpass]"; @@ -2506,33 +2501,12 @@ function amend_profile(){ function save_profile(){ global $I, $U, $db; - if(!isSet($_REQUEST['oldpass'])){ - $_REQUEST['oldpass']=''; - } - if(!isSet($_REQUEST['newpass'])){ - $_REQUEST['newpass']=''; - } - if(!isSet($_REQUEST['confirmpass'])){ - $_REQUEST['confirmpass']=''; - } - if($_REQUEST['newpass']!==$_REQUEST['confirmpass']){ - return $I['noconfirm']; - }elseif(!empty($_REQUEST['newpass']) && valid_pass($_REQUEST['newpass'])){ - $U['oldhash']=md5(sha1(md5($U['nickname'].$_REQUEST['oldpass']))); - $U['newhash']=md5(sha1(md5($U['nickname'].$_REQUEST['newpass']))); - }else{ - $U['oldhash']=$U['newhash']=$U['passhash']; - } - if($U['passhash']!==$U['oldhash']){ - return $I['wrongpass']; - } - $U['passhash']=$U['newhash']; amend_profile(); - $stmt=$db->prepare('UPDATE ' . PREFIX . 'sessions SET refresh=?, style=?, passhash=?, boxwidth=?, boxheight=?, bgcolour=?, notesboxwidth=?, notesboxheight=?, timestamps=?, embed=?, incognito=?, nocache=?, tz=? WHERE session=?;'); - $stmt->execute(array($U['refresh'], $U['style'], $U['passhash'], $U['boxwidth'], $U['boxheight'], $U['bgcolour'], $U['notesboxwidth'], $U['notesboxheight'], $U['timestamps'], $U['embed'], $U['incognito'], $U['nocache'], $U['tz'], $U['session'])); + $stmt=$db->prepare('UPDATE ' . PREFIX . 'sessions SET refresh=?, style=?, boxwidth=?, boxheight=?, bgcolour=?, notesboxwidth=?, notesboxheight=?, timestamps=?, embed=?, incognito=?, nocache=?, tz=? WHERE session=?;'); + $stmt->execute(array($U['refresh'], $U['style'], $U['boxwidth'], $U['boxheight'], $U['bgcolour'], $U['notesboxwidth'], $U['notesboxheight'], $U['timestamps'], $U['embed'], $U['incognito'], $U['nocache'], $U['tz'], $U['session'])); if($U['status']>=2){ - $stmt=$db->prepare('UPDATE ' . PREFIX . 'members SET passhash=?, refresh=?, bgcolour=?, boxwidth=?, boxheight=?, notesboxwidth=?, notesboxheight=?, timestamps=?, embed=?, incognito=?, style=?, nocache=?, tz=? WHERE nickname=?;'); - $stmt->execute(array($U['passhash'], $U['refresh'], $U['bgcolour'], $U['boxwidth'], $U['boxheight'], $U['notesboxwidth'], $U['notesboxheight'], $U['timestamps'], $U['embed'], $U['incognito'], $U['style'], $U['nocache'], $U['tz'], $U['nickname'])); + $stmt=$db->prepare('UPDATE ' . PREFIX . 'members SET refresh=?, bgcolour=?, boxwidth=?, boxheight=?, notesboxwidth=?, notesboxheight=?, timestamps=?, embed=?, incognito=?, style=?, nocache=?, tz=? WHERE nickname=?;'); + $stmt->execute(array($U['refresh'], $U['bgcolour'], $U['boxwidth'], $U['boxheight'], $U['notesboxwidth'], $U['notesboxheight'], $U['timestamps'], $U['embed'], $U['incognito'], $U['style'], $U['nocache'], $U['tz'], $U['nickname'])); } if(!empty($_REQUEST['unignore'])){ $stmt=$db->prepare('DELETE FROM ' . PREFIX . 'ignored WHERE ign=? AND ignby=?;'); @@ -2542,45 +2516,59 @@ function save_profile(){ $stmt=$db->prepare('INSERT INTO ' . PREFIX . 'ignored (ign, ignby) VALUES (?, ?);'); $stmt->execute(array($_REQUEST['ignore'], $U['nickname'])); } - if($U['status']>1 && !empty($_REQUEST['newnickname'])){ - $msg=set_new_nickname(); - if($msg!==''){ - return $msg; + if($U['status']>1 && !empty($_REQUEST['newpass'])){ + if(!valid_pass($_REQUEST['newpass'])){ + return sprintf($I['invalpass'], get_setting('minpass')); + } + if(!isSet($_REQUEST['oldpass'])){ + $_REQUEST['oldpass']=''; + } + if(!isSet($_REQUEST['confirmpass'])){ + $_REQUEST['confirmpass']=''; + } + if($_REQUEST['newpass']!==$_REQUEST['confirmpass']){ + return $I['noconfirm']; + }else{ + $U['oldhash']=md5(sha1(md5($U['nickname'].$_REQUEST['oldpass']))); + $U['newhash']=md5(sha1(md5($U['nickname'].$_REQUEST['newpass']))); + } + if($U['passhash']!==$U['oldhash']){ + return $I['wrongpass']; + } + $U['passhash']=$U['newhash']; + $stmt=$db->prepare('UPDATE ' . PREFIX . 'sessions SET passhash=? WHERE session=?;'); + $stmt->execute(array($U['passhash'], $U['session'])); + $stmt=$db->prepare('UPDATE ' . PREFIX . 'members SET passhash=? WHERE nickname=?;'); + $stmt->execute(array($U['passhash'], $U['nickname'])); + if(!empty($_REQUEST['newnickname'])){ + $msg=set_new_nickname(); + if($msg!==''){ + return $msg; + } } - } - if(!empty($_REQUEST['newpass']) && !valid_pass($_REQUEST['newpass'])){ - return sprintf($I['invalpass'], get_setting('minpass')); } return $I['succprofile']; } function set_new_nickname(){ global $I, $U, $db; - if(!isSet($_REQUEST['new_pass']) || !valid_pass($_REQUEST['new_pass'])){ - return sprintf($I['nopass'], get_setting('minpass')); - } if(!valid_nick($_REQUEST['newnickname'])){ return sprintf($I['invalnick'], get_setting('maxname')); } - $U['passhash']=md5(sha1(md5($_REQUEST['newnickname'].$_REQUEST['new_pass']))); + $U['passhash']=md5(sha1(md5($_REQUEST['newnickname'].$_REQUEST['newpass']))); $stmt=$db->prepare('SELECT id FROM ' . PREFIX . 'sessions WHERE nickname=? UNION SELECT id FROM ' . PREFIX . 'members WHERE nickname=?;'); $stmt->execute(array($_REQUEST['newnickname'], $_REQUEST['newnickname'])); if($stmt->fetch(PDO::FETCH_NUM)){ return $I['nicknametaken']; }else{ - if($U['status']>1){ - $entry=0; - }else{ - $entry=$U['entry']; - } $stmt=$db->prepare('UPDATE ' . PREFIX . 'members SET nickname=?, passhash=? WHERE nickname=?;'); $stmt->execute(array($_REQUEST['newnickname'], $U['passhash'], $U['nickname'])); $stmt=$db->prepare('UPDATE ' . PREFIX . 'sessions SET nickname=?, passhash=? WHERE nickname=?;'); $stmt->execute(array($_REQUEST['newnickname'], $U['passhash'], $U['nickname'])); - $stmt=$db->prepare('UPDATE ' . PREFIX . 'messages SET poster=? WHERE poster=? AND postdate>?;'); - $stmt->execute(array($_REQUEST['newnickname'], $U['nickname'], $entry)); - $stmt=$db->prepare('UPDATE ' . PREFIX . 'messages SET recipient=? WHERE recipient=? AND postdate>?;'); - $stmt->execute(array($_REQUEST['newnickname'], $U['nickname'], $entry)); + $stmt=$db->prepare('UPDATE ' . PREFIX . 'messages SET poster=? WHERE poster=?;'); + $stmt->execute(array($_REQUEST['newnickname'], $U['nickname'])); + $stmt=$db->prepare('UPDATE ' . PREFIX . 'messages SET recipient=? WHERE recipient=?;'); + $stmt->execute(array($_REQUEST['newnickname'], $U['nickname'])); $stmt=$db->prepare('UPDATE ' . PREFIX . 'ignored SET ignby=? WHERE ignby=?;'); $stmt->execute(array($_REQUEST['newnickname'], $U['nickname'])); $stmt=$db->prepare('UPDATE ' . PREFIX . 'ignored SET ign=? WHERE ign=?;'); diff --git a/lang_de.php b/lang_de.php index 8503daf..e2ea041 100644 --- a/lang_de.php +++ b/lang_de.php @@ -309,7 +309,6 @@ $T=array( 'newer' => 'Neuer', 'accessdenied' => 'Zugriff verweigert', 'loggedinas' => 'Du bist als %s angemeldet und hast keinen Zugriff auf diesen Bereich.', - 'changenickname' => 'Nickname ändern', 'newnickname' => 'Neuer Nickname:', 'nicknametaken' => 'Nickname ist bereits vergeben', 'nopass' => 'Ungültiges Passwort (Mindestens %d Zeichen), Nickname nicht geändert', @@ -324,7 +323,7 @@ $T=array( 'mailsender' => 'E-Mail mit dieser Adresse versenden', 'mailreceiver' => 'E-Mail and diese Adresse senden', 'modfallback' => 'Auf Warteraum rückgreifen, falls kein Moderator anwesend ist, um Gäste hereinzulassen', - 'regpass' => 'Zum registrieren
Passwort wiederholen
(optional)', + 'regpass' => 'Zum registrieren
Passwort wiederholen', 'guestreg' => 'Gäste sich selbst registrieren lassen', 'asmember' => 'Als Mitglied', 'assuguest' => 'Als Anwerber', @@ -337,6 +336,7 @@ $T=array( 'disabletext' => 'Chat deaktiviert Nachricht (html)', 'disabledtext' => 'Kurzzeitig deaktiviert', 'defaulttz' => 'Standard Zeitzone', - 'tz' => 'Zeitzone' + 'tz' => 'Zeitzone', + 'optional' => '(optional)' ); ?> diff --git a/lang_en.php b/lang_en.php index fa13fbd..fcb9899 100644 --- a/lang_en.php +++ b/lang_en.php @@ -309,7 +309,6 @@ $I=array( 'newer' => 'Newer', 'accessdenied' => 'Access denied', 'loggedinas' => 'You are logged in as %s and don\'t have access to this section.', - 'changenickname' => 'Change nickname', 'newnickname' => 'New nickname:', 'nicknametaken' => 'Nickname is already taken', 'nopass' => 'Invalid password (At least %d characters), not changing nickname', @@ -324,7 +323,7 @@ $I=array( 'mailsender' => 'Send mail using this address', 'mailreceiver' => 'Send mail to this address', 'modfallback' => 'Fallback to waiting room, if no moderator is present to approve guests', - 'regpass' => 'Repeat password
to register
(optional)', + 'regpass' => 'Repeat password
to register', 'guestreg' => 'Let guests register themselves', 'asmember' => 'As member', 'assuguest' => 'As applicant', @@ -337,6 +336,7 @@ $I=array( 'disabletext' => 'Chat disabled message (html)', 'disabledtext' => 'Temporarily disabled', 'defaulttz' => 'Default time zone', - 'tz' => 'Time zone' + 'tz' => 'Time zone', + 'optional' => '(optional)' ); ?> diff --git a/lang_es_AR.php b/lang_es_AR.php index 02cc2b9..319c5f1 100644 --- a/lang_es_AR.php +++ b/lang_es_AR.php @@ -308,7 +308,6 @@ $T=array( 'newer' => 'Newer', 'accessdenied' => 'Acceso no permitido', 'loggedinas' => 'Estás identificado como %s y no tenés acceso a esta sección.', - 'changenickname' => 'Cambiar apodo', 'newnickname' => 'Nuevo apodo:', 'nicknametaken' => 'Ese apodo ya fue tomado', 'nopass' => 'Constraseña incorrecta (al menos %d caracteres), no se cambia apodo' diff --git a/lang_es_ES.php b/lang_es_ES.php index 3690c56..95a43ea 100644 --- a/lang_es_ES.php +++ b/lang_es_ES.php @@ -308,7 +308,6 @@ $T=array( 'newer' => 'Newer', 'accessdenied' => 'Acceso denegado', 'loggedinas' => 'Estás identificado como %s y no tenés acceso a esta sección.', - 'changenickname' => 'Cambiar apodo', 'newnickname' => 'Nuevo apodo:', 'nicknametaken' => 'Ese apodo ya fue tomado', 'nopass' => 'Constraseña incorrecta (al menos %d caracteres), no se cambia apodo' diff --git a/lang_fr.php b/lang_fr.php index 06849d0..f98916e 100644 --- a/lang_fr.php +++ b/lang_fr.php @@ -308,7 +308,6 @@ $T=array( 'newer' => 'Nouveau', 'accessdenied' => 'Accès interdit', 'loggedinas' => 'Vous êtes connecté en tant que %s et vous n\'avez pas accès à cette section.', - 'changenickname' => 'Changer de Pseudo', 'newnickname' => 'Nouveau Pseudo:', 'nicknametaken' => 'Pseudo déjà pris', 'nopass' => 'Mot de passe invalide (au moins % caractères), ne pas changer le pseudo', diff --git a/lang_id.php b/lang_id.php index 7be55f0..762a089 100644 --- a/lang_id.php +++ b/lang_id.php @@ -308,7 +308,6 @@ $T=array( 'newer' => 'Baru', 'accessdenied' => 'Akses ditolak', 'loggedinas' => 'Anda masuk sebagai %s dan tak dapat mengakses bagian ini.', - 'changenickname' => 'Ubah nama', 'newnickname' => 'Nama baru:', 'nicknametaken' => 'Nama sudah ada', 'nopass' => 'Kata sandi salah (Minimal %d karakter), tak merubah nama'