danwin1210/le-chat-php
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Combine Password reset and setting new nickname

Browse Source
This commit is contained in:
Daniel Winzen
2016-04-27 10:47:42 +02:00
parent d9c9dae6c0
commit 555208a556
8 changed files with 47 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG
View File

@ -1,4 +1,5 @@
Add timezone settings Add timezone settings
Combine Password reset and setting new nickname
Version 1.17 - Apr. 20, 2016 Version 1.17 - Apr. 20, 2016
Make nocache refresh hack configurable in profile Make nocache refresh hack configurable in profile

84
chat.php
View File

@ -1769,12 +1769,7 @@ function send_profile($arg=''){
echo "<tr><td>&nbsp;</td><td>$I[oldpass]</td><td><input type=\"password\" name=\"oldpass\" size=\"20\"></td></tr>"; echo "<tr><td>&nbsp;</td><td>$I[oldpass]</td><td><input type=\"password\" name=\"oldpass\" size=\"20\"></td></tr>";
echo "<tr><td>&nbsp;</td><td>$I[newpass]</td><td><input type=\"password\" name=\"newpass\" size=\"20\"></td></tr>"; echo "<tr><td>&nbsp;</td><td>$I[newpass]</td><td><input type=\"password\" name=\"newpass\" size=\"20\"></td></tr>";
echo "<tr><td>&nbsp;</td><td>$I[confirmpass]</td><td><input type=\"password\" name=\"confirmpass\" size=\"20\"></td></tr>"; echo "<tr><td>&nbsp;</td><td>$I[confirmpass]</td><td><input type=\"password\" name=\"confirmpass\" size=\"20\"></td></tr>";
echo '</table></td></tr></table></td></tr>'; echo "<tr><td>&nbsp;</td><td>$I[newnickname]</td><td><input type=\"text\" name=\"newnickname\" size=\"20\" placeholder=\"$I[optional]\"></td></tr>";
thr();
echo "<tr><td><table class=\"left-table\"><tr><th>$I[changenickname]</th></tr>";
echo '<tr><td><table class="right-table">';
echo "<tr><td>&nbsp;</td><td>$I[newnickname]</td><td><input type=\"text\" name=\"newnickname\" size=\"20\"></td></tr>";
echo "<tr><td>&nbsp;</td><td>$I[newpass]</td><td><input type=\"password\" name=\"new_pass\" size=\"20\"></td></tr>";
echo '</table></td></tr></table></td></tr>'; echo '</table></td></tr></table></td></tr>';
thr(); thr();
} }
@ -1854,7 +1849,7 @@ function send_login(){
send_captcha(); send_captcha();
if($ga!==0){ if($ga!==0){
if(get_setting('guestreg')!=0){ if(get_setting('guestreg')!=0){
echo "<tr><td class=\"left\">$I[regpass]</td><td class=\"right\"><input type=\"password\" name=\"regpass\" size=\"15\"></td></tr>"; echo "<tr><td class=\"left\">$I[regpass]</td><td class=\"right\"><input type=\"password\" name=\"regpass\" size=\"15\" placeholder=\"$I[optional]\"></td></tr>";
} }
if($englobal===2){ if($englobal===2){
echo "<tr><td class=\"left\">$I[globalloginpass]</td><td class=\"right\"><input type=\"password\" name=\"globalpass\" size=\"15\"></td></tr>"; echo "<tr><td class=\"left\">$I[globalloginpass]</td><td class=\"right\"><input type=\"password\" name=\"globalpass\" size=\"15\"></td></tr>";
@ -2506,33 +2501,12 @@ function amend_profile(){
function save_profile(){ function save_profile(){
global $I, $U, $db; global $I, $U, $db;
if(!isSet($_REQUEST['oldpass'])){
$_REQUEST['oldpass']='';
}
if(!isSet($_REQUEST['newpass'])){
$_REQUEST['newpass']='';
}
if(!isSet($_REQUEST['confirmpass'])){
$_REQUEST['confirmpass']='';
}
if($_REQUEST['newpass']!==$_REQUEST['confirmpass']){
return $I['noconfirm'];
}elseif(!empty($_REQUEST['newpass']) && valid_pass($_REQUEST['newpass'])){
$U['oldhash']=md5(sha1(md5($U['nickname'].$_REQUEST['oldpass'])));
$U['newhash']=md5(sha1(md5($U['nickname'].$_REQUEST['newpass'])));
}else{
$U['oldhash']=$U['newhash']=$U['passhash'];
}
if($U['passhash']!==$U['oldhash']){
return $I['wrongpass'];
}
$U['passhash']=$U['newhash'];
amend_profile(); amend_profile();
$stmt=$db->prepare('UPDATE ' . PREFIX . 'sessions SET refresh=?, style=?, passhash=?, boxwidth=?, boxheight=?, bgcolour=?, notesboxwidth=?, notesboxheight=?, timestamps=?, embed=?, incognito=?, nocache=?, tz=? WHERE session=?;'); $stmt=$db->prepare('UPDATE ' . PREFIX . 'sessions SET refresh=?, style=?, boxwidth=?, boxheight=?, bgcolour=?, notesboxwidth=?, notesboxheight=?, timestamps=?, embed=?, incognito=?, nocache=?, tz=? WHERE session=?;');
$stmt->execute(array($U['refresh'], $U['style'], $U['passhash'], $U['boxwidth'], $U['boxheight'], $U['bgcolour'], $U['notesboxwidth'], $U['notesboxheight'], $U['timestamps'], $U['embed'], $U['incognito'], $U['nocache'], $U['tz'], $U['session'])); $stmt->execute(array($U['refresh'], $U['style'], $U['boxwidth'], $U['boxheight'], $U['bgcolour'], $U['notesboxwidth'], $U['notesboxheight'], $U['timestamps'], $U['embed'], $U['incognito'], $U['nocache'], $U['tz'], $U['session']));
if($U['status']>=2){ if($U['status']>=2){
$stmt=$db->prepare('UPDATE ' . PREFIX . 'members SET passhash=?, refresh=?, bgcolour=?, boxwidth=?, boxheight=?, notesboxwidth=?, notesboxheight=?, timestamps=?, embed=?, incognito=?, style=?, nocache=?, tz=? WHERE nickname=?;'); $stmt=$db->prepare('UPDATE ' . PREFIX . 'members SET refresh=?, bgcolour=?, boxwidth=?, boxheight=?, notesboxwidth=?, notesboxheight=?, timestamps=?, embed=?, incognito=?, style=?, nocache=?, tz=? WHERE nickname=?;');
$stmt->execute(array($U['passhash'], $U['refresh'], $U['bgcolour'], $U['boxwidth'], $U['boxheight'], $U['notesboxwidth'], $U['notesboxheight'], $U['timestamps'], $U['embed'], $U['incognito'], $U['style'], $U['nocache'], $U['tz'], $U['nickname'])); $stmt->execute(array($U['refresh'], $U['bgcolour'], $U['boxwidth'], $U['boxheight'], $U['notesboxwidth'], $U['notesboxheight'], $U['timestamps'], $U['embed'], $U['incognito'], $U['style'], $U['nocache'], $U['tz'], $U['nickname']));
} }
if(!empty($_REQUEST['unignore'])){ if(!empty($_REQUEST['unignore'])){
$stmt=$db->prepare('DELETE FROM ' . PREFIX . 'ignored WHERE ign=? AND ignby=?;'); $stmt=$db->prepare('DELETE FROM ' . PREFIX . 'ignored WHERE ign=? AND ignby=?;');
@ -2542,45 +2516,59 @@ function save_profile(){
$stmt=$db->prepare('INSERT INTO ' . PREFIX . 'ignored (ign, ignby) VALUES (?, ?);'); $stmt=$db->prepare('INSERT INTO ' . PREFIX . 'ignored (ign, ignby) VALUES (?, ?);');
$stmt->execute(array($_REQUEST['ignore'], $U['nickname'])); $stmt->execute(array($_REQUEST['ignore'], $U['nickname']));
} }
if($U['status']>1 && !empty($_REQUEST['newnickname'])){ if($U['status']>1 && !empty($_REQUEST['newpass'])){
if(!valid_pass($_REQUEST['newpass'])){
return sprintf($I['invalpass'], get_setting('minpass'));
}
if(!isSet($_REQUEST['oldpass'])){
$_REQUEST['oldpass']='';
}
if(!isSet($_REQUEST['confirmpass'])){
$_REQUEST['confirmpass']='';
}
if($_REQUEST['newpass']!==$_REQUEST['confirmpass']){
return $I['noconfirm'];
}else{
$U['oldhash']=md5(sha1(md5($U['nickname'].$_REQUEST['oldpass'])));
$U['newhash']=md5(sha1(md5($U['nickname'].$_REQUEST['newpass'])));
}
if($U['passhash']!==$U['oldhash']){
return $I['wrongpass'];
}
$U['passhash']=$U['newhash'];
$stmt=$db->prepare('UPDATE ' . PREFIX . 'sessions SET passhash=? WHERE session=?;');
$stmt->execute(array($U['passhash'], $U['session']));
$stmt=$db->prepare('UPDATE ' . PREFIX . 'members SET passhash=? WHERE nickname=?;');
$stmt->execute(array($U['passhash'], $U['nickname']));
if(!empty($_REQUEST['newnickname'])){
$msg=set_new_nickname(); $msg=set_new_nickname();
if($msg!==''){ if($msg!==''){
return $msg; return $msg;
} }
} }
if(!empty($_REQUEST['newpass']) && !valid_pass($_REQUEST['newpass'])){
return sprintf($I['invalpass'], get_setting('minpass'));
} }
return $I['succprofile']; return $I['succprofile'];
} }
function set_new_nickname(){ function set_new_nickname(){
global $I, $U, $db; global $I, $U, $db;
if(!isSet($_REQUEST['new_pass']) || !valid_pass($_REQUEST['new_pass'])){
return sprintf($I['nopass'], get_setting('minpass'));
}
if(!valid_nick($_REQUEST['newnickname'])){ if(!valid_nick($_REQUEST['newnickname'])){
return sprintf($I['invalnick'], get_setting('maxname')); return sprintf($I['invalnick'], get_setting('maxname'));
} }
$U['passhash']=md5(sha1(md5($_REQUEST['newnickname'].$_REQUEST['new_pass']))); $U['passhash']=md5(sha1(md5($_REQUEST['newnickname'].$_REQUEST['newpass'])));
$stmt=$db->prepare('SELECT id FROM ' . PREFIX . 'sessions WHERE nickname=? UNION SELECT id FROM ' . PREFIX . 'members WHERE nickname=?;'); $stmt=$db->prepare('SELECT id FROM ' . PREFIX . 'sessions WHERE nickname=? UNION SELECT id FROM ' . PREFIX . 'members WHERE nickname=?;');
$stmt->execute(array($_REQUEST['newnickname'], $_REQUEST['newnickname'])); $stmt->execute(array($_REQUEST['newnickname'], $_REQUEST['newnickname']));
if($stmt->fetch(PDO::FETCH_NUM)){ if($stmt->fetch(PDO::FETCH_NUM)){
return $I['nicknametaken']; return $I['nicknametaken'];
}else{ }else{
if($U['status']>1){
$entry=0;
}else{
$entry=$U['entry'];
}
$stmt=$db->prepare('UPDATE ' . PREFIX . 'members SET nickname=?, passhash=? WHERE nickname=?;'); $stmt=$db->prepare('UPDATE ' . PREFIX . 'members SET nickname=?, passhash=? WHERE nickname=?;');
$stmt->execute(array($_REQUEST['newnickname'], $U['passhash'], $U['nickname'])); $stmt->execute(array($_REQUEST['newnickname'], $U['passhash'], $U['nickname']));
$stmt=$db->prepare('UPDATE ' . PREFIX . 'sessions SET nickname=?, passhash=? WHERE nickname=?;'); $stmt=$db->prepare('UPDATE ' . PREFIX . 'sessions SET nickname=?, passhash=? WHERE nickname=?;');
$stmt->execute(array($_REQUEST['newnickname'], $U['passhash'], $U['nickname'])); $stmt->execute(array($_REQUEST['newnickname'], $U['passhash'], $U['nickname']));
$stmt=$db->prepare('UPDATE ' . PREFIX . 'messages SET poster=? WHERE poster=? AND postdate>?;'); $stmt=$db->prepare('UPDATE ' . PREFIX . 'messages SET poster=? WHERE poster=?;');
$stmt->execute(array($_REQUEST['newnickname'], $U['nickname'], $entry)); $stmt->execute(array($_REQUEST['newnickname'], $U['nickname']));
$stmt=$db->prepare('UPDATE ' . PREFIX . 'messages SET recipient=? WHERE recipient=? AND postdate>?;'); $stmt=$db->prepare('UPDATE ' . PREFIX . 'messages SET recipient=? WHERE recipient=?;');
$stmt->execute(array($_REQUEST['newnickname'], $U['nickname'], $entry)); $stmt->execute(array($_REQUEST['newnickname'], $U['nickname']));
$stmt=$db->prepare('UPDATE ' . PREFIX . 'ignored SET ignby=? WHERE ignby=?;'); $stmt=$db->prepare('UPDATE ' . PREFIX . 'ignored SET ignby=? WHERE ignby=?;');
$stmt->execute(array($_REQUEST['newnickname'], $U['nickname'])); $stmt->execute(array($_REQUEST['newnickname'], $U['nickname']));
$stmt=$db->prepare('UPDATE ' . PREFIX . 'ignored SET ign=? WHERE ign=?;'); $stmt=$db->prepare('UPDATE ' . PREFIX . 'ignored SET ign=? WHERE ign=?;');

6
lang_de.php
View File

@ -309,7 +309,6 @@ $T=array(
'newer' => 'Neuer', 'newer' => 'Neuer',
'accessdenied' => 'Zugriff verweigert', 'accessdenied' => 'Zugriff verweigert',
'loggedinas' => 'Du bist als %s angemeldet und hast keinen Zugriff auf diesen Bereich.', 'loggedinas' => 'Du bist als %s angemeldet und hast keinen Zugriff auf diesen Bereich.',
'changenickname' => 'Nickname ändern',
'newnickname' => 'Neuer Nickname:', 'newnickname' => 'Neuer Nickname:',
'nicknametaken' => 'Nickname ist bereits vergeben', 'nicknametaken' => 'Nickname ist bereits vergeben',
'nopass' => 'Ungültiges Passwort (Mindestens %d Zeichen), Nickname nicht geändert', 'nopass' => 'Ungültiges Passwort (Mindestens %d Zeichen), Nickname nicht geändert',
@ -324,7 +323,7 @@ $T=array(
'mailsender' => 'E-Mail mit dieser Adresse versenden', 'mailsender' => 'E-Mail mit dieser Adresse versenden',
'mailreceiver' => 'E-Mail and diese Adresse senden', 'mailreceiver' => 'E-Mail and diese Adresse senden',
'modfallback' => 'Auf Warteraum rückgreifen, falls kein Moderator anwesend ist, um Gäste hereinzulassen', 'modfallback' => 'Auf Warteraum rückgreifen, falls kein Moderator anwesend ist, um Gäste hereinzulassen',
'regpass' => 'Zum registrieren<br>Passwort wiederholen<br>(optional)', 'regpass' => 'Zum registrieren<br>Passwort wiederholen',
'guestreg' => 'Gäste sich selbst registrieren lassen', 'guestreg' => 'Gäste sich selbst registrieren lassen',
'asmember' => 'Als Mitglied', 'asmember' => 'Als Mitglied',
'assuguest' => 'Als Anwerber', 'assuguest' => 'Als Anwerber',
@ -337,6 +336,7 @@ $T=array(
'disabletext' => 'Chat deaktiviert Nachricht (html)', 'disabletext' => 'Chat deaktiviert Nachricht (html)',
'disabledtext' => 'Kurzzeitig deaktiviert', 'disabledtext' => 'Kurzzeitig deaktiviert',
'defaulttz' => 'Standard Zeitzone', 'defaulttz' => 'Standard Zeitzone',
'tz' => 'Zeitzone' 'tz' => 'Zeitzone',
'optional' => '(optional)'
); );
?> ?>

6
lang_en.php
View File

@ -309,7 +309,6 @@ $I=array(
'newer' => 'Newer', 'newer' => 'Newer',
'accessdenied' => 'Access denied', 'accessdenied' => 'Access denied',
'loggedinas' => 'You are logged in as %s and don\'t have access to this section.', 'loggedinas' => 'You are logged in as %s and don\'t have access to this section.',
'changenickname' => 'Change nickname',
'newnickname' => 'New nickname:', 'newnickname' => 'New nickname:',
'nicknametaken' => 'Nickname is already taken', 'nicknametaken' => 'Nickname is already taken',
'nopass' => 'Invalid password (At least %d characters), not changing nickname', 'nopass' => 'Invalid password (At least %d characters), not changing nickname',
@ -324,7 +323,7 @@ $I=array(
'mailsender' => 'Send mail using this address', 'mailsender' => 'Send mail using this address',
'mailreceiver' => 'Send mail to this address', 'mailreceiver' => 'Send mail to this address',
'modfallback' => 'Fallback to waiting room, if no moderator is present to approve guests', 'modfallback' => 'Fallback to waiting room, if no moderator is present to approve guests',
'regpass' => 'Repeat password<br>to register<br>(optional)', 'regpass' => 'Repeat password<br>to register',
'guestreg' => 'Let guests register themselves', 'guestreg' => 'Let guests register themselves',
'asmember' => 'As member', 'asmember' => 'As member',
'assuguest' => 'As applicant', 'assuguest' => 'As applicant',
@ -337,6 +336,7 @@ $I=array(
'disabletext' => 'Chat disabled message (html)', 'disabletext' => 'Chat disabled message (html)',
'disabledtext' => 'Temporarily disabled', 'disabledtext' => 'Temporarily disabled',
'defaulttz' => 'Default time zone', 'defaulttz' => 'Default time zone',
'tz' => 'Time zone' 'tz' => 'Time zone',
'optional' => '(optional)'
); );
?> ?>

1
lang_es_AR.php
View File

@ -308,7 +308,6 @@ $T=array(
'newer' => 'Newer', 'newer' => 'Newer',
'accessdenied' => 'Acceso no permitido', 'accessdenied' => 'Acceso no permitido',
'loggedinas' => 'Estás identificado como %s y no tenés acceso a esta sección.', 'loggedinas' => 'Estás identificado como %s y no tenés acceso a esta sección.',
'changenickname' => 'Cambiar apodo',
'newnickname' => 'Nuevo apodo:', 'newnickname' => 'Nuevo apodo:',
'nicknametaken' => 'Ese apodo ya fue tomado', 'nicknametaken' => 'Ese apodo ya fue tomado',
'nopass' => 'Constraseña incorrecta (al menos %d caracteres), no se cambia apodo' 'nopass' => 'Constraseña incorrecta (al menos %d caracteres), no se cambia apodo'

1
lang_es_ES.php
View File

@ -308,7 +308,6 @@ $T=array(
'newer' => 'Newer', 'newer' => 'Newer',
'accessdenied' => 'Acceso denegado', 'accessdenied' => 'Acceso denegado',
'loggedinas' => 'Estás identificado como %s y no tenés acceso a esta sección.', 'loggedinas' => 'Estás identificado como %s y no tenés acceso a esta sección.',
'changenickname' => 'Cambiar apodo',
'newnickname' => 'Nuevo apodo:', 'newnickname' => 'Nuevo apodo:',
'nicknametaken' => 'Ese apodo ya fue tomado', 'nicknametaken' => 'Ese apodo ya fue tomado',
'nopass' => 'Constraseña incorrecta (al menos %d caracteres), no se cambia apodo' 'nopass' => 'Constraseña incorrecta (al menos %d caracteres), no se cambia apodo'

1
lang_fr.php
View File

@ -308,7 +308,6 @@ $T=array(
'newer' => 'Nouveau', 'newer' => 'Nouveau',
'accessdenied' => 'Accès interdit', 'accessdenied' => 'Accès interdit',
'loggedinas' => 'Vous êtes connecté en tant que %s et vous n\'avez pas accès à cette section.', 'loggedinas' => 'Vous êtes connecté en tant que %s et vous n\'avez pas accès à cette section.',
'changenickname' => 'Changer de Pseudo',
'newnickname' => 'Nouveau Pseudo:', 'newnickname' => 'Nouveau Pseudo:',
'nicknametaken' => 'Pseudo déjà pris', 'nicknametaken' => 'Pseudo déjà pris',
'nopass' => 'Mot de passe invalide (au moins % caractères), ne pas changer le pseudo', 'nopass' => 'Mot de passe invalide (au moins % caractères), ne pas changer le pseudo',

1
lang_id.php
View File

@ -308,7 +308,6 @@ $T=array(
'newer' => 'Baru', 'newer' => 'Baru',
'accessdenied' => 'Akses ditolak', 'accessdenied' => 'Akses ditolak',
'loggedinas' => 'Anda masuk sebagai %s dan tak dapat mengakses bagian ini.', 'loggedinas' => 'Anda masuk sebagai %s dan tak dapat mengakses bagian ini.',
'changenickname' => 'Ubah nama',
'newnickname' => 'Nama baru:', 'newnickname' => 'Nama baru:',
'nicknametaken' => 'Nama sudah ada', 'nicknametaken' => 'Nama sudah ada',
'nopass' => 'Kata sandi salah (Minimal %d karakter), tak merubah nama' 'nopass' => 'Kata sandi salah (Minimal %d karakter), tak merubah nama'