Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
#1 2010-04-22 04:58:38
- Siguo
- Member
- From: Beijing, China
- Registered: 2008-05-22
- Posts: 44
a little problem with reset_author_pass function
this is the reset_author_pass function in txplib_admin.php:
function reset_author_pass($name)
{
$email = safe_field('email', 'txp_users', "name = '".doSlash($name)."'");
$new_pass = doSlash(generate_password(6));
$rs = safe_update('txp_users', "pass = password(lower('$new_pass'))", "name = '".doSlash($name)."'");
if ($rs){
if (send_new_password($new_pass, $email, $name)){
return(gTxt('password_sent_to').' '.$email);
}else{
return(gTxt('could_not_mail').' '.$email);
}
}else{
return(gTxt('could_not_update_author').' '.htmlspecialchars($name));
}
}the problem is we reset member’s password BEFORE sending email, so if the mail is disabled, the member can’t receive the new password, and he couldn’t login with old password.
Maybe we should edit it like this:
function reset_author_pass($name)
{
$email = safe_field('email', 'txp_users', "name = '".doSlash($name)."'");
$new_pass = doSlash(generate_password(6));
if (send_new_password($new_pass, $email, $name)){
$rs = safe_update('txp_users', "pass = password(lower('$new_pass'))", "name = '".doSlash($name)."'");
if($rs){
return(gTxt('password_sent_to').' '.$email);
}else{
return(gTxt('could_not_update_author').' '.htmlspecialchars($name));
}
}else{
return(gTxt('could_not_mail').' '.$email);
}
}Last edited by Siguo (2010-04-22 05:04:32)
Offline
Re: a little problem with reset_author_pass function
We may safely assume a working mail function as send_reset_confirmation_request() is sending out the confirmation mail in a previous step.
Offline