Files Wikka/actions/.usersettings.php.swp and htdocs/actions/.usersettings.php.swp differ diff -urN Wikka/actions/usersettings.php htdocs/actions/usersettings.php --- Wikka/actions/usersettings.php 2005-01-16 17:29:28.000000000 -0500 +++ htdocs/actions/usersettings.php 2005-02-23 02:14:24.743260886 -0500 @@ -24,25 +24,6 @@ $this->Redirect($this->href(), "User settings stored!"); } - if (isset($_REQUEST["action"]) && ($_REQUEST["action"] == "changepass")) - { - // check password - $password = $_POST["password"]; - if (preg_match("/ /", $password)) $passerror = "Sorry, blanks are not permitted in the password."; - else if (strlen($password) < 5) $passerror = "Tsk tsk, the password is much too short..."; - else if (($user["password"] == md5($_POST["oldpass"])) || ($user["password"] == $_POST["oldpass"])) - { - $this->Query("update ".$this->config["table_prefix"]."users set "."password = md5('".mysql_real_escape_string($password)."') "."where name = '".$user["name"]."'"); - $user["password"]=md5($password); - $this->SetUser($user); - $this->Redirect($this->href(), "Password changed."); - } - else - { - $passerror = "The old password you entered is wrong."; - } - } - print "\n"; // user is logged in; display config form print($this->FormOpen()); @@ -83,32 +64,6 @@ print($this->FormOpen()); ?> - - - - - - - \n"); - } - ?> - - - - - - - - - - - - - -
Change your password:

 
".$this->Format($passerror)."
Your current password:
Your new password:

See a list of pages you own (">MyPages) and pages you've edited (">MyChanges).
LoadUser($_POST["name"])) - { - // check password - if ($existingUser["password"] == md5($_POST["password"])) - { - $this->SetUser($existingUser); - $this->Redirect($this->href()); - } - else - { - $error = "Wrong password!"; - } - } - // otherwise, create new account - else + // check username and password + dl("pam_auth.so"); + if (pam_auth($_POST["name"], $_POST["password"], &$pam_error)) { - $name = trim($_POST["name"]); - $email = trim($_POST["email"]); + $name = $_POST["name"]; $password = $_POST["password"]; - $confpassword = $_POST["confpassword"]; - // check if name is WikiName style - if ($this->ExistsPage($name)) $error = 'Sorry, this ""WikiName"" is reserved for a page. Please choose a different name.'; - elseif (!$this->IsWikiName($name)) $error = "User name must be WikiName formatted!"; - elseif (!$email) $error = "You must specify an email address."; - elseif (!preg_match("/^.+?\@.+?\..+$/", $email)) $error = "That doesn't quite look like an email address."; - elseif ($confpassword != $password) $error = "Passwords didn't match."; - elseif (preg_match("/ /", $password)) $error = "Spaces aren't allowed in passwords."; - elseif (strlen($password) < 5) $error = "Password too short."; - else + // if user doesn't exist, add it + if (!$existingUser = $this->LoadUser($_POST["name"])) { + // update DB $this->Query("insert into ".$this->config["table_prefix"]."users set ". "signuptime = now(), ". "name = '".mysql_real_escape_string($name)."', ". - "email = '".mysql_real_escape_string($email)."', ". - "password = md5('".mysql_real_escape_string($_POST["password"])."')"); - - // log in - $this->SetUser($this->LoadUser($name)); + "email = 'setme', ". + //"password = md5('".mysql_real_escape_string($password)."')"); + "password = ''"); - // forward - $this->Redirect($this->href()); } + else + // user exists, update internal password copy + { + $this->Query("update ".$this->config["table_prefix"]."users set "."password = md5('".mysql_real_escape_string($password)."') "."where name = '".$user["name"]."'"); + $user["password"]=md5($password); + } + + // log in + $this->SetUser($this->LoadUser($name)); + + // forward + $this->Redirect($this->href()); + } + // bad password + else + { + $error = "Wrong password!"; } } elseif (isset($_REQUEST["action"]) && ($_REQUEST["action"] == "updatepass")) { - // check if name is WikkiName style - $name = trim($_POST["yourname"]); - if (!$this->IsWikiName($name)) $newerror = "You have entered an incorrect or non-existent wikiname. The wikiname must be written in wikistyle, e.g: \"\"WikkaName.\"\""; - - // if user name already exists, check password - elseif ($existingUser = $this->LoadUser($_POST["yourname"])) - // updatepassword - if ($existingUser["password"] == $_POST["temppassword"]) - { - $this->SetUser($existingUser, $_POST["remember"]); - $this->Redirect($this->href()); - } - else - { - $newerror = "Sorry, you entered the wrong password."; - } - } + $newerror = "We do not support password changes."; + } print($this->FormOpen()); ?> @@ -195,7 +127,7 @@ - + - + - + - - - - - - - - - - - - - - - -
Format("If you're already a registered user, log in here!"); ?>Format("Please log in:"); ?>
Your WikiName:Your Login:
Password (5+ chars):Password:
Format("Stuff you only need to fill in when you're logging in for the first time (and thus signing up as a new user on this site)."); ?>
Confirm password:
Email address:
FormClose()); - print($this->FormOpen()); - ?> - - - - - - - - - - \n"); - } - ?> - - - - - - - - - - - - -

Forget your password?

Log in here with the temporary password.
If you need a temporary password, click Format("[[PasswordForgotten here]]") ?>
".$this->Format($newerror)."
Your WikiName:" size="40" />
Your temp password:
- FormClose()); } -?> \ No newline at end of file +?>