Rooba
/
boinc
mirror of https://github.com/BOINC/boinc.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

web: clean up "change password" pages 

For some reason these pages had their own login logic.
Remove this; you must be logged in first.
This commit is contained in:
David Anderson 2014-12-23 10:47:18 -08:00
parent 275e385148
commit b622136fd7
2 changed files with 13 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
html/user/edit_passwd_action.php
View File

@ -1,7 +1,7 @@
<?php
// This file is part of BOINC.
// http://boinc.berkeley.edu
// Copyright (C) 2008 University of California
// Copyright (C) 2014 University of California
//
// BOINC is free software; you can redistribute it and/or modify it
// under the terms of the GNU Lesser General Public License
@ -22,10 +22,9 @@ require_once("../inc/user.inc");
check_get_args(array());
$auth = post_str("auth", true);
$user = get_logged_in_user();
$email_addr = strtolower(post_str("email_addr", true));
$old_passwd = post_str("old_passwd", true);
$passwd = post_str("passwd");
$passwd2 = post_str("passwd2");
@ -41,33 +40,18 @@ if (!is_ascii($passwd)) {
error_page(tra("Passwords may only include ASCII characters."));
}
if (strlen($passwd)<$min_passwd_length) {
if (strlen($passwd) < $min_passwd_length) {
error_page(tra("New password is too short: minimum password length is %1 characters.", $min_passwd_length));
}
if ($auth) {
$user = BoincUser::lookup_auth($auth);
if (!$user) {
error_page(tra("Invalid account key"));
}
} else {
$user = BoincUser::lookup_email_addr($email_addr);
if (!$user) {
error_page(tra("No account with that email address was found"));
}
$passwd_hash = md5($old_passwd.$email_addr);
if ($user->passwd_hash != $passwd_hash) {
error_page(tra("Invalid password"));
}
$passwd_hash = md5($passwd.$user->email_addr);
$result = $user->update("passwd_hash='$passwd_hash'");
if (!$result) {
error_page(tra("We can't update your password due to a database problem. Please try again later."));
}
page_head(tra("Change password"));
$passwd_hash = md5($passwd.$user->email_addr);
$result = $user->update("passwd_hash='$passwd_hash'");
if ($result) {
echo tra("Your password has been changed.");
} else {
echo tra("We can't update your password due to a database problem. Please try again later.");
}
echo tra("Your password has been changed.");
page_tail();
?>

27
html/user/edit_passwd_form.php
View File

@ -1,7 +1,7 @@
<?php
// This file is part of BOINC.
// http://boinc.berkeley.edu
// Copyright (C) 2008 University of California
// Copyright (C) 2014 University of California
//
// BOINC is free software; you can redistribute it and/or modify it
// under the terms of the GNU Lesser General Public License
@ -20,7 +20,7 @@ require_once("../inc/util.inc");
check_get_args(array());
$user = get_logged_in_user(false);
$user = get_logged_in_user();
page_head(tra("Change password"));
@ -28,28 +28,7 @@ echo "
<form method=post action=".secure_url_base()."edit_passwd_action.php>
";
if ($user) {
echo "
<input type=hidden name=auth value=$user->authenticator>
";
start_table();
} else {
start_table();
row1(tra("You can identify yourself using either").
"<ul>".
"<li>".tra("your email address and old password").
"<li>".tra("your account key").
"</ul>"
);
row2(tra("Email address"), "<input name=email_addr size=40>");
row2(tra("Current password"), "<input type=password name=old_passwd size=40>");
row2(
tra("<b>OR</b>: Account key").
"<br><font size=-2><a href=get_passwd.php>".tra("Get account key by email")."</a>",
"<input name=auth size=40>"
);
}
start_table();
row2(tra("New password"), "<input type=password name=passwd size=40>");
row2(tra("New password, again"), "<input type=password name=passwd2 size=40>");
row2("", "<input class=\"btn btn-default\" type=submit value='".tra("Change password")."'>");