Working on the other functionality of login.php

diff --git a/locale/en_US/emails/passwordreset.xml.tpl b/locale/en_US/emails/passwordreset.xml.tpl
index 8d43d063af7b18f1472fe1becf9f8d00a869adf2..a7b95dea5faff0344cdb0a2e09dcf7ae5bee1d26 100644 (file)
--- a/locale/en_US/emails/passwordreset.xml.tpl
+++ b/locale/en_US/emails/passwordreset.xml.tpl
@@ -1,10 +1,10 @@
 <email>
-       <subject>{bugdar::$options['trackertitle']} Password Reset</subject>
+       <subject><%- bugdar::$options['trackertitle'] %> Password Reset</subject>
        <bodyText>Hi {$user->record['displayname']},
 
-You requested this lost password email at the {bugdar::$options['trackertitle']} bug tracker. To reset your password, simply click the link below (or paste it into your browser window exactly) and enter a new password.
+You requested this lost password email at the <%- bugdar::$options['trackertitle'] %> bug tracker. To reset your password, simply click the link below (or paste it into your browser window exactly) and enter a new password.
 
-{bugdar::$options['trackerurl']}/login.php?do=recoverpw&amp;activator=$activator
+<%- bugdar::$options['trackerurl'] %>/login.php?do=recoverpw&amp;activator=<%- $activator %>
 
 If you did not request this, do not worry as this notice will expire in 24 hours.</bodyText>
 </email>
\ No newline at end of file

diff --git a/login.php b/login.php
index 0bdb0c2d431e6f297e5f91db56ed4f74200fdcb3..14723127908056af262644f1341157a7d0c0df23 100755 (executable)
--- a/login.php
+++ b/login.php
@@ -89,9 +89,9 @@ if ($_REQUEST['do'] == 'logout')
 {
        if (bugdar::$userinfo['userid'])
        {
-               $db->query("DELETE FROM " . TABLE_PREFIX . "adminsession WHERE sessionid = '" . $bugsys->input_escape(COOKIE_PREFIX . 'adminsession') . "'");
+               $db->query("DELETE FROM " . TABLE_PREFIX . "adminsession WHERE sessionid = '" . $input->inputEscape(COOKIE_PREFIX . 'adminsession') . "'");
                $auth->clearCookies();
-               BSFunctions::cookie(COOKIE_PREFIX . 'adminsession');
+               BSFunctions::cookie(COOKIE_PREFIX . 'adminsession', null);
                $message->redirect(T('You have been logged out.'), ($_SERVER['HTTP_REFERER'] ? $_SERVER['HTTP_REFERER'] : 'index.php'));
        }
        else
@@ -106,7 +106,7 @@ if ($_POST['do'] == 'sendpw')
 {      
        $user = new UserAPI($bugsys);
        $user->set('email', $input->in['email'], true, false); // don't verify so we don't get errors about existing emails
-       $user->set_condition(array('email'));
+       $user->setCondition(array('email'));
        $user->fetch();
        
        if ($message->hasErrors())
@@ -119,8 +119,10 @@ if ($_POST['do'] == 'sendpw')
                $activator = BSFunctions::random(25);
                $db->query("INSERT INTO " . TABLE_PREFIX . "passwordreset (activatorid, dateline, userid) VALUES ('" . $activator . "', " . TIMENOW . ", " . $user->record['userid'] . ")");
                
-               eval('$email = "' . $template->fetch(FetchEmailPath('passwordreset.xml', bugdar::$datastore['language'][$user->record['languageid']]['langcode'])) . '";');
-               $email = $bugsys->xml->parse($email);
+               $email = new BSTemplate(FetchEmailPath('passwordreset.xml', bugdar::$datastore['language'][$user->record['languageid']]['langcode']));
+               $email->vars = array('activator' => $activator);
+               
+               $email = $bugsys->xml->parse($email->evaluate()->getTemplate());
                
                $mail->setSubject($email['email']['subject']['value']);
                $mail->setBodyText($email['email']['bodyText']['value']);
@@ -135,7 +137,7 @@ if ($_POST['do'] == 'sendpw')
 
 if ($_REQUEST['do'] == 'lostpw')
 {
-       eval('$template->flush("' . $template->fetch('lostpassword') . '");');
+       BSTemplate::fetch('lostpassword')->evaluate()->flush();
 }
 
 // ###################################################################
@@ -146,7 +148,7 @@ if ($_POST['do'] == 'resetpw')
        $db->query("DELETE FROM " . TABLE_PREFIX . "passwordreset WHERE dateline < " . (TIMENOW - 86400));
        
        // now look for ours
-       $activation = $db->queryFirst("SELECT * FROM " . TABLE_PREFIX . "passwordreset WHERE activatorid = '" . $bugsys->input_escape('activator') . "'");
+       $activation = $db->queryFirst("SELECT * FROM " . TABLE_PREFIX . "passwordreset WHERE activatorid = '" . $input->inputEscape('activator') . "'");
        if (!$activation)
        {
                $message->error(L_INVALID_ID);
@@ -154,7 +156,6 @@ if ($_POST['do'] == 'resetpw')
        
        $user = new UserAPI($bugsys);
        $user->set('userid', $activation['userid']);
-       $user->set_condition();
        
        if ($input->in['fix_password'] != $input->in['confirm_password'])
        {
@@ -190,13 +191,18 @@ if ($_REQUEST['do'] == 'recoverpw')
        $db->query("DELETE FROM " . TABLE_PREFIX . "passwordreset WHERE dateline < " . (TIMENOW - 86400));
        
        // now look for ours
-       $activation = $db->queryFirst("SELECT * FROM " . TABLE_PREFIX . "passwordreset WHERE activatorid = '" . $bugsys->input_escape('activator') . "'");
+       $activation = $db->queryFirst("SELECT * FROM " . TABLE_PREFIX . "passwordreset WHERE activatorid = '" . $input->inputEscape('activator') . "'");
        if (!$activation)
        {
                $message->error(T('Invalid activation reset key. Please make sure you copied the URL exactly as it appeared in the email.'));
        }
        
-       eval('$template->flush("' . $template->fetch('passwordreset') . '");');
+       $tpl = new BSTemplate('passwordreset');
+       $tpl->vars = array(
+               'activation'    => $activation,
+               'message'               => $message
+       );
+       $tpl->evaluate()->flush();
 }
 
 // ###################################################################
@@ -205,8 +211,8 @@ if ($_REQUEST['do'] == 'cplogout')
 {
        if ($_COOKIE[COOKIE_PREFIX . 'adminsession'])
        {
-               $db->query("DELETE FROM " . TABLE_PREFIX . "adminsession WHERE sessionid = '" . $bugsys->input_escape(COOKIE_PREFIX . 'adminsession') . "'");
-               BSFunctions::cookie(COOKIE_PREFIX . 'adminsession');
+               $db->query("DELETE FROM " . TABLE_PREFIX . "adminsession WHERE sessionid = '" . $input->inputEscape(COOKIE_PREFIX . 'adminsession') . "'");
+               BSFunctions::cookie(COOKIE_PREFIX . 'adminsession', null);
                $message->redirect(T('You have been logged out.'), 'admin/');
        }
        else

diff --git a/templates/lostpassword.tpl b/templates/lostpassword.tpl
index 3b3211176dcaf73d9d8506f7cec1628b5c89095f..e47c6d0a9d04fd1473aa272927b46e394a7a415f 100644 (file)
--- a/templates/lostpassword.tpl
+++ b/templates/lostpassword.tpl
@@ -8,7 +8,7 @@
 
 <body>
 
-$header
+<%- $header %>
 
 <form action="login.php" name="lostpw" method="post">
 <input type="hidden" name="do" value="sendpw" />
@@ -20,7 +20,7 @@ $header
                <div class="box-mid">
                        <% if ($show['lostpwerror']): %><div class="error"><%-T("The specified email could not be found or it is invalid.")%></div><% endif %>
                        <div><%-T("Enter your email in the box below and you will receive a message with instructions on how to set a new password.")%></div>
-                       <div><strong><%-T("Email")%>:</strong> <input type="text" name="email" size="30" value="{$input->in['email']}" /></div>
+                       <div><strong><%-T("Email")%>:</strong> <input type="text" name="email" size="30" value="<%- $input->in['email'] %>" /></div>
                </div>
 
                <div class="box-foot box-center">
@@ -32,4 +32,4 @@ $header
 
 </form>
 
-$footer
\ No newline at end of file
+<%- $footer %>
\ No newline at end of file