From 079438d6789a0c31323cc2b0fc5cd921b31cfd2d Mon Sep 17 00:00:00 2001 From: Robert Sesek Date: Fri, 22 Aug 2008 23:55:12 -0400 Subject: [PATCH] Working on the other functionality of login.php --- locale/en_US/emails/passwordreset.xml.tpl | 6 ++--- login.php | 30 ++++++++++++++--------- templates/lostpassword.tpl | 6 ++--- 3 files changed, 24 insertions(+), 18 deletions(-) diff --git a/locale/en_US/emails/passwordreset.xml.tpl b/locale/en_US/emails/passwordreset.xml.tpl index 8d43d06..a7b95de 100644 --- a/locale/en_US/emails/passwordreset.xml.tpl +++ b/locale/en_US/emails/passwordreset.xml.tpl @@ -1,10 +1,10 @@ - {bugdar::$options['trackertitle']} Password Reset + <%- bugdar::$options['trackertitle'] %> Password Reset Hi {$user->record['displayname']}, -You requested this lost password email at the {bugdar::$options['trackertitle']} bug tracker. To reset your password, simply click the link below (or paste it into your browser window exactly) and enter a new password. +You requested this lost password email at the <%- bugdar::$options['trackertitle'] %> bug tracker. To reset your password, simply click the link below (or paste it into your browser window exactly) and enter a new password. -{bugdar::$options['trackerurl']}/login.php?do=recoverpw&activator=$activator +<%- bugdar::$options['trackerurl'] %>/login.php?do=recoverpw&activator=<%- $activator %> If you did not request this, do not worry as this notice will expire in 24 hours. \ No newline at end of file diff --git a/login.php b/login.php index 0bdb0c2..1472312 100755 --- a/login.php +++ b/login.php @@ -89,9 +89,9 @@ if ($_REQUEST['do'] == 'logout') { if (bugdar::$userinfo['userid']) { - $db->query("DELETE FROM " . TABLE_PREFIX . "adminsession WHERE sessionid = '" . $bugsys->input_escape(COOKIE_PREFIX . 'adminsession') . "'"); + $db->query("DELETE FROM " . TABLE_PREFIX . "adminsession WHERE sessionid = '" . $input->inputEscape(COOKIE_PREFIX . 'adminsession') . "'"); $auth->clearCookies(); - BSFunctions::cookie(COOKIE_PREFIX . 'adminsession'); + BSFunctions::cookie(COOKIE_PREFIX . 'adminsession', null); $message->redirect(T('You have been logged out.'), ($_SERVER['HTTP_REFERER'] ? $_SERVER['HTTP_REFERER'] : 'index.php')); } else @@ -106,7 +106,7 @@ if ($_POST['do'] == 'sendpw') { $user = new UserAPI($bugsys); $user->set('email', $input->in['email'], true, false); // don't verify so we don't get errors about existing emails - $user->set_condition(array('email')); + $user->setCondition(array('email')); $user->fetch(); if ($message->hasErrors()) @@ -119,8 +119,10 @@ if ($_POST['do'] == 'sendpw') $activator = BSFunctions::random(25); $db->query("INSERT INTO " . TABLE_PREFIX . "passwordreset (activatorid, dateline, userid) VALUES ('" . $activator . "', " . TIMENOW . ", " . $user->record['userid'] . ")"); - eval('$email = "' . $template->fetch(FetchEmailPath('passwordreset.xml', bugdar::$datastore['language'][$user->record['languageid']]['langcode'])) . '";'); - $email = $bugsys->xml->parse($email); + $email = new BSTemplate(FetchEmailPath('passwordreset.xml', bugdar::$datastore['language'][$user->record['languageid']]['langcode'])); + $email->vars = array('activator' => $activator); + + $email = $bugsys->xml->parse($email->evaluate()->getTemplate()); $mail->setSubject($email['email']['subject']['value']); $mail->setBodyText($email['email']['bodyText']['value']); @@ -135,7 +137,7 @@ if ($_POST['do'] == 'sendpw') if ($_REQUEST['do'] == 'lostpw') { - eval('$template->flush("' . $template->fetch('lostpassword') . '");'); + BSTemplate::fetch('lostpassword')->evaluate()->flush(); } // ################################################################### @@ -146,7 +148,7 @@ if ($_POST['do'] == 'resetpw') $db->query("DELETE FROM " . TABLE_PREFIX . "passwordreset WHERE dateline < " . (TIMENOW - 86400)); // now look for ours - $activation = $db->queryFirst("SELECT * FROM " . TABLE_PREFIX . "passwordreset WHERE activatorid = '" . $bugsys->input_escape('activator') . "'"); + $activation = $db->queryFirst("SELECT * FROM " . TABLE_PREFIX . "passwordreset WHERE activatorid = '" . $input->inputEscape('activator') . "'"); if (!$activation) { $message->error(L_INVALID_ID); @@ -154,7 +156,6 @@ if ($_POST['do'] == 'resetpw') $user = new UserAPI($bugsys); $user->set('userid', $activation['userid']); - $user->set_condition(); if ($input->in['fix_password'] != $input->in['confirm_password']) { @@ -190,13 +191,18 @@ if ($_REQUEST['do'] == 'recoverpw') $db->query("DELETE FROM " . TABLE_PREFIX . "passwordreset WHERE dateline < " . (TIMENOW - 86400)); // now look for ours - $activation = $db->queryFirst("SELECT * FROM " . TABLE_PREFIX . "passwordreset WHERE activatorid = '" . $bugsys->input_escape('activator') . "'"); + $activation = $db->queryFirst("SELECT * FROM " . TABLE_PREFIX . "passwordreset WHERE activatorid = '" . $input->inputEscape('activator') . "'"); if (!$activation) { $message->error(T('Invalid activation reset key. Please make sure you copied the URL exactly as it appeared in the email.')); } - eval('$template->flush("' . $template->fetch('passwordreset') . '");'); + $tpl = new BSTemplate('passwordreset'); + $tpl->vars = array( + 'activation' => $activation, + 'message' => $message + ); + $tpl->evaluate()->flush(); } // ################################################################### @@ -205,8 +211,8 @@ if ($_REQUEST['do'] == 'cplogout') { if ($_COOKIE[COOKIE_PREFIX . 'adminsession']) { - $db->query("DELETE FROM " . TABLE_PREFIX . "adminsession WHERE sessionid = '" . $bugsys->input_escape(COOKIE_PREFIX . 'adminsession') . "'"); - BSFunctions::cookie(COOKIE_PREFIX . 'adminsession'); + $db->query("DELETE FROM " . TABLE_PREFIX . "adminsession WHERE sessionid = '" . $input->inputEscape(COOKIE_PREFIX . 'adminsession') . "'"); + BSFunctions::cookie(COOKIE_PREFIX . 'adminsession', null); $message->redirect(T('You have been logged out.'), 'admin/'); } else diff --git a/templates/lostpassword.tpl b/templates/lostpassword.tpl index 3b32111..e47c6d0 100644 --- a/templates/lostpassword.tpl +++ b/templates/lostpassword.tpl @@ -8,7 +8,7 @@ -$header +<%- $header %>
@@ -20,7 +20,7 @@ $header
<% if ($show['lostpwerror']): %>
<%-T("The specified email could not be found or it is invalid.")%>
<% endif %>
<%-T("Enter your email in the box below and you will receive a message with instructions on how to set a new password.")%>
-
<%-T("Email")%>:
+
<%-T("Email")%>:
@@ -32,4 +32,4 @@ $header -$footer \ No newline at end of file +<%- $footer %> \ No newline at end of file -- 2.43.5