here is
Tue, Apr 27, 2004 at 11:48:02AM +0200 [EMAIL PROTECTED] napsal:
> There is small patch. It is not ready, but almost everything is done. It needed to
> write tranfer script from 0.7 to new version of VegaDNS. You need run on mysql
> console this:
> alter table accounts change column Password Password varchar(34);
> and reedit all users by hand.
> Sun, Apr 25, 2004 at 10:31:57PM +0200 [EMAIL PROTECTED] napsal:
> > ok, i will work on it
> > Sat, Apr 24, 2004 at 07:05:15AM -0700 Bill Shupp napsal:
> > > [EMAIL PROTECTED] wrote:
> > > >But this is not secure....If user forgot his password, you can generate
> > > >new and send it by e-mail
> > >
> > > Please feel free to submit a patch. :)
> > >
> > > Bill
diff -Naur vegadns-0.7.old/src/check_account_data.php
vegadns-0.7/src/check_account_data.php
--- vegadns-0.7.old/src/check_account_data.php Wed Jan 21 21:25:44 2004
+++ vegadns-0.7/src/check_account_data.php Tue Apr 27 11:37:48 2004
@@ -60,13 +60,13 @@
}
}
-if($_REQUEST['password'] == '') {
+/*if($_REQUEST['password'] == '') {
$smarty->assign('message', "<span class=\"error\">Error: no password
supplied</span>\n");
$smarty->display('header.tpl');
require('src/account_form.php');
$smarty->display('footer.tpl');
exit;
-}
+}*/
if($_REQUEST['password'] != $_REQUEST['password2']) {
$smarty->assign('message', "<span class=\"error\">Error: passwords do not
match</span>\n");
$smarty->display('header.tpl');
diff -Naur vegadns-0.7.old/src/functions.php vegadns-0.7/src/functions.php
--- vegadns-0.7.old/src/functions.php Wed Apr 21 23:18:48 2004
+++ vegadns-0.7/src/functions.php Tue Apr 27 11:33:08 2004
@@ -33,10 +33,9 @@
// Garbage collection for sessions
$oldsessions = time()-$timeout;
mysql_query("delete from active_sessions where time < $oldsessions");
-
$result = mysql_query("select Email from accounts where
Email='".strtolower($email)."' and
- Password='$password' and
+ Password='".md5($password)."' and
Status='active' LIMIT 1") or die(mysql_error());
$resultarray = mysql_fetch_array($result);
if($resultarray['Email'] != "") {
diff -Naur vegadns-0.7.old/src/help.php vegadns-0.7/src/help.php
--- vegadns-0.7.old/src/help.php Wed Jan 21 21:50:31 2004
+++ vegadns-0.7/src/help.php Tue Apr 27 11:26:40 2004
@@ -44,7 +44,7 @@
// Make sure it's in the database
require('src/connect.php');
- $result = mysql_query("select password from accounts where Email='".
+ $result = mysql_query("select cid from accounts where Email='".
strtolower($_REQUEST['username'])."'") or die(mysql_error());
if(mysql_num_rows($result) < 1) {
@@ -53,10 +53,12 @@
header("Location:
".$_SERVER['PHP_SELF']."?".SID."&state=help&message=$message");
exit;
} else {
-
+ $fa=mysql_fetch_array($result);
// Send Password
+ $newpass =
substr(md5(rand(0,10000)."vegadns_".$_REQUEST['username'].rand(0,10000)),0,rand(5,8));
+ mysql_query("update accounts set Password='".md5($newpass)."' where
cid=".$fa[0]);
$body = "Here is your requested information:\n\n";
- $body .= mysql_result($result, password)."\n\n";
+ $body .= "Your new password is: ".$newpass."\n\n";
$body .= "If you have further questions, please contact $supportemailm\n";
$body .= "\n\nThanks,\n\n";
$body .= "The VegaDNS Team";
diff -Naur vegadns-0.7.old/src/users.php vegadns-0.7/src/users.php
--- vegadns-0.7.old/src/users.php Wed Jan 21 21:50:51 2004
+++ vegadns-0.7/src/users.php Tue Apr 27 11:39:09 2004
@@ -91,14 +91,14 @@
First_Name='".mysql_escape_string($_REQUEST['first_name'])."',
Last_Name='".mysql_escape_string($_REQUEST['last_name'])."',
Phone='".mysql_escape_string($_REQUEST['phone'])."',
- Email='".mysql_escape_string(strtolower($_REQUEST['email_address']))."',
- Password='".mysql_escape_string($_REQUEST['password'])."'";
-
+ Email='".mysql_escape_string(strtolower($_REQUEST['email_address']))."'";
+ if ($_REQUEST['password']!="") {
+ $q .= ", Password='".md5(mysql_escape_string($_REQUEST['password']))."'";
+ }
if($user_info['Account_Type'] == 'senior_admin') {
$q .= ", Account_Type='".$_REQUEST['account_type']."'";
$q .= ", Status='".$_REQUEST['status']."'";
}
-
$q .= " where cid='".get_cid($account_info['Email'])."'";
mysql_query($q) or die(mysql_error());
@@ -172,7 +172,7 @@
'".mysql_escape_string($_REQUEST['last_name'])."',
'".mysql_escape_string($_REQUEST['email_address'])."',
'".mysql_escape_string($_REQUEST['phone'])."',
- '".mysql_escape_string($_REQUEST['password'])."',";
+ '".md5(mysql_escape_string($_REQUEST['password']))."',";
if($user_info['Account_Type'] == 'group_admin') {
$q .= " 'user',
'active')";
diff -Naur vegadns-0.7.old/templates/account_form.tpl
vegadns-0.7/templates/account_form.tpl
--- vegadns-0.7.old/templates/account_form.tpl Sat Mar 20 00:17:52 2004
+++ vegadns-0.7/templates/account_form.tpl Tue Apr 27 11:37:07 2004
@@ -32,11 +32,11 @@
</tr>
<tr bgcolor="#eeeeee">
<td>Password:</td>
- <td><input type="password" name="password" value="{$password|escape}"></td>
+ <td><input type="password" name="password"></td>
</tr>
<tr bgcolor="#eeeeee">
<td>Re-Type Password:</td>
- <td><input type="password" name="password2" value="{$password2|escape}"></td>
+ <td><input type="password" name="password2"></td>
{if $user_account_type == 'senior_admin'}
<tr bgcolor=#eeeeee>
<td>Account Type:</td>
