onokazu
onoka****@users*****
2005年 7月 18日 (月) 15:49:07 JST
Index: xoops2jp/html/lostpass.php
diff -u xoops2jp/html/lostpass.php:1.2.10.1 xoops2jp/html/lostpass.php:1.2.10.2
--- xoops2jp/html/lostpass.php:1.2.10.1 Thu Jun 30 01:40:24 2005
+++ xoops2jp/html/lostpass.php Mon Jul 18 15:49:07 2005
@@ -1,5 +1,5 @@
<?php
-// $Id: lostpass.php,v 1.2.10.1 2005/06/29 16:40:24 onokazu Exp $
+// $Id: lostpass.php,v 1.2.10.2 2005/07/18 06:49:07 onokazu Exp $
// ------------------------------------------------------------------------ //
// XOOPS - PHP Content Management System //
// Copyright (c) 2000 XOOPS.org //
@@ -27,72 +27,73 @@
$xoopsOption['pagetype'] = "user";
include "mainfile.php";
-$myts =& MyTextSanitizer::getInstance();
-$email = isset($_GET['email']) ? $myts->stripSlashesGPC(trim($_GET['email'])) : '';
-$email = isset($_POST['email']) ? $myts->stripSlashesGPC(trim($_POST['email'])) : $email;
+$email = isset($_GET['email']) ? trim($_GET['email']) : '';
+$email = isset($_POST['email']) ? trim($_POST['email']) : $email;
if ($email == '') {
- redirect_header("user.php",2,_US_SORRYNOTFOUND);
- exit();
+ redirect_header("user.php",2,_US_SORRYNOTFOUND);
+ exit();
}
+
+$myts =& MyTextSanitizer::getInstance();
$member_handler =& xoops_gethandler('member');
-$getuser =& $member_handler->getUsers(new Criteria('email', $email));
+$getuser =& $member_handler->getUsers(new Criteria('email', $myts->addSlashes($email)));
if (empty($getuser)) {
- redirect_header("user.php",2,_US_SORRYNOTFOUND);
- exit();
+ redirect_header("user.php",2,_US_SORRYNOTFOUND);
+ exit();
} else {
- $code = isset($_GET['code']) ? trim($_GET['code']) : '';
- $areyou = substr($getuser[0]->getVar("pass"), 0, 5);
- if ($code != '' && $areyou == $code) {
- $newpass = xoops_makepass();
- $xoopsMailer =& getMailer();
- $xoopsMailer->useMail();
- $xoopsMailer->setTemplate("lostpass2.tpl");
- $xoopsMailer->assign("SITENAME", $xoopsConfig['sitename']);
- $xoopsMailer->assign("ADMINMAIL", $xoopsConfig['adminmail']);
- $xoopsMailer->assign("SITEURL", XOOPS_URL."/");
- $xoopsMailer->assign("IP", $_SERVER['REMOTE_ADDR']);
- $xoopsMailer->assign("NEWPWD", $newpass);
- $xoopsMailer->setToUsers($getuser[0]);
- $xoopsMailer->setFromEmail($xoopsConfig['adminmail']);
- $xoopsMailer->setFromName($xoopsConfig['sitename']);
- $xoopsMailer->setSubject(sprintf(_US_NEWPWDREQ,XOOPS_URL));
- if ( !$xoopsMailer->send() ) {
- echo $xoopsMailer->getErrors();
- }
+ $code = isset($_GET['code']) ? trim($_GET['code']) : '';
+ $areyou = substr($getuser[0]->getVar("pass"), 0, 5);
+ if ($code != '' && $areyou == $code) {
+ $newpass = xoops_makepass();
+ $xoopsMailer =& getMailer();
+ $xoopsMailer->useMail();
+ $xoopsMailer->setTemplate("lostpass2.tpl");
+ $xoopsMailer->assign("SITENAME", $xoopsConfig['sitename']);
+ $xoopsMailer->assign("ADMINMAIL", $xoopsConfig['adminmail']);
+ $xoopsMailer->assign("SITEURL", XOOPS_URL."/");
+ $xoopsMailer->assign("IP", $_SERVER['REMOTE_ADDR']);
+ $xoopsMailer->assign("NEWPWD", $newpass);
+ $xoopsMailer->setToUsers($getuser[0]);
+ $xoopsMailer->setFromEmail($xoopsConfig['adminmail']);
+ $xoopsMailer->setFromName($xoopsConfig['sitename']);
+ $xoopsMailer->setSubject(sprintf(_US_NEWPWDREQ,XOOPS_URL));
+ if ( !$xoopsMailer->send() ) {
+ echo $xoopsMailer->getErrors();
+ }
- // Next step: add the new password to the database
- $sql = sprintf("UPDATE %s SET pass = '%s' WHERE uid = %u", $xoopsDB->prefix("users"), md5($newpass), $getuser[0]->getVar('uid'));
- if ( !$xoopsDB->queryF($sql) ) {
- include "header.php";
- echo _US_MAILPWDNG;
- include "footer.php";
- exit();
- }
- redirect_header("user.php", 3, sprintf(_US_PWDMAILED,$getuser[0]->getVar("uname")), false);
- exit();
- // If no Code, send it
- } else {
- $xoopsMailer =& getMailer();
- $xoopsMailer->useMail();
- $xoopsMailer->setTemplate("lostpass1.tpl");
- $xoopsMailer->assign("SITENAME", $xoopsConfig['sitename']);
- $xoopsMailer->assign("ADMINMAIL", $xoopsConfig['adminmail']);
- $xoopsMailer->assign("SITEURL", XOOPS_URL."/");
- $xoopsMailer->assign("IP", $_SERVER['REMOTE_ADDR']);
- $xoopsMailer->assign("NEWPWD_LINK", XOOPS_URL."/lostpass.php?email=".$email."&code=".$areyou);
- $xoopsMailer->setToUsers($getuser[0]);
- $xoopsMailer->setFromEmail($xoopsConfig['adminmail']);
- $xoopsMailer->setFromName($xoopsConfig['sitename']);
- $xoopsMailer->setSubject(sprintf(_US_NEWPWDREQ,$xoopsConfig['sitename']));
- include "header.php";
- if ( !$xoopsMailer->send() ) {
- echo $xoopsMailer->getErrors();
- }
- echo "<h4>";
- printf(_US_CONFMAIL,$getuser[0]->getVar("uname"));
- echo "</h4>";
- include "footer.php";
- }
+ // Next step: add the new password to the database
+ $sql = sprintf("UPDATE %s SET pass = '%s' WHERE uid = %u", $xoopsDB->prefix("users"), md5($newpass), $getuser[0]->getVar('uid'));
+ if ( !$xoopsDB->queryF($sql) ) {
+ include "header.php";
+ echo _US_MAILPWDNG;
+ include "footer.php";
+ exit();
+ }
+ redirect_header("user.php", 3, sprintf(_US_PWDMAILED,$getuser[0]->getVar("uname")), false);
+ exit();
+ // If no Code, send it
+ } else {
+ $xoopsMailer =& getMailer();
+ $xoopsMailer->useMail();
+ $xoopsMailer->setTemplate("lostpass1.tpl");
+ $xoopsMailer->assign("SITENAME", $xoopsConfig['sitename']);
+ $xoopsMailer->assign("ADMINMAIL", $xoopsConfig['adminmail']);
+ $xoopsMailer->assign("SITEURL", XOOPS_URL."/");
+ $xoopsMailer->assign("IP", $_SERVER['REMOTE_ADDR']);
+ $xoopsMailer->assign("NEWPWD_LINK", XOOPS_URL."/lostpass.php?email=".$email."&code=".$areyou);
+ $xoopsMailer->setToUsers($getuser[0]);
+ $xoopsMailer->setFromEmail($xoopsConfig['adminmail']);
+ $xoopsMailer->setFromName($xoopsConfig['sitename']);
+ $xoopsMailer->setSubject(sprintf(_US_NEWPWDREQ,$xoopsConfig['sitename']));
+ include "header.php";
+ if ( !$xoopsMailer->send() ) {
+ echo $xoopsMailer->getErrors();
+ }
+ echo "<h4>";
+ printf(_US_CONFMAIL,$getuser[0]->getVar("uname"));
+ echo "</h4>";
+ include "footer.php";
+ }
}
?>
\ No newline at end of file