Erlaube Useraccount-Initialisierung mit Kurz-URL /initXYZ (e31e3e4)

Erlaube Useraccount-Initialisierung mit Kurz-URL /initXYZ

Bernd Wurst commited on 2013-02-27 15:07:09
Zeige 3 geänderte Dateien mit 20 Einfügungen und 6 Löschungen.

.htaccess d98b77a..16d6ed7
modules/index/include/newpass.php d11dae1..bd08d99
modules/index/initialize_useraccount.php 19349db..a78727f

.htaccess

@@ -10,6 +10,7 @@
 
 RewriteEngine On
 RewriteRule ^go/(.*)$  dispatch.php?go=$1&%{QUERY_STRING}
+RewriteRule ^init(.*)$  dispatch.php?go=index/initialize_useraccount&token=$1&%{QUERY_STRING}
 
 
 #Order deny,allow

modules/index/include/newpass.php

Zeige Datei @ e31e3e4

@@ -36,6 +36,18 @@ function validate_token($customerno, $token)
 }
 
 
+function get_uid_for_token($token) 
+{
+  expire_tokens();
+  $token = mysql_real_escape_string($token);
+  $result = db_query("SELECT uid FROM system.usertoken WHERE token='{$token}';");
+  if (mysql_num_rows($result) == 0) {
+    return NULL;
+  }
+  $data = mysql_fetch_assoc($result);
+  return $data['uid'];  
+}
+
 function validate_uid_token($uid, $token)
 {
   expire_tokens();

modules/index/initialize_useraccount.php

Zeige Datei @ e31e3e4

@@ -14,20 +14,21 @@ http://creativecommons.org/publicdomain/zero/1.0/
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
 */
 
+require_once('newpass.php');
+require_once('inc/security.php');
+
 title("Passwort setzen");
 $show = 'token';
 
-if (isset($_REQUEST['uid']) and isset($_REQUEST['token']))
+if (isset($_REQUEST['token']))
 {
-  $uid = (int) $_REQUEST['uid'];
   $token = $_REQUEST['token'];
+  $uid = get_uid_for_token($token);
   
-  require_once('newpass.php');
-  require_once('inc/security.php');
-  if (validate_uid_token($uid, $token))
+  if ($uid != NULL && validate_uid_token($uid, $token))
   {
     $show = 'agb';
-    if ($_REQUEST['agb'] == '1') {
+    if (isset($_REQUEST['agb']) && $_REQUEST['agb'] == '1') {
       $show = 'password';
     }
     if (isset($_POST['password']))


...	...	@@ -36,6 +36,18 @@ function validate_token($customerno, $token)
36	36	}
37	37
38	38
	39	+function get_uid_for_token($token)
	40	+{
	41	+ expire_tokens();
	42	+ $token = mysql_real_escape_string($token);
	43	+ $result = db_query("SELECT uid FROM system.usertoken WHERE token='{$token}';");
	44	+ if (mysql_num_rows($result) == 0) {
	45	+ return NULL;
	46	+ }
	47	+ $data = mysql_fetch_assoc($result);
	48	+ return $data['uid'];
	49	+}
	50	+
39	51	function validate_uid_token($uid, $token)
40	52	{
41	53	expire_tokens();

...	...	@@ -10,6 +10,7 @@
10	10
11	11	RewriteEngine On
12	12	RewriteRule ^go/(.*)$ dispatch.php?go=$1&%{QUERY_STRING}
	13	+RewriteRule ^init(.*)$ dispatch.php?go=index/initialize_useraccount&token=$1&%{QUERY_STRING}
13	14
14	15
15	16	#Order deny,allow

...	...	@@ -14,20 +14,21 @@ http://creativecommons.org/publicdomain/zero/1.0/
14	14	Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15	15	*/
16	16
	17	+require_once('newpass.php');
	18	+require_once('inc/security.php');
	19	+
17	20	title("Passwort setzen");
18	21	$show = 'token';
19	22
20		-if (isset($_REQUEST['uid']) and isset($_REQUEST['token']))
	23	+if (isset($_REQUEST['token']))
21	24	{
22		- $uid = (int) $_REQUEST['uid'];
23	25	$token = $_REQUEST['token'];
	26	+ $uid = get_uid_for_token($token);
24	27
25		- require_once('newpass.php');
26		- require_once('inc/security.php');
27		- if (validate_uid_token($uid, $token))
	28	+ if ($uid != NULL && validate_uid_token($uid, $token))
28	29	{
29	30	$show = 'agb';
30		- if ($_REQUEST['agb'] == '1') {
	31	+ if (isset($_REQUEST['agb']) && $_REQUEST['agb'] == '1') {
31	32	$show = 'password';
32	33	}
33	34	if (isset($_POST['password']))
34	35

webinterface.git