Browse code

Erlaube Useraccount-Initialisierung mit Kurz-URL /initXYZ

Bernd Wurst authored on27/02/2013 15:07:09
Showing3 changed files
... ...
@@ -10,6 +10,7 @@
10 10
 
11 11
 RewriteEngine On
12 12
 RewriteRule ^go/(.*)$  dispatch.php?go=$1&%{QUERY_STRING}
13
+RewriteRule ^init(.*)$  dispatch.php?go=index/initialize_useraccount&token=$1&%{QUERY_STRING}
13 14
 
14 15
 
15 16
 #Order deny,allow
... ...
@@ -36,6 +36,18 @@ function validate_token($customerno, $token)
36 36
 }
37 37
 
38 38
 
39
+function get_uid_for_token($token) 
40
+{
41
+  expire_tokens();
42
+  $token = mysql_real_escape_string($token);
43
+  $result = db_query("SELECT uid FROM system.usertoken WHERE token='{$token}';");
44
+  if (mysql_num_rows($result) == 0) {
45
+    return NULL;
46
+  }
47
+  $data = mysql_fetch_assoc($result);
48
+  return $data['uid'];  
49
+}
50
+
39 51
 function validate_uid_token($uid, $token)
40 52
 {
41 53
   expire_tokens();
... ...
@@ -14,20 +14,21 @@ http://creativecommons.org/publicdomain/zero/1.0/
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15 15
 */
16 16
 
17
+require_once('newpass.php');
18
+require_once('inc/security.php');
19
+
17 20
 title("Passwort setzen");
18 21
 $show = 'token';
19 22
 
20
-if (isset($_REQUEST['uid']) and isset($_REQUEST['token']))
23
+if (isset($_REQUEST['token']))
21 24
 {
22
-  $uid = (int) $_REQUEST['uid'];
23 25
   $token = $_REQUEST['token'];
26
+  $uid = get_uid_for_token($token);
24 27
   
25
-  require_once('newpass.php');
26
-  require_once('inc/security.php');
27
-  if (validate_uid_token($uid, $token))
28
+  if ($uid != NULL && validate_uid_token($uid, $token))
28 29
   {
29 30
     $show = 'agb';
30
-    if ($_REQUEST['agb'] == '1') {
31
+    if (isset($_REQUEST['agb']) && $_REQUEST['agb'] == '1') {
31 32
       $show = 'password';
32 33
     }
33 34
     if (isset($_POST['password']))
... ...
@@ -47,8 +48,8 @@ if (isset($_REQUEST['uid']) and isset($_REQUEST['token']))
47 48
         success_msg('Das Passwort wurde gesetzt!');
48 49
         invalidate_systemuser_token($uid);
49 50
         $_SESSION['role'] = find_role($uid, '', True);;
50
-	setup_session($_SESSION['role'], $uid);
51
-	title("Passwort gesetzt");
51
+      	setup_session($_SESSION['role'], $uid);
52
+      	title("Passwort gesetzt");
52 53
         output('<p>Ihr neues Passwort wurde gesetzt, Sie können jetzt '.internal_link('index', 'die Web-Oberfläche sofort benutzen').'.</p>');
53 54
         $show = NULL;
54 55
       }