@ -985,15 +985,6 @@
if($oldid == 13 & & $_REQUEST['process'] != "")
{
$_SESSION['_config']['user']['fname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['fname']))));
$_SESSION['_config']['user']['mname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['mname']))));
$_SESSION['_config']['user']['lname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['lname']))));
$_SESSION['_config']['user']['suffix'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['suffix']))));
$_SESSION['_config']['user']['day'] = intval($_REQUEST['day']);
$_SESSION['_config']['user']['month'] = intval($_REQUEST['month']);
$_SESSION['_config']['user']['year'] = intval($_REQUEST['year']);
$_SESSION['_config']['user']['otphash'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otphash']))));
$_SESSION['_config']['user']['otppin'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otppin']))));
$_SESSION['_config']['user']['Q1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q1']))));
$_SESSION['_config']['user']['Q2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q2']))));
$_SESSION['_config']['user']['Q3'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q3']))));
@ -1060,6 +1051,14 @@
$_SESSION['profile']['points'] = $ddrow['total'];
if($_SESSION['profile']['points'] == 0)
{
$_SESSION['_config']['user']['fname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['fname']))));
$_SESSION['_config']['user']['mname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['mname']))));
$_SESSION['_config']['user']['lname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['lname']))));
$_SESSION['_config']['user']['suffix'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['suffix']))));
$_SESSION['_config']['user']['day'] = intval($_REQUEST['day']);
$_SESSION['_config']['user']['month'] = intval($_REQUEST['month']);
$_SESSION['_config']['user']['year'] = intval($_REQUEST['year']);
if($_SESSION['_config']['user']['fname'] == "" || $_SESSION['_config']['user']['lname'] == "")
{
$_SESSION['_config']['errmsg'] .= _("First and Last name fields can not be blank.")."< br > ";
@ -1101,6 +1100,9 @@
where `id`='".$_SESSION['profile']['id']."'";
mysql_query($query);
//!!!Should be rewritten
$_SESSION['_config']['user']['otphash'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otphash']))));
$_SESSION['_config']['user']['otppin'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otppin']))));
if($_SESSION['_config']['user']['otphash'] != "" & & $_SESSION['_config']['user']['otppin'] != "")
{
$query = "update `users` set `otphash`='".$_SESSION['_config']['user']['otphash']."',
@ -1154,7 +1156,6 @@
mysql_query("update `users` set `password`=sha1('".$_SESSION['_config']['user']['pword1']."')
where `id`='".$_SESSION['profile']['id']."'");
echo _("Your Pass Phrase has been updated and your primary email account has been notified of the change.");
$body = sprintf(_("Hi %s,"),$_SESSION['_config']['user']['fname'])."\n";
$body .= _("You are receiving this email because you or someone else")."\n";
$body .= _("has changed the password on your account.")."\n";
@ -2284,6 +2285,17 @@
mysql_query("update `users` set `password`=sha1('".mysql_real_escape_string(stripslashes($_REQUEST['newpass']))."') where `id`='".intval($_REQUEST['userid'])."'");
$row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_REQUEST['userid']."'"));
printf(_("The password for %s has been updated successfully in the system."), $row['email']);
$body = sprintf(_("Hi %s,"),$row['fname'])."\n";
$body .= _("You are receiving this email because a CAcert administrator")."\n";
$body .= _("has changed the password on your account.")."\n";
$body .= _("Best regards")."\n"._("CAcert.org Support!");
sendmail($row['email'], "[CAcert.org] "._("Password Update Notification"), $body,
"support@cacert.org", "", "", "CAcert Support");
}
showfooter();
exit;
root
16 years ago