diff --git a/includes/account.php b/includes/account.php index 011c284..3b083a9 100644 --- a/includes/account.php +++ b/includes/account.php @@ -985,15 +985,6 @@ if($oldid == 13 && $_REQUEST['process'] != "") { - $_SESSION['_config']['user']['fname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['fname'])))); - $_SESSION['_config']['user']['mname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['mname'])))); - $_SESSION['_config']['user']['lname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['lname'])))); - $_SESSION['_config']['user']['suffix'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['suffix'])))); - $_SESSION['_config']['user']['day'] = intval($_REQUEST['day']); - $_SESSION['_config']['user']['month'] = intval($_REQUEST['month']); - $_SESSION['_config']['user']['year'] = intval($_REQUEST['year']); - $_SESSION['_config']['user']['otphash'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otphash'])))); - $_SESSION['_config']['user']['otppin'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otppin'])))); $_SESSION['_config']['user']['Q1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q1'])))); $_SESSION['_config']['user']['Q2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q2'])))); $_SESSION['_config']['user']['Q3'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q3'])))); @@ -1060,6 +1051,14 @@ $_SESSION['profile']['points'] = $ddrow['total']; if($_SESSION['profile']['points'] == 0) { + $_SESSION['_config']['user']['fname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['fname'])))); + $_SESSION['_config']['user']['mname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['mname'])))); + $_SESSION['_config']['user']['lname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['lname'])))); + $_SESSION['_config']['user']['suffix'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['suffix'])))); + $_SESSION['_config']['user']['day'] = intval($_REQUEST['day']); + $_SESSION['_config']['user']['month'] = intval($_REQUEST['month']); + $_SESSION['_config']['user']['year'] = intval($_REQUEST['year']); + if($_SESSION['_config']['user']['fname'] == "" || $_SESSION['_config']['user']['lname'] == "") { $_SESSION['_config']['errmsg'] .= _("First and Last name fields can not be blank.")."
"; @@ -1101,6 +1100,9 @@ where `id`='".$_SESSION['profile']['id']."'"; mysql_query($query); + //!!!Should be rewritten + $_SESSION['_config']['user']['otphash'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otphash'])))); + $_SESSION['_config']['user']['otppin'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otppin'])))); if($_SESSION['_config']['user']['otphash'] != "" && $_SESSION['_config']['user']['otppin'] != "") { $query = "update `users` set `otphash`='".$_SESSION['_config']['user']['otphash']."', @@ -1154,7 +1156,6 @@ mysql_query("update `users` set `password`=sha1('".$_SESSION['_config']['user']['pword1']."') where `id`='".$_SESSION['profile']['id']."'"); echo _("Your Pass Phrase has been updated and your primary email account has been notified of the change."); - $body = sprintf(_("Hi %s,"),$_SESSION['_config']['user']['fname'])."\n"; $body .= _("You are receiving this email because you or someone else")."\n"; $body .= _("has changed the password on your account.")."\n"; @@ -2284,6 +2285,17 @@ mysql_query("update `users` set `password`=sha1('".mysql_real_escape_string(stripslashes($_REQUEST['newpass']))."') where `id`='".intval($_REQUEST['userid'])."'"); $row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_REQUEST['userid']."'")); printf(_("The password for %s has been updated successfully in the system."), $row['email']); + + + $body = sprintf(_("Hi %s,"),$row['fname'])."\n"; + $body .= _("You are receiving this email because a CAcert administrator")."\n"; + $body .= _("has changed the password on your account.")."\n"; + + $body .= _("Best regards")."\n"._("CAcert.org Support!"); + + sendmail($row['email'], "[CAcert.org] "._("Password Update Notification"), $body, + "support@cacert.org", "", "", "CAcert Support"); + } showfooter(); exit;