diff --git a/includes/account.php b/includes/account.php
index 9e117d8..2f4f10a 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -897,6 +897,18 @@
$_SESSION['_config']['user']['A4'] = trim(mysql_escape_string(stripslashes($A4)));
$_SESSION['_config']['user']['A5'] = trim(mysql_escape_string(stripslashes($A5)));
+ if($_SESSION['_config']['user']['Q1'] == "" || $_SESSION['_config']['user']['Q2'] == "" ||
+ $_SESSION['_config']['user']['Q3'] == "" || $_SESSION['_config']['user']['Q4'] == "" ||
+ $_SESSION['_config']['user']['Q5'] == "")
+ {
+ $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 lost password questions and answers.")."
";
+ $id = $oldid;
+ unset($oldid);
+ }
+ }
+
+ if($oldid == 13 && $process != "")
+ {
if($_SESSION['profile']['points'] < 100)
{
if($_SESSION['_config']['user']['fname'] == "" || $_SESSION['_config']['user']['lname'] == "")
diff --git a/www/index.php b/www/index.php
index ba421a8..3c8bbe4 100644
--- a/www/index.php
+++ b/www/index.php
@@ -94,7 +94,7 @@
"---------------------------------------------------------------------\n";
sendmail("support@cacert.org", "[CAcert.org] Requested Pass Phrase Change", $body,
$_SESSION['lostpw']['user']['email'], "", "", $_SESSION['lostpw']['user']['fname']);
- $_SESSION['_config']['errmsg'] = _("You failed to get all answers correct or you didn't configure the minimum of 3 lost password questions for your account. System admins have been notified.");
+ $_SESSION['_config']['errmsg'] = _("You failed to get all answers correct or you didn't configure enough lost password questions for your account. System admins have been notified.");
} else if($_SESSION['lostpw']['pw1'] != $_SESSION['lostpw']['pw2'] || $_SESSION['lostpw']['pw1'] == "") {
$_SESSION['_config']['errmsg'] = _("New Pass Phrases specified don't match or were blank.");
} else if(strlen($_SESSION['lostpw']['pw1']) < 6) {
@@ -197,6 +197,13 @@
$row = mysql_fetch_assoc($res);
$_SESSION['profile']['points'] = $row['total'];
$_SESSION['profile']['loggedin'] = 1;
+ if($_SESSION['profile']['Q1'] == "" || $_SESSION['profile']['Q2'] == "" ||
+ $_SESSION['profile']['Q3'] == "" || $_SESSION['profile']['Q4'] == "" ||
+ $_SESSION['profile']['Q5'] == "")
+ {
+ $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 lost password questions and answers.")."
";
+ $_SESSION['_config']['oldlocation'] = "account.php?id=13";
+ }
if($_SESSION['_config']['oldlocation'] != "")
header("location: https://".$_SERVER['HTTP_HOST']."/".$_SESSION['_config']['oldlocation']);
else
@@ -234,6 +241,18 @@
$_SESSION['signup']['A3'] = trim(mysql_escape_string(stripslashes($A3)));
$_SESSION['signup']['A4'] = trim(mysql_escape_string(stripslashes($A4)));
$_SESSION['signup']['A5'] = trim(mysql_escape_string(stripslashes($A5)));
+
+ if($_SESSION['signup']['user']['Q1'] == "" || $_SESSION['signup']['user']['Q2'] == "" ||
+ $_SESSION['signup']['user']['Q3'] == "" || $_SESSION['signup']['user']['Q4'] == "" ||
+ $_SESSION['signup']['user']['Q5'] == "")
+ {
+ $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 lost password questions and answers.")."
\n";
+ $id = 1;
+ }
+ }
+
+ if($process && $oldid == 1)
+ {
$_SESSION['signup']['general'] = intval($_POST['general']);
$_SESSION['signup']['country'] = intval($_POST['country']);
$_SESSION['signup']['regional'] = intval($_POST['regional']);
diff --git a/www/src-lic.php b/www/src-lic.php
index dc1d031..2aade9e 100644
--- a/www/src-lic.php
+++ b/www/src-lic.php
@@ -1,7 +1,7 @@