Changeset 6826


Ignore:
Timestamp:
Aug 31, 2010, 7:15:20 PM (14 years ago)
Author:
Eric
Message:

Bug 1825 fixed : Password corruption after Piwigo's profile page visit
New version 2.3.1 hard coded

File:
1 edited

Legend:

Unmodified
Added
Removed

  • extensions/Register_FluxBB/trunk/main.inc.php

    r6815 r6826  
    22/*
    33Plugin Name: Register FluxBB
    4 Version: 2.3.0
     4Version: 2.3.1
    55Description: Link user registration from Piwigo to FluxBB forum (registration, password changing, deletion) - Original Nicco's NBC_LinkUser2PunBB plugin upgraded to Piwigo / Liez l'inscription des utilisateurs de Piwigo avec votre forum FluxBB - Portage du plugin NBC_LinkUser2PunBB de Nicco vers Piwigo
    66Plugin URI: http://phpwebgallery.net/ext/extension_view.php?eid=252
     
    55552.2.4     - 22/08/10  - Bug 1812 fixed : Compliance with FluxBB 1.4
    5656
    57 2.3.0     - 01/09/10  - Bug 1434 fixed : Bridge between Register_FluxBB and UserAdvManager for new users validation
     572.3.0     - 28/08/10  - Bug 1434 fixed : Bridge between Register_FluxBB and UserAdvManager for new users validation
     58
     592.3.1     - 31/08/10  - Bug 1825 fixed : Password corruption after Piwigo's profile page visit
    5860--------------------------------------------------------------------------------
    5961*/
     
    109111
    110112
    111 
    112 add_event_handler('init', 'Register_FluxBB_InitPage');
    113  
    114 function Register_FluxBB_InitPage()
    115 {
    116   global $conf, $user ;
    117   include_once (REGFLUXBB_PATH.'include/functions.inc.php');
    118 
    119 /* user update */
    120   if (script_basename() == 'profile')
     113/* Profile management */
     114if (script_basename() == 'profile')
     115{
     116  add_event_handler('loc_begin_profile', 'Register_FluxBB_InitPage', EVENT_HANDLER_PRIORITY_NEUTRAL, 2);
     117
     118  function Register_FluxBB_InitPage()
    121119  {
    122     if (isset($_POST['validate']))
    123     {
    124       $errors = array();
    125 
    126       $int_pattern = '/^\d+$/';
    127       if (empty($_POST['nb_image_line'])
    128         or (!preg_match($int_pattern, $_POST['nb_image_line'])))
     120    global $conf, $user;
     121    include_once (REGFLUXBB_PATH.'include/functions.inc.php');
     122   
     123    if (isset($_POST['validate']) and !is_admin())
     124    {
     125    if (!empty($_POST['use_new_pwd']))
    129126      {
    130         $errors[] = l10n('nb_image_line_error');
    131       }
    132    
    133       if (empty($_POST['nb_line_page'])
    134         or (!preg_match($int_pattern, $_POST['nb_line_page'])))
    135       {
    136         $errors[] = l10n('nb_line_page_error');
    137       }
    138    
    139       if ($_POST['maxwidth'] != ''
    140         and (!preg_match($int_pattern, $_POST['maxwidth'])
    141         or $_POST['maxwidth'] < 50))
    142       {
    143         $errors[] = l10n('maxwidth_error');
    144       }
    145 
    146       if ($_POST['maxheight']
    147         and (!preg_match($int_pattern, $_POST['maxheight'])
    148         or $_POST['maxheight'] < 50))
    149       {
    150         $errors[] = l10n('maxheight_error');
    151       }
    152 
    153       if (isset($_POST['mail_address']))
    154       {
    155         $mail_error = validate_mail_address($user['id'],$_POST['mail_address']);
    156         if (!empty($mail_error))
    157         {
    158           $errors[] = $mail_error;
    159         }
    160       }
    161    
    162       if (!empty($_POST['use_new_pwd']))
    163       {
    164         // password must be the same as its confirmation
    165         if ($_POST['use_new_pwd'] != $_POST['passwordConf'])
    166         {
    167           $errors[] = l10n('New password confirmation does not correspond');
    168         }
    169    
    170         if ( !defined('IN_ADMIN') )
    171         {// changing password requires old password
    172           $query = '
    173 SELECT '.$conf['user_fields']['password'].' AS password
    174 FROM '.USERS_TABLE.'
    175 WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
    176 ;';
    177 
    178           list($current_password) = pwg_db_fetch_row(pwg_query($query));
    179      
    180           if ($conf['pass_convert']($_POST['password']) != $current_password)
    181           {
    182             $errors[] = l10n('Current password is wrong');
    183           }
    184         }
    185       }
    186    
    187       if (count($errors) == 0)
    188       {
    189         include_once (REGFLUXBB_PATH.'include/functions.inc.php');
    190      
    191         $query = '
     127      $query = '
    192128SELECT '.$conf['user_fields']['username'].' AS username
    193129FROM '.USERS_TABLE.'
     
    195131;';
    196132
    197         list($username) = pwg_db_fetch_row(pwg_query($query));
    198 
    199         FluxBB_Updateuser($user['id'], stripslashes($username), sha1($_POST['use_new_pwd']), $_POST['mail_address']);
     133      list($username) = pwg_db_fetch_row(pwg_query($query));
     134
     135      FluxBB_Updateuser($user['id'], stripslashes($username), sha1($_POST['use_new_pwd']), $_POST['mail_address']);
    200136      }
    201137    }
     
    205141
    206142/* Access validation in FluxBB when validated in Piwigo through UAM plugin */
    207 add_event_handler('login_success', 'UAM_Bridge');
     143add_event_handler('login_success', 'UAM_Bridge', EVENT_HANDLER_PRIORITY_NEUTRAL, 2);
    208144
    209145function UAM_Bridge()
Note: See TracChangeset for help on using the changeset viewer.