1
lostpass.php Have some error,On user by Gmail
Gmail on Chrome will use cache.google.com,If user click mail url【xoops_url/lostpass.php?email=xxx@xxx.com&code=xxxxx】
Will go to 【google_url/url?q=xoops_url/lostpass.php?email%3Dxxx@xxx.com%26code%3Dxxxxx&source=gmail&ust=xxxxxxxx&usg=xxxxxxx"】
cache.google.com will cache the URL,Will send 【lostpass1.tpl】again.
Fix it
if (empty($getuser)) {
$msg = _US_SORRYNOTFOUND;
redirect_header('user.php', 2, $msg);
} else {
$code = isset($_GET['code']) ? trim($_GET['code']) : '';
$areyou = substr($getuser[0]->getVar('pass'), 0, 9);
if ($code != '' && $areyou == $code) {
$newpass = xoops_makepass();
$xoopsMailer = xoops_getMailer();
$xoopsMailer->useMail();
$xoopsMailer->setTemplate('lostpass2.tpl');
$xoopsMailer->assign('SITENAME', $xoopsConfig['sitename']);
$xoopsMailer->assign('ADMINMAIL', $xoopsConfig['adminmail']);
$xoopsMailer->assign('SITEURL', XOOPS_URL . '/');
$xoopsMailer->assign('IP', $_SERVER['REMOTE_ADDR']);
$xoopsMailer->assign('AGENT', $_SERVER['HTTP_USER_AGENT']);
$xoopsMailer->assign('NEWPWD', $newpass);
$xoopsMailer->setToUsers($getuser[0]);
$xoopsMailer->setFromEmail($xoopsConfig['adminmail']);
$xoopsMailer->setFromName($xoopsConfig['sitename']);
$xoopsMailer->setSubject(sprintf(_US_NEWPWDREQ, XOOPS_URL));
if (!$xoopsMailer->send()) {
echo $xoopsMailer->getErrors();
}
// Next step: add the new password to the database
$sql = sprintf(
"UPDATE %s SET pass = '%s' WHERE uid = %u",
$xoopsDB->prefix('users'),
password_hash($newpass, PASSWORD_DEFAULT),
$getuser[0]->getVar('uid')
);
if (!$xoopsDB->queryF($sql)) {
include $GLOBALS['xoops']->path('header.php');
echo _US_MAILPWDNG;
include $GLOBALS['xoops']->path('footer.php');
exit();
}
redirect_header('user.php', 3, sprintf(_US_PWDMAILED, $getuser[0]->getVar('uname')), false);
// If no Code, send it
} elseif (isset($_POST['email'])) {
$xoopsMailer = xoops_getMailer();
$xoopsMailer->useMail();
$xoopsMailer->setTemplate('lostpass1.tpl');
$xoopsMailer->assign('SITENAME', $xoopsConfig['sitename']);
$xoopsMailer->assign('ADMINMAIL', $xoopsConfig['adminmail']);
$xoopsMailer->assign('SITEURL', XOOPS_URL . '/');
$xoopsMailer->assign('IP', $_SERVER['REMOTE_ADDR']);
$xoopsMailer->assign('AGENT', $_SERVER['HTTP_USER_AGENT']);
$xoopsMailer->assign('NEWPWD_LINK', XOOPS_URL . '/lostpass.php?email=' . $email . '&code=' . $areyou);
$xoopsMailer->setToUsers($getuser[0]);
$xoopsMailer->setFromEmail($xoopsConfig['adminmail']);
$xoopsMailer->setFromName($xoopsConfig['sitename']);
$xoopsMailer->setSubject(sprintf(_US_NEWPWDREQ, $xoopsConfig['sitename']));
include $GLOBALS['xoops']->path('header.php');
if (!$xoopsMailer->send()) {
echo $xoopsMailer->getErrors();
}
echo '';
printf(_US_CONFMAIL, $getuser[0]->getVar('uname'));
echo '';
include $GLOBALS['xoops']->path('footer.php');
} else {
redirect_header('user.php', 2, 'Please input your EMAIL.');
}
}
