Announcement

Collapse
No announcement yet.

sec_change_pwd

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • sec_change_pwd

    I'm just curious how long it is going to take to straighten out your bad code. I just spent 2 hours debugging your generated code for sec_change_pwd because:
    1) it was validating an old password when I was changing the password based on the link within the generated email for a lost password
    2) after that it was trying to validate the old password which is not valid in this situation

    Your quality assurance of your generated code is horrible. Apparently you take any pride in releasing reliable/usable code.

  • #2
    Here is what I'm using now.

    if( (!isset({old_pswd}) || empty({old_pswd}) ) && (!isset([act_code]) || empty([act_code]) ) )
    {
    sc_error_message({lang_error_old_pswd});
    sc_error_exit();
    }

    if({pswd} != {confirm_pswd})
    {
    sc_error_message({lang_error_pswd});
    sc_error_exit();
    }

    $spswd = sc_sql_injection(md5({pswd}));

    if (isset([act_code]) && !empty([act_code]))
    {
    $sold_pswd = "activation_code= ". sc_sql_injection([act_code]) . "AND pswd = ". sc_sql_injection(md5({old_pswd}));
    }
    else
    {
    $sold_pswd = " pswd = ". sc_sql_injection(md5({old_pswd}));
    }
    //$sold_pswd = ( isset([act_code]) && !empty([act_code]) ) ? "activation_code= ". sc_sql_injection([act_code]) : " pswd = ". sc_sql_injection(md5({old_pswd}));

    if((isset({old_pswd}) || !empty({old_pswd})) && (!isset([act_code]) || empty([act_code])))
    {
    $sql = "SELECT count(*) FROM sec_users WHERE ". $sold_pswd ." AND login = '". [usr_login] . "'";
    sc_lookup(rs, $sql);

    if({rs} === FALSE || {rs}[0][0] == 0)
    {
    sc_error_message({lang_error_old_pswd});
    sc_error_exit();
    }
    }
    unset([act_code]);
    Last edited by pkrawetzky; 06-15-2016, 11:40 AM.

    Comment

    Working...
    X