diff options
author | Lukas Fleischer <archlinux@cryptocrack.de> | 2013-03-25 02:15:12 +0100 |
---|---|---|
committer | Lukas Fleischer <archlinux@cryptocrack.de> | 2013-03-25 02:15:12 +0100 |
commit | cd59a313b40a8611072a4bdd7896e5cf8dab24ee (patch) | |
tree | db715ab6c49538f4f2038bc2552f2b7939179c4d | |
parent | 589f506aaa7b231c07bf979817ed2e2d9d27e040 (diff) | |
download | aurweb-cd59a313b40a8611072a4bdd7896e5cf8dab24ee.tar.xz |
Show hint if password is empty during login
A user might have an empty password due to two reasons:
* The user just created an account and needs to set an initial password.
* The password has been reset by the administrator.
In both cases, the user might be confused as to why the login does not
work. Add a message that helps users debug the issue in both cases.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-rw-r--r-- | web/lib/acctfuncs.inc.php | 33 |
1 files changed, 31 insertions, 2 deletions
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php index aa4c70b..28f9f93 100644 --- a/web/lib/acctfuncs.inc.php +++ b/web/lib/acctfuncs.inc.php @@ -486,8 +486,16 @@ function try_login() { else { $login_error = "Error trying to generate session id."; } - } - else { + } elseif (passwd_is_empty($userID)) { + $login_error = __('Your password has been reset. ' . + 'If you just created a new account, please ' . + 'use the link from the confirmation email ' . + 'to set an initial password. Otherwise, ' . + 'please request a reset key on the %s' . + 'Password Reset%s page.', '<a href="' . + htmlspecialchars(get_uri('/passreset')) . '">', + '</a>'); + } else { $login_error = __("Bad username or password."); } } @@ -746,6 +754,27 @@ function valid_passwd($userID, $passwd) { } /** + * Determine if a user's password is empty + * + * @param string $uid The user ID to check for an empty password + * + * @return bool True if the user's password is empty, otherwise false + */ +function passwd_is_empty($uid) { + $dbh = DB::connect(); + + $q = "SELECT * FROM Users WHERE ID = " . $dbh->quote($uid) . " "; + $q .= "AND Passwd = " . $dbh->quote(''); + $result = $dbh->query($q); + + if ($result->fetchColumn()) { + return true; + } else { + return false; + } +} + +/** * Determine if the PGP key fingerprint is valid (must be 40 hexadecimal digits) * * @param string $fingerprint PGP fingerprint to check if valid |