summaryrefslogtreecommitdiffstats
path: root/web
diff options
context:
space:
mode:
authorLukas Fleischer <archlinux@cryptocrack.de>2013-03-25 02:15:12 +0100
committerLukas Fleischer <archlinux@cryptocrack.de>2013-03-25 02:15:12 +0100
commitcd59a313b40a8611072a4bdd7896e5cf8dab24ee (patch)
treedb715ab6c49538f4f2038bc2552f2b7939179c4d /web
parent589f506aaa7b231c07bf979817ed2e2d9d27e040 (diff)
downloadaurweb-cd59a313b40a8611072a4bdd7896e5cf8dab24ee.tar.xz
Show hint if password is empty during login
A user might have an empty password due to two reasons: * The user just created an account and needs to set an initial password. * The password has been reset by the administrator. In both cases, the user might be confused as to why the login does not work. Add a message that helps users debug the issue in both cases. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web')
-rw-r--r--web/lib/acctfuncs.inc.php33
1 files changed, 31 insertions, 2 deletions
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
index aa4c70b..28f9f93 100644
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@@ -486,8 +486,16 @@ function try_login() {
else {
$login_error = "Error trying to generate session id.";
}
- }
- else {
+ } elseif (passwd_is_empty($userID)) {
+ $login_error = __('Your password has been reset. ' .
+ 'If you just created a new account, please ' .
+ 'use the link from the confirmation email ' .
+ 'to set an initial password. Otherwise, ' .
+ 'please request a reset key on the %s' .
+ 'Password Reset%s page.', '<a href="' .
+ htmlspecialchars(get_uri('/passreset')) . '">',
+ '</a>');
+ } else {
$login_error = __("Bad username or password.");
}
}
@@ -746,6 +754,27 @@ function valid_passwd($userID, $passwd) {
}
/**
+ * Determine if a user's password is empty
+ *
+ * @param string $uid The user ID to check for an empty password
+ *
+ * @return bool True if the user's password is empty, otherwise false
+ */
+function passwd_is_empty($uid) {
+ $dbh = DB::connect();
+
+ $q = "SELECT * FROM Users WHERE ID = " . $dbh->quote($uid) . " ";
+ $q .= "AND Passwd = " . $dbh->quote('');
+ $result = $dbh->query($q);
+
+ if ($result->fetchColumn()) {
+ return true;
+ } else {
+ return false;
+ }
+}
+
+/**
* Determine if the PGP key fingerprint is valid (must be 40 hexadecimal digits)
*
* @param string $fingerprint PGP fingerprint to check if valid