From cd59a313b40a8611072a4bdd7896e5cf8dab24ee Mon Sep 17 00:00:00 2001 From: Lukas Fleischer Date: Mon, 25 Mar 2013 02:15:12 +0100 Subject: Show hint if password is empty during login A user might have an empty password due to two reasons: * The user just created an account and needs to set an initial password. * The password has been reset by the administrator. In both cases, the user might be confused as to why the login does not work. Add a message that helps users debug the issue in both cases. Signed-off-by: Lukas Fleischer --- web/lib/acctfuncs.inc.php | 33 +++++++++++++++++++++++++++++++-- 1 file changed, 31 insertions(+), 2 deletions(-) (limited to 'web/lib/acctfuncs.inc.php') diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php index aa4c70b..28f9f93 100644 --- a/web/lib/acctfuncs.inc.php +++ b/web/lib/acctfuncs.inc.php @@ -486,8 +486,16 @@ function try_login() { else { $login_error = "Error trying to generate session id."; } - } - else { + } elseif (passwd_is_empty($userID)) { + $login_error = __('Your password has been reset. ' . + 'If you just created a new account, please ' . + 'use the link from the confirmation email ' . + 'to set an initial password. Otherwise, ' . + 'please request a reset key on the %s' . + 'Password Reset%s page.', '', + ''); + } else { $login_error = __("Bad username or password."); } } @@ -745,6 +753,27 @@ function valid_passwd($userID, $passwd) { return false; } +/** + * Determine if a user's password is empty + * + * @param string $uid The user ID to check for an empty password + * + * @return bool True if the user's password is empty, otherwise false + */ +function passwd_is_empty($uid) { + $dbh = DB::connect(); + + $q = "SELECT * FROM Users WHERE ID = " . $dbh->quote($uid) . " "; + $q .= "AND Passwd = " . $dbh->quote(''); + $result = $dbh->query($q); + + if ($result->fetchColumn()) { + return true; + } else { + return false; + } +} + /** * Determine if the PGP key fingerprint is valid (must be 40 hexadecimal digits) * -- cgit v1.2.3-54-g00ecf