cbbb220605a02e5ba211c45c4b09d12a14ca2b81 chinhli Mon May 7 10:48:31 2012 -0700 Fixed the force password change function problem. diff --git src/hg/hgLogin/hgLogin.c src/hg/hgLogin/hgLogin.c index 7155704..e4862ec 100644 --- src/hg/hgLogin/hgLogin.c +++ src/hg/hgLogin/hgLogin.c @@ -46,31 +46,30 @@ char *returnURL = cartUsualString(cart, "returnto", ""); char *hgLoginHost = wikiLinkHost(); char returnTo[512]; if (!returnURL || sameString(returnURL,"")) safef(returnTo, sizeof(returnTo), "http://%s/cgi-bin/hgSession?hgS_doMainPage=1", hgLoginHost); else safef(returnTo, sizeof(returnTo), returnURL); int delay=nSec*1000; hPrintf( "<script language=\"JavaScript\">\n" "<!-- " "\n" -/* TODO: afterDelayBackTo("http....") */ "window.setTimeout(afterDelay, %d);\n" "function afterDelay() {\n" "window.location =\"%s\";" "\n}" "\n" "//-->" "\n" "</script>" ,delay ,returnTo); } void displayMailSuccess() /* display mail success confirmation box */ @@ -623,53 +622,50 @@ return; } if (newPassword1 && newPassword2 && !sameString(newPassword1, newPassword2)) { freez(&errMsg); errMsg = cloneString("New passwords do not match."); changePasswordPage(conn); return; } /* check username existence and is user using a new password */ char *password; if (changeRequired && sameString(changeRequired, "YES")) { safef(query,sizeof(query), "select newPassword from gbMembers where userName='%s'", user); password = sqlQuickString(conn, query); -if ((!password) || (password && !checkPwd(currentPassword,password))) +} else { +safef(query,sizeof(query), "select password from gbMembers where userName='%s'", user); +password = sqlQuickString(conn, query); +} +if (!password) { freez(&errMsg); - errMsg = cloneString("Invalid user name or password. (changePwd YES)"); - char temp[4256]; - safef(temp, sizeof(temp),"currentPWD: %s passwd: %s", currentPassword,password); - hPrintf("<P>\n%s\n</P>", temp); - if (checkPwd(currentPassword,password)) hPrintf("<P> Password match!! </P>"); - else hPrintf("<P> Password does NOT match!! </P>"); + errMsg = cloneString("User not found."); changePasswordPage(conn); return; } -} else { -safef(query,sizeof(query), "select password from gbMembers where userName='%s'", user); -password = sqlQuickString(conn, query); -if ((!password) || (password && !checkPwd(currentPassword,password))) +if (!checkPwd(currentPassword, password)) { freez(&errMsg); - errMsg = cloneString("Invalid user name or password. (changePwd No)"); + errMsg = cloneString("Invalid current password."); changePasswordPage(conn); return; } -} + + char encPwd[45] = ""; encryptNewPwd(newPassword1, encPwd, sizeof(encPwd)); safef(query,sizeof(query), "update gbMembers set password='%s' where userName='%s'", sqlEscapeString(encPwd), sqlEscapeString(user)); sqlUpdate(conn, query); clearNewPasswordFields(conn, user); hPrintf ( "<h2>UCSC Genome Browser</h2>" "<p align=\"left\">" "</p>" "<h3>Password has been changed.</h3>" ); backToDoLoginPage(2); @@ -998,35 +994,36 @@ char query[256]; safef(query,sizeof(query), "update gbMembers set lastUse=NOW(),newPassword='', newPasswordExpire='', passwordChangeRequired='N' where userName='%s'", sqlEscapeString(username)); sqlUpdate(conn, query); cartRemove(cart, "hgLogin_changeRequired"); return; } /* ----- account login/display functions ---- */ boolean usingNewPassword(struct sqlConnection *conn, char *userName) /* The user is using requested new password */ { char query[256]; safef(query,sizeof(query), "select passwordChangeRequired from gbMembers where userName='%s'", userName); char *change = sqlQuickString(conn, query); -if (change || sameString(change, "Y")) +if (change && sameString(change, "Y")) return TRUE; else return FALSE; } + void displayLoginPage(struct sqlConnection *conn) /* draw the account login page */ { char *username = cartUsualString(cart, "hgLogin_userName", ""); /* for password security, use cgi hash instead of cart */ // char *password = cgiUsualString("hgLogin_password", ""); hPrintf( "<div id=\"loginBox\" class=\"centeredContainer formBox\">" "\n" "<h2>UCSC Genome Browser</h2>" "\n" "<h3>Login</h3>" "\n"