e361785d947cdb917f89179133c9216f665ade51 chinhli Wed May 2 16:38:27 2012 -0700 Check current password before reset password. diff --git src/hg/hgLogin/hgLogin.c src/hg/hgLogin/hgLogin.c index 4438876..5275c27 100644 --- src/hg/hgLogin/hgLogin.c +++ src/hg/hgLogin/hgLogin.c @@ -348,102 +348,52 @@ sr = sqlGetResult(conn, "select email,password from gbMembers where activated='Y'" " and (expireDate='' or (current_date() < expireDate))"); while ((row = sqlNextRow(sr)) != NULL) { fprintf(out,"%s:%s\n",row[0],row[1]); } sqlFreeResult(&sr); carefulClose(&out); } - - -/* ---------- reverse DNS function --------- */ - -#include <arpa/inet.h> -#include <sys/socket.h> -#include <netdb.h> - -char *reverseDns(char *ip) -/* do reverse dns lookup on ip using getnamebyaddr, - * and then return a string to be freed that is the host */ -{ -struct hostent *hp; -struct sockaddr_in sock; -if (inet_aton(ip,&sock.sin_addr) == 0) return NULL; -hp = gethostbyaddr(&sock.sin_addr,sizeof(sock.sin_addr),AF_INET); -if (!hp) return NULL; -return cloneString(hp->h_name); -} - - /* -------- functions ---- */ void debugShowAllMembers(struct sqlConnection *conn) /* display all gbMembers */ { struct sqlResult *sr; char **row; hPrintf("<h1>Members</h1>"); hPrintf("<table>"); hPrintf("<th>email</th><th>password</th>"); sr = sqlGetResult(conn, "select * from members"); while ((row = sqlNextRow(sr)) != NULL) { hPrintf("<tr><td>%s</td><td>%s</td></tr>",row[0],row[1]); } sqlFreeResult(&sr); hPrintf("</table>"); } - -/************************************************************ -void lostPasswordPage(struct sqlConnection *conn) -// draw the lost password page -{ -hPrintf( -"<h2>UCSC Genome Browser</h2>" -"<p align=\"left\">" -"</p>" -"<span style='color:red;'>%s</span>" -"<h3>Send Me A New Password</h3>" -"<form method=post action=\"hgLogin\" name=lostPasswordForm >" -"<table>" -"<tr><td>E-mail</td><td><input type=text name=hgLogin_email size=20> " - "(your e-mail is also your user-id)</td></tr>" -"<tr><td> </td><td><input type=submit name=hgLogin.do.lostPassword value=submit>" -" <input type=button value=cancel ONCLICK=\"history.go(-1)\"></td></tr>" -"</table>" -"<br>" -, errMsg ? errMsg : "" -); - -cartSaveSession(cart); - -hPrintf("</FORM>"); - -} - -**************************************************************/ void lostPassword(struct sqlConnection *conn) /* process the lost password form */ { char query[256]; char cmd[256]; char *email = cartUsualString(cart, "hgLogin_email", ""); if (!email || sameString(email,"")) { freez(&errMsg); errMsg = cloneString("Email cannot be blank."); // lostPasswordPage(conn); return; } safef(query,sizeof(query), "select password from gbMembers where email='%s'", email); char *password = sqlQuickString(conn, query); @@ -582,31 +532,31 @@ freez(&errMsg); errMsg = cloneString("Re-enter New Password field cannot be blank."); changePasswordPage(conn); return; } if (newPassword1 && newPassword2 && !sameString(newPassword1, newPassword2)) { freez(&errMsg); errMsg = cloneString("New passwords do not match."); changePasswordPage(conn); return; } /* check username existence first */ safef(query,sizeof(query), "select password from gbMembers where userName='%s'", user); char *password = sqlQuickString(conn, query); -if (!password) +if ((!password) || (password && !checkPwd(currentPassword,password))) { freez(&errMsg); errMsg = cloneString("Invalid user name or password."); changePasswordPage(conn); return; } char encPwd[45] = ""; encryptNewPwd(newPassword1, encPwd, sizeof(encPwd)); safef(query,sizeof(query), "update gbMembers set password='%s' where userName='%s'", sqlEscapeString(encPwd), sqlEscapeString(user)); sqlUpdate(conn, query); hPrintf ( "<h2>UCSC Genome Browser</h2>"