On Mon, Mar 25, 2013 at 02:19:21AM +0100, Lukas Fleischer wrote:
A user might have an empty password due to two reasons:
* The user just created an account and needs to set an initial password. * The password has been reset by the administrator.
In both cases, the user might be confused as to why the login does not work. Add a message that helps users debug the issue in both cases.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de> --- web/lib/acctfuncs.inc.php | 33 +++++++++++++++++++++++++++++++-- 1 file changed, 31 insertions(+), 2 deletions(-)
[...] + + $q = "SELECT * FROM Users WHERE ID = " . $dbh->quote($uid) . " ";
Also note that "SELECT *" should be converted into "SELECT COUNT(*)" for performance reasons. There are lots of other places where we currently use "SELECT *" to check the number of results -- I will take care of all these in a separate patch after 2.2.0 is released.
+ $q .= "AND Passwd = " . $dbh->quote(''); + $result = $dbh->query($q); + + if ($result->fetchColumn()) { + return true; + } else { + return false; + } +} + +/** * Determine if the PGP key fingerprint is valid (must be 40 hexadecimal digits) * * @param string $fingerprint PGP fingerprint to check if valid -- 1.8.2.411.g65a544e