[aur-dev] [PATCH] Show hint if password is empty during login
Lukas Fleischer
archlinux at cryptocrack.de
Sun Mar 24 21:19:21 EDT 2013
A user might have an empty password due to two reasons:
* The user just created an account and needs to set an initial password.
* The password has been reset by the administrator.
In both cases, the user might be confused as to why the login does not
work. Add a message that helps users debug the issue in both cases.
Signed-off-by: Lukas Fleischer <archlinux at cryptocrack.de>
---
web/lib/acctfuncs.inc.php | 33 +++++++++++++++++++++++++++++++--
1 file changed, 31 insertions(+), 2 deletions(-)
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
index aa4c70b..28f9f93 100644
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@@ -486,8 +486,16 @@ function try_login() {
else {
$login_error = "Error trying to generate session id.";
}
- }
- else {
+ } elseif (passwd_is_empty($userID)) {
+ $login_error = __('Your password has been reset. ' .
+ 'If you just created a new account, please ' .
+ 'use the link from the confirmation email ' .
+ 'to set an initial password. Otherwise, ' .
+ 'please request a reset key on the %s' .
+ 'Password Reset%s page.', '<a href="' .
+ htmlspecialchars(get_uri('/passreset')) . '">',
+ '</a>');
+ } else {
$login_error = __("Bad username or password.");
}
}
@@ -746,6 +754,27 @@ function valid_passwd($userID, $passwd) {
}
/**
+ * Determine if a user's password is empty
+ *
+ * @param string $uid The user ID to check for an empty password
+ *
+ * @return bool True if the user's password is empty, otherwise false
+ */
+function passwd_is_empty($uid) {
+ $dbh = DB::connect();
+
+ $q = "SELECT * FROM Users WHERE ID = " . $dbh->quote($uid) . " ";
+ $q .= "AND Passwd = " . $dbh->quote('');
+ $result = $dbh->query($q);
+
+ if ($result->fetchColumn()) {
+ return true;
+ } else {
+ return false;
+ }
+}
+
+/**
* Determine if the PGP key fingerprint is valid (must be 40 hexadecimal digits)
*
* @param string $fingerprint PGP fingerprint to check if valid
--
1.8.2.411.g65a544e
More information about the aur-dev
mailing list