function luser_newpass($user, $pass)
{
// Trever, 20031003
// Create a new luser account.
// Make sure no one can do bad stuff with our sql.
if (!lusername_sanitycheck($user)) {
echo "Error: That username is not allowed - failed sanitycheck.\n<br>\n";
echo "Error: Username supplied was: " . sanitizeInput($user) . "\n";
return false;
}
// Make sure it doesn't already exist.
if (!luser_exists($user)) {
// We really want to create a new user, not reset a password.
if (luser_create($user, $pass)) {
if (luser_sendpass($user, $pass)) {
// Sent the password.
// echo "Yay!\n";
return true;
}
// Failed to email the password for some reason
echo "Error: Sending password failed.\n";
return false;
} else {
echo "Error: User doesn't exist, but and I'm unable to create it.\n<br>\n";
return false;
}
}
// Insert the record. Yes, I know there's a race here - but we don't have
// transactions in mysql 3.23, so...
$sql = "UPDATE lusers set password=md5('{$pass}') where lusername='******'";
$sth = dbquery($sql);
$sql = "SELECT * from lusers where lusername='******' and password=md5('{$pass}')";
$sth = dbquery($sql);
$count = mysql_fetch_row($sth);
if (!$count[0] > 0) {
echo "Error: Unable to update database.\n<br>\n";
echo "count was:" . $count[0] . "\n<br>\n";
return false;
}
return true;
}
luser_checkyourmail();
exit;
break;
default:
// Unrecognized reqtype.
echo "Error: Unrecognized request type (" . $reqtype . ")\n<br>\n";
luser_loginfailed();
exit;
}
// echo "Reqtype: $reqtype\n<br>\n";
// echo "Luser: $user\n<br>\n";
// echo "Pass: $pass\n<br>\n";
debug("Reqtype: {$reqtype}\n<br>\n");
debug("Luser: {$user}\n<br>\n");
debug("Pass: {$pass}\n<br>\n");
if (luser_exists($user)) {
debug("User exists: {$user}\n<br>\n");
}
if (luser_auth($user, $pass)) {
debug("Password valid: {$pass}\n<br>\n");
}
if ($logged_in) {
print_successpage();
exit;
} else {
luser_loginform();
}
function print_successpage()
{
$refresh = luser_loginstart("Login");
echo "<div align=\"center\">\n";
