function luser_newpass($user, $pass) { // Trever, 20031003 // Create a new luser account. // Make sure no one can do bad stuff with our sql. if (!lusername_sanitycheck($user)) { echo "Error: That username is not allowed - failed sanitycheck.\n<br>\n"; echo "Error: Username supplied was: " . sanitizeInput($user) . "\n"; return false; } // Make sure it doesn't already exist. if (!luser_exists($user)) { // We really want to create a new user, not reset a password. if (luser_create($user, $pass)) { if (luser_sendpass($user, $pass)) { // Sent the password. // echo "Yay!\n"; return true; } // Failed to email the password for some reason echo "Error: Sending password failed.\n"; return false; } else { echo "Error: User doesn't exist, but and I'm unable to create it.\n<br>\n"; return false; } } // Insert the record. Yes, I know there's a race here - but we don't have // transactions in mysql 3.23, so... $sql = "UPDATE lusers set password=md5('{$pass}') where lusername='******'"; $sth = dbquery($sql); $sql = "SELECT * from lusers where lusername='******' and password=md5('{$pass}')"; $sth = dbquery($sql); $count = mysql_fetch_row($sth); if (!$count[0] > 0) { echo "Error: Unable to update database.\n<br>\n"; echo "count was:" . $count[0] . "\n<br>\n"; return false; } return true; }
// echo "Logout complete.\n"; debug("Logout complete.\n"); $logged_in = false; break; case 'newform': // Someone clicked "Create a new account", so ask them for an email address. // Reqtype in the form is set to 'newsubmit'. luser_newform(); exit; break; case 'newsubmit': // $reqtype == 'newsubmit'... // We got an email address to create an account for - create the account // and tell the user to check his email. $user = sanitizeInput($_REQUEST['luser']); if (!luser_create($user, genpassword())) { echo "Error: Unable to create user account.\n"; exit; } luser_checkyourmail(); exit; break; default: // Unrecognized reqtype. echo "Error: Unrecognized request type (" . $reqtype . ")\n<br>\n"; luser_loginfailed(); exit; } // echo "Reqtype: $reqtype\n<br>\n"; // echo "Luser: $user\n<br>\n"; // echo "Pass: $pass\n<br>\n";