function luser_newpass($user, $pass) { // Trever, 20031003 // Create a new luser account. // Make sure no one can do bad stuff with our sql. if (!lusername_sanitycheck($user)) { echo "Error: That username is not allowed - failed sanitycheck.\n<br>\n"; echo "Error: Username supplied was: " . sanitizeInput($user) . "\n"; return false; } // Make sure it doesn't already exist. if (!luser_exists($user)) { // We really want to create a new user, not reset a password. if (luser_create($user, $pass)) { if (luser_sendpass($user, $pass)) { // Sent the password. // echo "Yay!\n"; return true; } // Failed to email the password for some reason echo "Error: Sending password failed.\n"; return false; } else { echo "Error: User doesn't exist, but and I'm unable to create it.\n<br>\n"; return false; } } // Insert the record. Yes, I know there's a race here - but we don't have // transactions in mysql 3.23, so... $sql = "UPDATE lusers set password=md5('{$pass}') where lusername='******'"; $sth = dbquery($sql); $sql = "SELECT * from lusers where lusername='******' and password=md5('{$pass}')"; $sth = dbquery($sql); $count = mysql_fetch_row($sth); if (!$count[0] > 0) { echo "Error: Unable to update database.\n<br>\n"; echo "count was:" . $count[0] . "\n<br>\n"; return false; } return true; }
luser_checkyourmail(); exit; break; default: // Unrecognized reqtype. echo "Error: Unrecognized request type (" . $reqtype . ")\n<br>\n"; luser_loginfailed(); exit; } // echo "Reqtype: $reqtype\n<br>\n"; // echo "Luser: $user\n<br>\n"; // echo "Pass: $pass\n<br>\n"; debug("Reqtype: {$reqtype}\n<br>\n"); debug("Luser: {$user}\n<br>\n"); debug("Pass: {$pass}\n<br>\n"); if (luser_exists($user)) { debug("User exists: {$user}\n<br>\n"); } if (luser_auth($user, $pass)) { debug("Password valid: {$pass}\n<br>\n"); } if ($logged_in) { print_successpage(); exit; } else { luser_loginform(); } function print_successpage() { $refresh = luser_loginstart("Login"); echo "<div align=\"center\">\n";