BUGFIX: using the recovery password to change your password

to change your password you needed your old password, the recovery
password didn't work, which made it hard to change it, in case you
forgot your old password... fixed

2 files changed, 18 insertions, 1 deletions

diff --git a/db.php b/db.php
index 03de7f4..50cc3e5 100644
--- a/db.php
+++ b/db.php
@@ -161,6 +161,22 @@ function DB_get_userid_by_email_and_password($email,$password)
     return 0;
 }
 
+function DB_check_recovery_passwords($password,$email)
+{
+  $result = mysql_query("SELECT User.id FROM User".
+			" LEFT JOIN Recovery ON User.id=Recovery.user_id".
+			" WHERE email=".DB_quote_smart($email).
+			" AND Recovery.password=".DB_quote_smart($password).
+			" AND DATE_SUB(CURDATE(),INTERVAL 1 DAY) <= Recovery.create_date");
+  $r      = mysql_fetch_array($result,MYSQL_NUM);
+
+  if($r)
+    return 1;
+  else
+    return 0;
+  
+}
+
 function DB_get_handid_by_hash($hash)
 {
   $result = mysql_query("SELECT id FROM Hand WHERE hash=".DB_quote_smart($hash));
diff --git a/index.php b/index.php
index 08ae14c..fef72fd 100644
--- a/index.php
+++ b/index.php
@@ -1817,7 +1817,8 @@ else if( myisset("email","password") || isset($_SESSION["name"]) )
 		   $ok = 1;
 
 		   /* check if old password matches */
-		   if($password != md5($_REQUEST["password0"]))
+		   $oldpasswd = md5($_REQUEST["password0"]);
+		   if(!( ($password == $oldpasswd) || DB_check_recovery_passwords($oldpasswd,$email) ))
 		     $ok = -1;
 		   /* check if new passwords are types the same twice */
 		   if($_REQUEST["password1"] != $_REQUEST["password2"] )