From 7405ce4fabf64e905e7b7371764d74dbc4b1b198 Mon Sep 17 00:00:00 2001 From: Arun Persaud Date: Sat, 23 Jun 2007 15:53:30 +0200 Subject: NEW FEATURE: password recovery is now working Added a simple form of password recovery. The user gets send an email with the new password, which is valid for 24h. The user can request a maximum of 5 passwords within 24h to prevent filling up the database with garbage. --- db.php | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) (limited to 'db.php') diff --git a/db.php b/db.php index dee6529..86f3d0e 100644 --- a/db.php +++ b/db.php @@ -134,6 +134,17 @@ function DB_get_userid_by_email_and_password($email,$password) $result = mysql_query("SELECT id FROM User WHERE email=".DB_quote_smart($email)." AND password=".DB_quote_smart($password)); $r = mysql_fetch_array($result,MYSQL_NUM); + /* test if a recovery password has been set */ + if(!$r) + { + $result = mysql_query("SELECT User.id FROM User". + " LEFT JOIN Recovery ON User.id=Recovery.user_id". + " WHERE email=".DB_quote_smart($email). + " AND Recovery.password=".DB_quote_smart($password). + " AND DATE_SUB(CURDATE(),INTERVAL 1 DAY) <= Recovery.create_date"); + $r = mysql_fetch_array($result,MYSQL_NUM); + } + if($r) return $r[0]; else @@ -771,4 +782,25 @@ function DB_get_unused_randomnumbers($userstr) return ""; } +function DB_get_number_of_passwords_recovery($user) +{ + $queryresult = mysql_query("SELECT COUNT(*) FROM Recovery ". + " WHERE user_id=$user ". + " AND DATE_SUB(CURDATE(),INTERVAL 1 DAY) <= create_date". + " GROUP BY user_id " ); + + $r = mysql_fetch_array($queryresult,MYSQL_NUM); + if($r) + return $r[0]; + else + return 0; +} + +function DB_set_recovery_password($user,$newpw) +{ + mysql_query("INSERT INTO Recovery VALUES(NULL,".DB_quote_smart($user). + ",".DB_quote_smart($newpw).",NULL)"); + + return; +} ?> \ No newline at end of file -- cgit v1.2.3-18-g5258