Index: trunk/kernel/frontaction.php =================================================================== diff -u -r1019 -r1020 --- trunk/kernel/frontaction.php (.../frontaction.php) (revision 1019) +++ trunk/kernel/frontaction.php (.../frontaction.php) (revision 1020) @@ -61,26 +61,31 @@ break; case "m_resetpw": - $passed_arr = explode(';', base64_decode($_GET['user_key'])); - $found = false; + $passed_key = $_GET['user_key']; - $u = $objUsers->GetItemByField("Email", $passed_arr[1]); - if(is_object($u)) { - $found = ($u->Get("PortalUserId")==$passed_arr[0] && $u->Get("Status")==1) && strlen($u->Get("Password")); - } + $u = $objUsers->GetItemByField("PwResetConfirm", $passed_key); + $found = is_object($u); if($found) - { - $newpw = makepassword(); - $objSession->Set('password', $newpw); - $u->Set("Password",$newpw); - $u->Set("PassResetTime", time()); - $u->Update(); - $u->SendUserEventMail("USER.PSWD",$u->Get("PortalUserId")); - $u->SendAdminEventMail("USER.PSWD"); - $u->Set("Password",md5($newpw)); - $u->Update(); - $u->Clean(); + { + $exp_time = $u->Get('PwRequestTime') + 3600; + $u->Set("PwResetConfirm", ''); + $u->Set("PwRequestTime", 0); + if ($exp_time > mktime()) + { + $newpw = makepassword(); + $objSession->Set('password', $newpw); + $u->Set("Password",$newpw); + $u->Set("PassResetTime", time()); + $u->Set("PwResetConfirm", ''); + $u->Set("PwRequestTime", 0); + $u->Update(); + $u->SendUserEventMail("USER.PSWD",$u->Get("PortalUserId")); + $u->SendAdminEventMail("USER.PSWD"); + $u->Set("Password",md5($newpw)); + $u->Update(); + $u->Clean(); + } } break; @@ -92,7 +97,7 @@ { $username = $_POST["username"]; $email = $_POST["email"]; - $found = FALSE; + $found = false; if(strlen($username)) { $u = $objUsers->GetItemByField("Login",$username); @@ -106,17 +111,26 @@ $found = ($u->Get("Email")==$email && $u->Get("Status")==1) && strlen($u->Get("Password")); } - $allow_reset = $u->Get("PassResetTime") + $pass_reset_add; + if(is_object($u)) + { + $PwResetConfirm = $u->Get('PwResetConfirm'); + $PwRequestTime = $u->Get('PwRequestTime'); + $PassResetTime = $u->Get('PassResetTime'); + $MinPwResetDelay = $u->Get('MinPwResetDelay'); + $allow_reset = (strlen($PwResetConfirm) ? + mktime() > $PwRequestTime + $MinPwResetDelay : + mktime() > $PassResetTime + $MinPwResetDelay); + } - if($found && $allow_reset <= time()) + if($found && $allow_reset) { //$newpw = makepassword(); //$objSession->Set('password', $newpw); $objSession->Set('tmp_user_id', $u->Get("PortalUserId")); $objSession->Set('tmp_email', $u->Get("Email")); //$u->Set("Password",$newpw); //$u->Update(); - $u->SendUserEventMail("USER.PSWDC",$u->Get("PortalUserId")); + $u->SendUserEventMail("USER.PSWDC",$u->Get("PortalUserId")); //$u->SendAdminEventMail("USER.PSWDC"); //$u->Set("Password",md5($newpw)); //$u->Update(); @@ -135,7 +149,7 @@ $FormError["forgotpw"]["username"] = language("lu_ferror_unknown_username"); if(strlen($email)) $FormError["forgotpw"]["email"] = language("lu_ferror_unknown_email"); - if ($allow_reset > time()) { + if (!$allow_reset) { $FormError["forgotpw"]["username"] = language("lu_ferror_reset_denied"); //$FormError["forgotpw"] = language("lu_ferror_reset_denied"); } @@ -515,7 +529,7 @@ $objUsers->Edit_User($UserId, $_POST["username"], $password, $_POST["email"], 0, $_POST["firstname"], $_POST["lastname"], $status, $_POST["phone"], $_POST["street"], $_POST["city"], $_POST["state"], $_POST["zip"], - $_POST["country"], $dob); + $_POST["country"], $dob, $_POST['MinPwResetDelay']); $ResourceId= $u->Get("ResourceId"); $objCustomDataList->LoadResource($ResourceId);