diff --git a/index.php b/index.php index 19b527f2..dc5be51e 100644 --- a/index.php +++ b/index.php @@ -297,8 +297,8 @@ if ($action == 'forgotpwd') { if ($user !== false) { // build a activation code $timestamp = time(); - $first = substr(md5($user['loginname'] . $timestamp), 0, 15); - $third = substr(md5($user['email'] . $timestamp), -15); + $first = substr(md5($user['loginname'] . $timestamp . rand(0, $timestamp)), 0, 15); + $third = substr(md5($user['email'] . $timestamp . rand(0, $timestamp)), -15); $activationcode = $first . $timestamp . $third . substr(md5($third . $timestamp), 0, 10); // Drop all existing activation codes for this user @@ -419,6 +419,12 @@ if ($action == 'forgotpwd') { if ($action == 'resetpwd') { $message = ''; + // Remove old activation codes + $stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_ACTIVATION . "` + WHERE creation < :oldest" + ); + Database::pexecute($stmt, array("oldest" => time() - 86400)); + if (isset($_GET['resetcode']) && strlen($_GET['resetcode']) == 50) { // Check if activation code is valid $activationcode = $_GET['resetcode']; diff --git a/install/froxlor.sql b/install/froxlor.sql index 562c2c0a..98813af5 100644 --- a/install/froxlor.sql +++ b/install/froxlor.sql @@ -74,6 +74,16 @@ CREATE TABLE `mail_virtual` ( ) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci; +DROP TABLE IF EXISTS `panel_activation`; +CREATE TABLE `panel_activation` ( + `id` int(11) unsigned NOT NULL auto_increment, + `userid` int(11) unsigned NOT NULL default '0', + `admin` tinyint(1) unsigned NOT NULL default '0', + `creation` int(11) unsigned NOT NULL default '0', + `activationcode` varchar(50) default NULL, + PRIMARY KEY (id) +) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci; + DROP TABLE IF EXISTS `panel_admins`; CREATE TABLE `panel_admins` ( @@ -540,7 +550,7 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES ('panel', 'phpconfigs_hidestdsubdomain', '0'), ('panel', 'allow_theme_change_admin', '1'), ('panel', 'allow_theme_change_customer', '1'), - ('panel', 'version', '0.9.31-dev3'); + ('panel', 'version', '0.9.31-dev4'); DROP TABLE IF EXISTS `panel_tasks`; diff --git a/install/updates/froxlor/0.9/update_0.9.inc.php b/install/updates/froxlor/0.9/update_0.9.inc.php index 7b9545d7..77f8eb0a 100644 --- a/install/updates/froxlor/0.9/update_0.9.inc.php +++ b/install/updates/froxlor/0.9/update_0.9.inc.php @@ -2452,3 +2452,22 @@ if (isFroxlorVersion('0.9.31-dev2')) { lastStepStatus(0); updateToVersion('0.9.31-dev3'); } + +if (isFroxlorVersion('0.9.31-dev3')) { + showUpdateStep("Updating from 0.9.31-dev3 to 0.9.31-dev4", true); + + showUpdateStep("Adding new panel_activation table"); + Database::query("DROP TABLE IF EXISTS `panel_activation`;"); + $sql = "CREATE TABLE `" . TABLE_PANEL_ACTIVATION . "` ( + id int(11) unsigned NOT NULL AUTO_INCREMENT, + userid int(11) unsigned NOT NULL DEFAULT '0', + admin tinyint(1) unsigned NOT NULL DEFAULT '0', + creation int(11) unsigned NOT NULL DEFAULT '0', + activationcode varchar(50) DEFAULT NULL, + PRIMARY KEY (id) + ) ENGINE=MyISAM;"; + Database::query($sql); + + lastStepStatus(0); + updateToVersion('0.9.31-dev4'); +} diff --git a/lib/tables.inc.php b/lib/tables.inc.php index b72de738..89005dda 100644 --- a/lib/tables.inc.php +++ b/lib/tables.inc.php @@ -72,6 +72,6 @@ define('PACKAGE_LOCKED', 1); define('PACKAGE_ENABLED', 2); // VERSION INFO -$version = '0.9.31-dev3'; +$version = '0.9.31-dev4'; $dbversion = '2'; $branding = ''; diff --git a/lng/english.lng.php b/lng/english.lng.php index 7799f85c..02308910 100644 --- a/lng/english.lng.php +++ b/lng/english.lng.php @@ -1986,4 +1986,4 @@ $lng['error']['notallowedtouseaccounts'] = 'Your account does not allow using IM $lng['pwdreminder']['changed'] = 'Your password has been successfully changed. You can now login using this password.'; $lng['pwdreminder']['wrongcode'] = 'Sorry, the used activationcode does not exist or is already expired.'; $lng['admin']['templates']['LINK'] = 'Replaced with the customers password reset link.'; -$lng['pwdreminder']['choosenew'] = 'Choose new password'; \ No newline at end of file +$lng['pwdreminder']['choosenew'] = 'Choose new password'; diff --git a/lng/german.lng.php b/lng/german.lng.php index 531fbf8c..7dab486f 100644 --- a/lng/german.lng.php +++ b/lng/german.lng.php @@ -1713,4 +1713,3 @@ $lng['pwdreminder']['changed'] = 'Ihr Passwort wurde erfolgreich geändert. Sie $lng['pwdreminder']['wrongcode'] = 'Der verwendete Aktivierungscode ist entweder nicht gültig oder bereits abgelaufen.'; $lng['admin']['templates']['LINK'] = 'Wird mit dem Link zum Zurücksetzen des Passworts ersetzt.'; $lng['pwdreminder']['choosenew'] = 'Neues Passwort auswählen'; -$lng['error']['notallowedtouseaccounts'] = 'Ihrem Konto ist die Nutzung von IMAP/POP3 nicht erlaubt, daher können keine E-Mail Konten angelegt werden'; diff --git a/templates/Froxlor/login/rpwd.tpl b/templates/Froxlor/login/rpwd.tpl index 821f0a32..3d25daf4 100644 --- a/templates/Froxlor/login/rpwd.tpl +++ b/templates/Froxlor/login/rpwd.tpl @@ -34,4 +34,4 @@ $header -$footer \ No newline at end of file +$footer diff --git a/templates/Sparkle/login/rpwd.tpl b/templates/Sparkle/login/rpwd.tpl index 821f0a32..3d25daf4 100644 --- a/templates/Sparkle/login/rpwd.tpl +++ b/templates/Sparkle/login/rpwd.tpl @@ -34,4 +34,4 @@ $header -$footer \ No newline at end of file +$footer