| Author |
Message |
Guardian2003
Site Admin
Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam
|
 Posted:
Thu Dec 16, 2004 3:24 pm |
|
I did do a search for 'lost password' but came up empty - even though I'm sure something pretty similar has cropped up before.
I just recieved an email from one of my users saying the url link in the lost password email the script sends did not work.
After viewing the email, I find he is correct;
| Quote: | The user account 'username here' at My Sites Name has this email associated with it.
A Web user from (IP address here) has just requested that a new password be sent.
Your new Password is: xxxxxx
You can change it after you login at
http://www.mysite.com/modules.php?>name=Your_Account
|
As you can see, the url shows the character > which should not be there.
I have checked Admin/Preferences and Forum/Config - even though I did not expect to find a reference there.
I have checked every language file i can find in the (dangerous word) 'assumption' it would be an incorrectly formatted define by searching for '>name=' but nothing found!!!
Anyone have a clue where I can find this, short of going through every single file. |
| |
|
 
|
|
sixonetonoffun
Spouse Contemplates Divorce
Joined: Jan 02, 2003
Posts: 2496
|
| Posted:
Thu Dec 16, 2004 8:39 pm |
|
Search for $message in modules/Your_Account/index.php
Edit* In the function mail_password I'd imagine. |
_________________
[b][size=5]openSUSE 11.4-x86 | Linux 2.6.37.1-1.2desktop i686 | KDE: 4.6.41>=4.7 | XFCE 4.8 | AMD Athlon(tm) XP 3000+ | MSI K7N2 Delta-L | 3GB Black Diamond DDR
| GeForce 6200@433Mhz 512MB | Xorg 1.9.3 | NVIDIA 270.30[/size:2b8 |
|
|
|
|
PHrEEkie
Subject Matter Expert
Joined: Feb 23, 2004
Posts: 358
|
| Posted:
Thu Dec 16, 2004 9:27 pm |
|
As suggested, open
/modules/Your_Account/index.php
Search for:
function mail_password($username, $code)
In that function, locate:
Code:$message = ""._USERACCOUNT." '$username' "._AT." $sitename "._HASTHISEMAIL." "._AWEBUSERFROM." $host_name "._HASREQUESTED."\n\n"._YOURNEWPASSWORD." $newpass\n\n "._YOUCANCHANGE." $nukeurl/modules.php?name=$module_name\n\n"._IFYOUDIDNOTASK."";
|
The portion that builds the URL is:
Code:$nukeurl/modules.php?name=$module_name
|
That's taken directly from a fresh copy of Nuke 7.5 downloaded a few days ago, and it looks alright to me. I have it running locally with no mail service, so I can't test it. Can you please post that line as it appears in your script?
PHrEEk |
| |
|
|
|
|
Guardian2003
|
| Posted:
Thu Dec 16, 2004 10:14 pm |
|
Thank you for the replie guys, it is much appreciated!!!
Here is the function in its entirety;
Code:function mail_password($username, $code) {
global $sitename, $adminmail, $nukeurl, $user_prefix, $db, $module_name;
$username = substr($username, 0, 25);
$sql = "SELECT user_email, user_password FROM ".$user_prefix."_users WHERE username='$username'";
$result = $db->sql_query($sql);
if(!$result) {
include("header.php");
OpenTable();
echo "<center>"._SORRYNOUSERINFO."</center>";
CloseTable();
include("footer.php");
} else {
$host_name = $_SERVER["REMOTE_ADDR"];
$row = $db->sql_fetchrow($result);
$user_email = htmlentities($row['user_email']);
$user_password = $row[user_password];
$areyou = substr($user_password, 0, 10);
if ($areyou==$code) {
$newpass=makepass();
$message = ""._USERACCOUNT." '$username' "._AT." $sitename "._HASTHISEMAIL." "._AWEBUSERFROM." $host_name "._HASREQUESTED."\n\n"._YOURNEWPASSWORD." $newpass\n\n "._YOUCANCHANGE." $nukeurl/modules.php?name=$module_name\n\n"._IFYOUDIDNOTASK."";
$subject = ""._USERPASSWORD4." $username";
mail($user_email, $subject, $message, "From: $adminmail\nX-Mailer: PHP/" . phpversion());
/* Next step: add the new password to the database */
$cryptpass = md5($newpass);
$query = "UPDATE ".$user_prefix."_users SET user_password='$cryptpass' WHERE username='$username'";
if (!$db->sql_query($query)) {
echo ""._UPDATEFAILED."";
}
include ("header.php");
OpenTable();
echo "<center>"._PASSWORD4." $username "._MAILED."<br><br>"._GOBACK."</center>";
CloseTable();
include ("footer.php");
/* If no Code, send it */
} else {
$sql = "SELECT user_email, user_password FROM ".$user_prefix."_users WHERE username='$username'";
$result = $db->sql_query($sql);
if(!$result) {
include ("header.php");
OpenTable();
echo "<center>"._SORRYNOUSERINFO."</center>";
CloseTable();
include ("footer.php");
} else {
$host_name = $_SERVER["REMOTE_ADDR"];
$row = $db->sql_fetchrow($result);
$user_email = $row[user_email];
$user_password = $row[user_password];
$areyou = substr($user_password, 0, 10);
$message = ""._USERACCOUNT." '$username' "._AT." $sitename "._HASTHISEMAIL." "._AWEBUSERFROM." $host_name "._CODEREQUESTED."\n\n"._YOURCODEIS." $areyou \n\n"._WITHTHISCODE." $nukeurl/modules.php?name=$module_name&op=pass_lost\n"._IFYOUDIDNOTASK2."";
$subject=""._CODEFOR." $username";
mail($user_email, $subject, $message, "From: $adminmail\nX-Mailer: PHP/" . phpversion());
include ("header.php");
OpenTable();
echo "<center>"._CODEFOR." $username "._MAILED."<br><br>"._GOBACK."</center>";
CloseTable();
include ("footer.php");
}
}
}
}
|
| Quote: |
This seems ok to me unless staring at so many pages of code made me cross eyed. |
|
| |
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Fri Dec 17, 2004 7:08 am |
|
Try restoring a virgin copy of modules/Your_Account/index.php and see if the problem is still there. |
| |
|
|
|
|
PHrEEkie
|
| Posted:
Fri Dec 17, 2004 1:41 pm |
|
Your code listed above is exactly the same as mine. I uploaded my 7.5 to a production test environment so it would send an email. I tried it, and it worked perfectly bro... The first email with the code arrived, URL properly formatted, then after entering the code, the new password was delivered, URL properly formatted.
Do as Raven suggests and upload a fresh copy of that index.php for Your Account. You might have something funky in the version on your server right now. Dunno what else to tell ya... 
PHrEEk |
| |
|
|
|
|
Guardian2003
|
| Posted:
Fri Dec 17, 2004 4:25 pm |
|
Thanks guys.
I will give that a go, see what happens and post back. |
| |
|
|
|
|
sixonetonoffun
|
| Posted:
Fri Dec 17, 2004 5:09 pm |
|
Yeh corrupt file or theme error are about the only things other then the url setup in preferences or the corrupt db as Raven mentioned. At least thats all I can think of. |
| |
|
|
|
|
Guardian2003
|
| Posted:
Sun Dec 19, 2004 1:54 pm |
|
OK, here is the latest...
Uploaded new copy of file from a fresh download and tried to repeat error.
On average, about 1 in 90 password request mails have the url incorrectly formated with the extraneous '>' in the url.
I still look upon this as a 'physically impossible' error - it should either do it all the time or not at all.
So I did quite a few more password request and make another weord discovery.. wait for it.........
It only seems to affect mail clients (Outlook) that have html mails enabled.
Going to do some more testing once my mouse and fingers have recovered. |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
