-
- $this->jerr("INVALID REQUEST");
+ if (!empty($_SERVER['HTTP_USER_AGENT']) && preg_match('/^check_http/', $_SERVER['HTTP_USER_AGENT'])) {
+ die("server is alive = authFailure"); // should really use heartbeat now..
+ }
+ $this->jerror("NOTICE-INVALID", "INVALID REQUEST");
if (!empty($_REQUEST['passwordRequest'])) { //|| (strpos($_REQUEST['username'], '@') < 1)) {
return $this->passwordRequest($_REQUEST['passwordRequest']);
}
if (!empty($_REQUEST['passwordRequest'])) { //|| (strpos($_REQUEST['username'], '@') < 1)) {
return $this->passwordRequest($_REQUEST['passwordRequest']);
}
-
- if (!empty($_REQUEST['ResetPassword'])) {
- if (empty($_REQUEST['id']) ||
- empty($_REQUEST['ts']) ||
- empty($_REQUEST['key']) ||
- empty($_REQUEST['password1']) ||
- empty($_REQUEST['password2']) ||
- ($_REQUEST['password1'] != $_REQUEST['password2'])
- ) {
- $this->jerr("Invalid request to reset password");
- }
-
- $this->resetPassword($_REQUEST['id'], $_REQUEST['ts'], $_REQUEST['key'], $_REQUEST['password1'] );
- }
-
-
- if (!empty($_REQUEST['_verifyCheckSum'])) {
- if (empty($_REQUEST['id']) ||
- empty($_REQUEST['ts']) ||
- empty($_REQUEST['key'])
-
- ) {
- $this->jerr("Invalid request to reset password");
- }
-
- $this->verifyResetPassword($_REQUEST['id'], $_REQUEST['ts'], $_REQUEST['key']);
- $this->jok("Checksum is ok");
- }
+
+ if (!empty($_REQUEST['ResetPassword'])) {
+ if (empty($_REQUEST['id']) ||
+ empty($_REQUEST['ts']) ||
+ empty($_REQUEST['key']) ||
+ empty($_REQUEST['password1']) ||
+ empty($_REQUEST['password2']) ||
+ ($_REQUEST['password1'] != $_REQUEST['password2'])
+ ) {
+ $this->jerr("Invalid request to reset password");
+ }
+
+ $this->resetPassword($_REQUEST['id'], $_REQUEST['ts'], $_REQUEST['key'], $_REQUEST['password1'] );
+ }
+
+
+ if (!empty($_REQUEST['_verifyCheckSum'])) {
+ if (empty($_REQUEST['id']) ||
+ empty($_REQUEST['ts']) ||
+ empty($_REQUEST['key'])
+
+ ) {
+ $this->jerr("Invalid request to reset password");
+ }
+
+ $this->verifyResetPassword($_REQUEST['id'], $_REQUEST['ts'], $_REQUEST['key']);
+ $this->jok("Checksum is ok");
+ }
// empty username = not really a hacking attempt.
if (empty($_REQUEST['username'])) { //|| (strpos($_REQUEST['username'], '@') < 1)) {
// empty username = not really a hacking attempt.
if (empty($_REQUEST['username'])) { //|| (strpos($_REQUEST['username'], '@') < 1)) {
$ff= HTML_FlexyFramework::get();
if (!empty($ff->Pman['auth_comptype']) && $ff->Pman['auth_comptype'] != $u->company()->comptype) {
//print_r($u->company());
$ff= HTML_FlexyFramework::get();
if (!empty($ff->Pman['auth_comptype']) && $ff->Pman['auth_comptype'] != $u->company()->comptype) {
//print_r($u->company());
}
// note we trim \x10 -- line break - as it was injected the front end
// may have an old bug on safari/chrome that added that character in certian wierd scenarios..
if (!$u->checkPassword(trim($_REQUEST['password'],"\x10"))) {
}
// note we trim \x10 -- line break - as it was injected the front end
// may have an old bug on safari/chrome that added that character in certian wierd scenarios..
if (!$u->checkPassword(trim($_REQUEST['password'],"\x10"))) {
- $this->jerror('LOGIN-BAD', 'You typed the wrong Username or Password (2)'); // - " . htmlspecialchars(print_r($_POST,true))."'");
+ $this->jerror('LOGIN-BAD'. $this->event_suffix, 'You typed the wrong Username or Password (2)'); // - " . htmlspecialchars(print_r($_POST,true))."'");
// sort out sender.
$cm = DB_DataObject::factory('core_email');
if (!$cm->get('name', 'ADMIN_PASSWORD_RESET')) {
// sort out sender.
$cm = DB_DataObject::factory('core_email');
if (!$cm->get('name', 'ADMIN_PASSWORD_RESET')) {
- if (!$g->get('name', 'bcc-email')) {
- $this->jerr("no group 'bcc-email' exists in the system");
+ if (!$cm->bcc_group_id || !$g->get($cm->bcc_group_id)) {
+ $this->jerr("BCC for ADMIN_PASSWORD_RESET email has not been set");
- $mailer = $cm->toMailer($this, false);
- if (is_a($mailer,'PEAR_Error') ) {
- $this->addEvent('SYSERR',false, $mailer->getMessage());
- $this->jerr($mailer->getMessage());
- }
+ $mailer = $cm->toMailer($this, false);
+ if (is_a($mailer,'PEAR_Error') ) {
+ $this->addEvent('SYSERR',false, $mailer->getMessage());
+ $this->jerr($mailer->getMessage());
+ }
- if (is_a($sent,'PEAR_Error') ) {
- $this->addEvent('SYSERR',false, $sent->getMessage());
- $this->jerr($ret->getMessage());
+ if (is_a($sent,'PEAR_Error') ) {
+ $this->addEvent('SYSERR',false, $sent->getMessage());
+ $this->jerr($sent->getMessage());
- $this->jerr("Password change attempted when not logged in");
- }
- $uu = clone($au);
- $au->setPassword($r['passwd1']);
- $au->update($uu);
- $this->addEvent("CHANGEPASS", $au);
- $this->jok($au);
-
+ $this->jerr("Password change attempted when not logged in");
+ }
+ $uu = clone($au);
+ $au->setPassword($r['passwd1']);
+ $au->update($uu);
+ $this->addEvent("LOGIN-CHANGEPASS". $this->event_suffix, $au);
+ $this->jok($au);
+