Index: database/database.mysql
===================================================================
RCS file: /cvs/drupal/drupal/database/database.mysql,v
retrieving revision 1.153.2.3
diff -u -r1.153.2.3 database.mysql
--- database/database.mysql 15 Jan 2005 08:52:01 -0000 1.153.2.3
+++ database/database.mysql 7 Feb 2005 02:31:13 -0000
@@ -662,6 +662,7 @@
uid int(10) unsigned NOT NULL default '0',
name varchar(60) NOT NULL default '',
pass varchar(32) NOT NULL default '',
+ pass_alt varchar(32) NOT NULL default '',
mail varchar(64) default '',
mode tinyint(1) NOT NULL default '0',
sort tinyint(1) default '0',
Index: database/updates.inc
===================================================================
RCS file: /cvs/drupal/drupal/database/updates.inc,v
retrieving revision 1.66.2.2
diff -u -r1.66.2.2 updates.inc
--- database/updates.inc 5 Jan 2005 20:17:33 -0000 1.66.2.2
+++ database/updates.inc 7 Feb 2005 02:31:14 -0000
@@ -86,7 +86,8 @@
"2004-09-17" => "update_107",
"2004-10-16" => "update_108",
"2004-10-18" => "update_109",
- "2004-12-20" => "update_110"
+ "2004-12-20" => "update_110",
+ "2005-02-05" => "update_111"
);
function update_32() {
@@ -1920,6 +1921,15 @@
return $ret;
}
+
+function update_111() {
+ $ret = array();
+
+ $ret[] = update_sql("ALTER TABLE users ADD pass_alt varchar(32) NOT NULL default ''");
+
+ return $ret;
+}
+
function update_sql($sql) {
$edit = $_POST["edit"];
Index: modules/user.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/user.module,v
retrieving revision 1.407.2.10
diff -u -r1.407.2.10 user.module
--- modules/user.module 5 Jan 2005 20:17:33 -0000 1.407.2.10
+++ modules/user.module 7 Feb 2005 02:31:14 -0000
@@ -49,7 +49,11 @@
$params = array();
foreach ($array as $key => $value) {
if ($key == 'pass') {
- $query .= "u.$key = '%s' AND ";
+ $query .= "u.pass = '%s' AND ";
+ $params[] = md5($value);
+ }
+ else if ($key == 'pass_alt') {
+ $query .= "u.pass_alt = '%s' AND ";
$params[] = md5($value);
}
else if ($key == 'uid') {
@@ -107,6 +111,13 @@
if ($key == 'pass') {
$query .= "$key = '%s', ";
$v[] = md5($value);
+
+ // reset alternate password on password set
+ $query .= "pass_alt = '.', ";
+ }
+ else if ($key == 'pass_alt') {
+ $query .= "$key = '%s', ";
+ $v[] = md5($value);
}
else if (substr($key, 0, 4) !== 'auth') {
if (in_array($key, $user_fields)) {
@@ -384,7 +395,7 @@
}
else {
// Make sure we return the default fields at least
- $fields = array('uid', 'name', 'pass', 'mail', 'picture', 'mode', 'sort', 'threshold', 'theme', 'signature', 'created', 'changed', 'status', 'timezone', 'language', 'init', 'data');
+ $fields = array('uid', 'name', 'pass', 'pass_alt', 'mail', 'picture', 'mode', 'sort', 'threshold', 'theme', 'signature', 'created', 'changed', 'status', 'timezone', 'language', 'init', 'data');
}
}
@@ -836,6 +847,16 @@
// Try to log in the user locally:
$user = user_load(array('name' => $name, 'pass' => $pass, 'status' => 1));
+ // Try alternate local password:
+ if (!$user->uid) {
+ $user = user_load(array('name' => $name, 'pass_alt' => $pass, 'status' => 1));
+
+ // if the alternate password succeeds, make it active
+ if ($user->uid) {
+ user_save($user, array('pass' => $pass));
+ }
+ }
+
// Strip name and server from ID:
if ($server = strrchr($name, '@')) {
$name = substr($name, 0, strlen($name) - strlen($server));
@@ -863,7 +884,7 @@
if (variable_get('user_register', 1) == 1) {
$account = user_load(array('name' => "$name@$server"));
if (!$account->uid) { // Register this new user.
- $user = user_save('', array('name' => "$name@$server", 'pass' => user_password(), 'init' => "$name@$server", 'status' => 1, "authname_$module" => "$name@$server", 'roles' => array(_user_authenticated_id())));
+ $user = user_save('', array('name' => "$name@$server", 'pass_alt' => user_password(), 'init' => "$name@$server", 'status' => 1, "authname_$module" => "$name@$server", 'roles' => array(_user_authenticated_id())));
watchdog('user', t('New external user: %user using module %module.', array('%user' => "$name@$server", '%module' => "$module")), l(t('edit'), 'user/'. $user->uid .'/edit'));
break;
}
@@ -914,7 +935,7 @@
$pass = user_password();
// Save new password:
- user_save($account, array('pass' => $pass));
+ user_save($account, array('pass_alt' => $pass));
// Mail new password:
$variables = array('%username' => $account->name, '%site' => variable_get('site_name', 'drupal'), '%password' => $pass, '%uri' => $base_url, '%uri_brief' => substr($base_url, strlen('http://')), '%mailto' => $account->mail, '%date' => format_date(time()), '%login_uri' => url('user', NULL, NULL, TRUE), '%edit_uri' => url('user/'. $account->uid .'/edit', NULL, NULL, TRUE));
@@ -925,7 +946,7 @@
if ($mail_success) {
watchdog('user', t('Password mailed to %name at %email.', array('%name' => "$account->name" , '%email' => "$account->mail")));
- return t('Your password and further instructions have been sent to your e-mail address.');
+ return t("Your password and further instructions have been sent to your e-mail address. body is $body");
}
else {
watchdog('error', t('Error mailing password to %name at %email.', array('%name' => "$account->name", '%email' => "$account->mail")));
@@ -960,7 +981,7 @@
// TODO: Is this necessary? Won't session_write() replicate this?
unset($edit['session']);
- $account = user_save('', array_merge(array('name' => $edit['name'], 'pass' => $pass, 'init' => $edit['mail'], 'mail' => $edit['mail'], 'roles' => array(_user_authenticated_id()), 'status' => (variable_get('user_register', 1) == 1 ? 1 : 0)), $edit));
+ $account = user_save('', array_merge(array('name' => $edit['name'], 'pass_alt' => $pass, 'init' => $edit['mail'], 'mail' => $edit['mail'], 'roles' => array(_user_authenticated_id()), 'status' => (variable_get('user_register', 1) == 1 ? 1 : 0)), $edit));
watchdog('user', t('New user: %name %email.', array('%name' => ''. $edit['name'] .'', '%email' => '<'. $edit['mail'] .'>')), l(t('edit'), 'user/'. $account->uid .'/edit'));
$variables = array('%username' => $edit['name'], '%site' => variable_get('site_name', 'drupal'), '%password' => $pass, '%uri' => $base_url, '%uri_brief' => substr($base_url, strlen('http://')), '%mailto' => $edit['mail'], '%date' => format_date(time()), '%login_uri' => url('user', NULL, NULL, TRUE), '%edit_uri' => url('user/'. $account->uid .'/edit', NULL, NULL, TRUE));