Download | Plain Text | No Line Numbers 

  1. --- html.orig/lostpwd.php	2007-12-19 01:26:31.000000000 +0100
  2. +++ html/lostpwd.php	2008-04-25 14:38:34.000000000 +0200
  3. @@ -101,10 +101,10 @@
  4.    			  $confixx_user = 'confixx';  
  5.    			$from = $confixx_user.'@'.$hostname;	
  6.    			$mailtext = "From: \"Confixx on $hostname\" <$from>".
  7. -  			"\n\n".ltext('lost_pwd_mail', array($_POST['username'], $newpw))."\n\n";
  8. +  			"\n\n".ltext('lost_pwd_mail', array($account_info['login'], $newpw))."\n\n";
  9.    			if(@mail($email, ltext('lost_pwd_mail_subj'), "",$mailtext,"-f$from")) {
  10.    			  db_query("INSERT INTO pwdreminder (user, password, usertype, server_id)".
  11. -  			           " VALUES ('" . $_POST['username'] . "', '$newpw', '$type', '$ServerID')");
  12. +  			           " VALUES ('" . $account_info['login'] . "', '$newpw', '$type', '$ServerID')");
  13.    			  $_SESSION['_error'] = 'lost_pwd_sent';
  14.  					$_SESSION['_error_args'] = null;
  15.    			}
  16. --- html.orig/include/login.inc.php	2007-12-19 01:26:32.000000000 +0100
  17. +++ html/include/login.inc.php	2008-04-17 13:26:00.000000000 +0200
  18. @@ -29,7 +29,8 @@
  19.  		break;
  20.  
  21.  	case USERTYPE_USER:
  22. -		db_query("UPDATE kunden SET longpw='$pwd' WHERE kunde='" . addslashes($user) . "'  AND server_id='$lcServerID'");
  23. +		db_query("UPDATE kunden SET longpw='$pwd', pw=1 WHERE kunde='" . addslashes($user) . "'  AND server_id='$lcServerID'");
  24. +		db_query("UPDATE allgemein SET newpwd=1 WHERE server_id='$lcServerID'");
  25.  		break;	
  26.  	}
  27.  
  28.