From d6cd11df635941a4e7d35e6e45b4e59cb8bd4469 Mon Sep 17 00:00:00 2001
From: Florian Schaal <florian@schaal-24.de>
Date: Fri, 04 Sep 2015 07:57:19 -0400
Subject: [PATCH] default for mount backup_dir set to no

---
 interface/web/login/password_reset.php |   21 ++++++++++++---------
 1 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/interface/web/login/password_reset.php b/interface/web/login/password_reset.php
index f2e4e95..683a4bc 100644
--- a/interface/web/login/password_reset.php
+++ b/interface/web/login/password_reset.php
@@ -51,26 +51,29 @@
 	if(!preg_match("/^[\w\.\-\_]{1,64}$/", $_POST['username'])) die($app->lng('user_regex_error'));
 	if(!preg_match("/^\w+[\w.-]*\w+@\w+[\w.-]*\w+\.[a-z]{2,10}$/i", $_POST['email'])) die($app->lng('email_error'));
 
-	$username = $app->db->quote($_POST['username']);
-	$email = $app->db->quote($_POST['email']);
+	$username = $_POST['username'];
+	$email = $_POST['email'];
 
-	$client = $app->db->queryOneRecord("SELECT client.*, sys_user.lost_password_function FROM client,sys_user WHERE client.username = '$username' AND client.email = '$email' AND client.client_id = sys_user.client_id");
+	$client = $app->db->queryOneRecord("SELECT client.*, sys_user.lost_password_function FROM client,sys_user WHERE client.username = ? AND client.email = ? AND client.client_id = sys_user.client_id", $username, $email);
 
 	if($client['lost_password_function'] == 0) {
 		$app->tpl->setVar("error", $wb['lost_password_function_disabled_txt']);
 	} else {
 		if($client['client_id'] > 0) {
-			$new_password = $app->auth->get_random_password();
+			$server_config_array = $app->getconf->get_global_config();
+			$min_password_length = 8;
+			if(isset($server_config_array['misc']['min_password_length'])) $min_password_length = $server_config_array['misc']['min_password_length'];
+			
+			$new_password = $app->auth->get_random_password($min_password_length, true);
 			$new_password_encrypted = $app->auth->crypt_password($new_password);
-			$new_password_encrypted = $app->db->quote($new_password_encrypted);
 
-			$username = $app->db->quote($client['username']);
-			$app->db->query("UPDATE sys_user SET passwort = '$new_password_encrypted' WHERE username = '$username'");
-			$app->db->query("UPDATE client SET password = '$new_password_encrypted' WHERE username = '$username'");
+			$username = $client['username'];
+			$app->db->query("UPDATE sys_user SET passwort = ? WHERE username = ?", $new_password_encrypted, $username);
+			$app->db->query("UPDATE client SET password = ? WHERE username = ?", $new_password_encrypted, $username);
 			$app->tpl->setVar("message", $wb['pw_reset']);
 
 			$app->uses('getconf,ispcmail');
-			$mail_config = $app->getconf->get_global_config('mail');
+			$mail_config = $server_config_array['mail'];
 			if($mail_config['smtp_enabled'] == 'y') {
 				$mail_config['use_smtp'] = true;
 				$app->ispcmail->setOptions($mail_config);

--
Gitblit v1.9.1