Announcement

Collapse
No announcement yet.

sec_change_pwd

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • pkrawetzky
    started a topic sec_change_pwd

    sec_change_pwd

    Does any know why I get an error message for a missing old password (Old password: must have at least 8 characters) when I'm in the process of creating a new password after getting the lost password email? The old password field is not even visible.

    I followed the link in the email which contains the act_code as a URL parameter. I've looked at the logic but can't find the issue. Why are licensed users of this product continually QA'ing SC's code? This is a pretty basic feature yet it doesn't work.

  • pkrawetzky
    replied
    In case you want replace SC's crappy change password code with something that works, here is what I am using now.

    if( (!isset({old_pswd}) || empty({old_pswd}) ) && (!isset([act_code]) || empty([act_code]) ) )
    {
    sc_error_message({lang_error_old_pswd});
    sc_error_exit();
    }

    if({pswd} != {confirm_pswd})
    {
    sc_error_message({lang_error_pswd});
    sc_error_exit();
    }

    $spswd = sc_sql_injection(md5({pswd}));

    if (isset([act_code]) && !empty([act_code]))
    {
    $sold_pswd = "activation_code= ". sc_sql_injection([act_code]) . "AND pswd = ". sc_sql_injection(md5({old_pswd}));
    }
    else
    {
    $sold_pswd = " pswd = ". sc_sql_injection(md5({old_pswd}));
    }
    //$sold_pswd = ( isset([act_code]) && !empty([act_code]) ) ? "activation_code= ". sc_sql_injection([act_code]) : " pswd = ". sc_sql_injection(md5({old_pswd}));

    if((isset({old_pswd}) || !empty({old_pswd})) && (!isset([act_code]) || empty([act_code])))
    {
    $sql = "SELECT count(*) FROM sec_users WHERE ". $sold_pswd ." AND login = '". [usr_login] . "'";
    sc_lookup(rs, $sql);

    if({rs} === FALSE || {rs}[0][0] == 0)
    {
    sc_error_message({lang_error_old_pswd});
    sc_error_exit();
    }
    }
    unset([act_code]);
    Last edited by pkrawetzky; 06-15-2016, 11:41 AM.

    Leave a comment:


  • pkrawetzky
    replied
    Never mind I figured it out. I had to rewrite the old password check code just below the password and confirm password validation. Thanks for the help I appreciate it.
    Last edited by pkrawetzky; 06-15-2016, 09:21 AM.

    Leave a comment:


  • pkrawetzky
    replied
    Oh this just gets better... I set the minimum size to zero and now I get Old Password Incorrect!

    Any suggestions?

    Leave a comment:


  • pkrawetzky
    replied
    Great! I just spent two hours trying to debug their crappy code. This is really starting to tick me off with their poor quality. Thanks I'll see if I can fix it based on your suggestion.

    Leave a comment:


  • aducom
    replied
    There are some issues in the generated application that you might need to fix. There's a minimum length setting in the form which you could disable if you like. The fun part is that if you generate the modules and use a smaller default password (which is allowed funny enough) that you can run into this issue.

    Leave a comment:

Working...
X