sec_change_pwd

Scriptcase 8 Bugs
#1

I’m just curious how long it is going to take to straighten out your bad code. I just spent 2 hours debugging your generated code for sec_change_pwd because:

  1. it was validating an old password when I was changing the password based on the link within the generated email for a lost password
  2. after that it was trying to validate the old password which is not valid in this situation

Your quality assurance of your generated code is horrible. Apparently you take any pride in releasing reliable/usable code.

#2

Here is what I’m using now.

if( (!isset({old_pswd}) || empty({old_pswd}) ) && (!isset([act_code]) || empty([act_code]) ) )
{
sc_error_message({lang_error_old_pswd});
sc_error_exit();
}

if({pswd} != {confirm_pswd})
{
sc_error_message({lang_error_pswd});
sc_error_exit();
}

$spswd = sc_sql_injection(md5({pswd}));

if (isset([act_code]) && !empty([act_code]))
{
$sold_pswd = "activation_code= ". sc_sql_injection([act_code]) . "AND pswd = ". sc_sql_injection(md5({old_pswd}));
}
else
{
$sold_pswd = " pswd = ". sc_sql_injection(md5({old_pswd}));
}
//$sold_pswd = ( isset([act_code]) && !empty([act_code]) ) ? "activation_code= ". sc_sql_injection([act_code]) : " pswd = ". sc_sql_injection(md5({old_pswd}));

if((isset({old_pswd}) || !empty({old_pswd})) && (!isset([act_code]) || empty([act_code])))
{
$sql = “SELECT count(*) FROM sec_users WHERE “. $sold_pswd .” AND login = '”. [usr_login] . “’”;
sc_lookup(rs, $sql);

if({rs} === FALSE || {rs}[0][0] == 0)
{
    sc_error_message({lang_error_old_pswd});
    sc_error_exit();    
}

}
unset([act_code]);