fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

HOR-759

Browse Source 
Password is sent in clear text when "forgot password" functionality is used
This commit is contained in:
dheeyi
2016-04-13 15:41:31 -04:00
parent c674bbc64d
commit 9b720f8f54
1 changed files with 13 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
workflow/engine/methods/login/retrivePassword.php
View File

@@ -21,8 +21,14 @@ if ($userData['USR_EMAIL'] != '' && $userData['USR_EMAIL'] === $data['USR_EMAIL'
$newPass = G::generate_password(); $newPass = G::generate_password();
$aData['USR_UID'] = $userData['USR_UID']; $aData['USR_UID'] = $userData['USR_UID'];
$aData['USR_PASSWORD'] = Bootstrap::hashPassword($newPass); $aData['USR_PASSWORD'] = Bootstrap::hashPassword($newPass);
$oUserProperty = new UsersProperties();
$aUserPropertyData = $oUserProperty->load($aData['USR_UID']);
if (is_array($aUserPropertyData)) {
$aUserPropertyData['USR_LOGGED_NEXT_TIME'] = 1;
$oUserProperty = $oUserProperty->update($aUserPropertyData);
}
/* **Save after sending the mail /* **Save after sending the mail
$rbacUser->update($aData); $rbacUser->update($aData);
$user->update($aData); $user->update($aData);
@@ -81,14 +87,14 @@ if ($userData['USR_EMAIL'] != '' && $userData['USR_EMAIL'] === $data['USR_EMAIL'
$oSpool->sendMail(); $oSpool->sendMail();
$rbacUser->update($aData); $rbacUser->update($aData);
$user->update($aData); $user->update($aData);
G::header ("location: login"); G::header("location: login");
G::SendTemporalMessage ('ID_NEW_PASSWORD_SENT', "info"); G::SendTemporalMessage('ID_NEW_PASSWORD_SENT', "info");
} catch (phpmailerException $e) { } catch (phpmailerException $e) {
G::header ("location: login"); G::header("location: login");
G::SendTemporalMessage (G::LoadTranslation('MISSING_OR_NOT_CONFIGURED_SMTP'), "warning", 'string'); G::SendTemporalMessage(G::LoadTranslation('MISSING_OR_NOT_CONFIGURED_SMTP'), "warning", 'string');
} catch (Exception $e) { } catch (Exception $e) {
G::header ("location: login"); G::header("location: login");
G::SendTemporalMessage ($e->getMessage(), "warning", 'string'); G::SendTemporalMessage($e->getMessage(), "warning", 'string');
} }
} else { } else {
if ($userData['USR_AUTH_TYPE'] === '' || $userData['USR_AUTH_TYPE'] === 'MYSQL') { if ($userData['USR_AUTH_TYPE'] === '' || $userData['USR_AUTH_TYPE'] === 'MYSQL') {