Numerous fixes to upgrade scripts + eliminate ability of users to invalidate each others passwords

1 files changed, 10 insertions, 4 deletions

diff --git a/remind_password.php b/remind_password.php
index b746c6f..78532cc 100644
--- a/remind_password.php
+++ b/remind_password.php
@@ -1,6 +1,6 @@
 <?php
 /**
- * $Header: /cvsroot/bitweaver/_bit_users/remind_password.php,v 1.14 2006/06/04 20:32:45 spiderr Exp $
+ * $Header: /cvsroot/bitweaver/_bit_users/remind_password.php,v 1.15 2006/08/23 08:29:29 jht001 Exp $
  *
  * Copyright (c) 2004 bitweaver.org
  * Copyright (c) 2003 tikwiki.org
@@ -8,7 +8,7 @@
  * All Rights Reserved. See copyright.txt for details and a complete list of authors.
  * Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details
  *
- * $Id: remind_password.php,v 1.14 2006/06/04 20:32:45 spiderr Exp $
+ * $Id: remind_password.php,v 1.15 2006/08/23 08:29:29 jht001 Exp $
  * @package users
  * @subpackage functions
  */
@@ -35,8 +35,14 @@ if( $gBitUser->isRegistered() ) {
 			$pass = $userInfo['user_password'];
 			$tmp['success'] = tra("A password reminder email has been sent ");
 		} else {
-			$pass = $gBitUser->renewPassword( $_REQUEST["username"] );
-			$tmp['success'] = tra("A new password has been sent ");
+			$pass = $gBitUser->genPass();
+			list($pass,$provpass) = $gBitUser->createTempPassword( $_REQUEST["username"], $pass );
+			$foo = parse_url($_SERVER["REQUEST_URI"]);
+			$foo1=str_replace("remind_password","confirm",$foo["path"]);
+			$machine = httpPrefix().$foo1;
+			$gBitSmarty->assign('mail_machine',$machine);
+			$gBitSmarty->assign('mail_provpass', $provpass);
+			$tmp['success'] = tra("Information to reset your password has been sent ");
 		}
 		$tmp['success'] .= tra("to the registered email address for")." " . $_REQUEST["username"] . ".";