-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathLogonNew.xxm
87 lines (84 loc) · 3.07 KB
/
LogonNew.xxm
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
[[@txDefs,txSession,DataLank,sha1,]][[!var
s,t,u,salt,pwd:string;
id:integer;
qr:TQueryResult;
const
hex:array[0..15] of char='0123456789abcdef';
]][[
Context.Include('dHead.xxmi',['New user account activation']);
s:=Context['x'].Value;
//assert Use_NewUserEmailActivation
id:=
(((byte(s[13]) shr 6) and 1)*9+(byte(s[13]) and $F)) or
((((byte(s[17]) shr 6) and 1)*9+(byte(s[17]) and $F)) shl 4) or
((((byte(s[23]) shr 6) and 1)*9+(byte(s[23]) and $F)) shl 8) or
((((byte(s[31]) shr 6) and 1)*9+(byte(s[31]) and $F)) shl 12);
u:=' ';
qr:=TQueryResult.Create(Session.DbCon,'SELECT Usr.uid,Usr.login,Obj.name,Usr.email,Usr.pwd,0 AS isanon,pwd FROM Usr INNER JOIN Obj ON Obj.id=Usr.uid WHERE Usr.id=? AND Usr.suspended IS NULL',[id]);
try
t:='';//default
if not(qr.EOF) and (Copy(qr.GetStr('pwd'),1,1)='?') then
begin
t:=PasswordToken('||||','|||'+qr.GetStr('login')+'|||'+qr.GetStr('name')+'|||'+qr.GetStr('email')+'|||');
t[13]:=hex[id and $F];
t[17]:=hex[(id shr 4) and $F];
t[23]:=hex[(id shr 8) and $F];
t[31]:=hex[(id shr 12) and $F];
u:=qr.GetStr('pwd')+' ';
end;
if s<>t then u:=' ';
case u[1] of
'?':
if Context['id'].Value='' then //if Context.ContextString(csVerb)<>'Post' then
begin
<<h3>Password reset</h3>
<script><!--
[[Context.Include('iLogonJS.xxmi');]]
//--></script>
[[#txForm('LogonNew.xxm',['id',id,'uid',qr['uid'],'x',s])]]
[[#txFormProtect]]
<dl>
<dt>Login</dt><dd>>.login<</dd>
<dt>New password</dt><dd><input type="password" name="pwd1" id="pwd1" value="" onkeyup="pwd1Check(this.value);" onchange="pwd1Check(this.value);" />
<span id="pwd1Check"></span></dd>
<dt>Confirm</dt><dd><input type="password" name="pwd2" id="pwd2" value="" onkeyup="pwd2Check(this.value);" onchange="pwd2Check(this.value);" />
<span id="pwd2Check"></span></dd>
</dl>
[[#txFormButton]]
<a href="Users.xxm">back</a>
</form>
<script><!--
$("#pwd1")[0].focus();
//--></script>>
end
else
begin
CheckFormProtect(Context);
pwd:=Context['pwd1'].Value;
if (pwd<>Context['pwd2'].Value) then
raise Exception.Create('Password mismatch');
if Context['uid'].AsInteger<>qr.GetInt('uid') then
raise Exception.Create('Account mismatch');
salt:=NewPasswordSalt;
Session.DbCon.Execute('UPDATE Usr SET salt=?, pwd=? WHERE id=?',[salt,PasswordToken(salt,pwd),id]);
<<h3>Password reset</h3>
<p>Proceed to logon.</p>
<p><a href="Default.xxm">continue...</a></p>>
end;
'-':
begin
//Session.LoadUser(qr);?
Session.DbCon.Execute('UPDATE Usr SET pwd=SUBSTR(pwd,2) WHERE id=?',[id]);
<<h3>New user account activation</h3>
<p>Your account has been activated. <a href="Logon.xxm">Click here</a> to log on.</p>>
end;
else
begin
<<h3>New user account activation</h3>
<p>Unknown account activation code.</p>>
end;
end;
finally
qr.Free;
end;
Context.Include('dFoot.xxmi');