###################################################################### # C H A N G E E M A I L # # # # Suggestion -- # # If you use this modification, also use the "get_email" mod and # # do not allow your users to change their email addresses within # # their records. I would set the field for email address to -1 # # (hidden) and also install the change email address in records # # mod. This will ensure that the email address in the records # # matches the email address in the password file. # ###################################################################### ###################################################################### # script: default.cfg # # # # add new lines # # # # Where to put it-- # # after # # $auth_user_field = 0; # ###################################################################### # This is the field position in the database used for storing # the email address of the one who owns the record. Set to -1 if not # used. $auth_email_field = 4; ###################################################################### # script: db.cgi # # sub main # # # # add lines # # # # Where to add them -- # # after # # elsif ($in{'admin_display'}) { if ($per_admin) { &admin_display; } else { &html_unauth; } } ###################################################################### elsif ($in{'change_email_form'}) { unless ($db_userid eq "default") { &html_change_email_form; } else { &html_unauth; } } elsif ($in{'change_email'}) { unless ($db_userid eq "default") { &change_email; } else { &html_unauth; } } ###################################################################### # script: db.cgi # # sub change_email # # # # new subroutine # # # ###################################################################### sub change_email { # -------------------------------------------------------- #### Following subroutine added for secure_password_lookup mod my ($message, $userid, $pw, $view, $add, $del, $mod, $admin, $email, $password, $found, $output, $pass); # Check to make sure email is ok unless ($in{'email'} =~ /.+\@.+\..+/) { $message = "Invalid email address format."; } open (PASSWD, "<$auth_pw_file") || &cgierr("unable to open password file. Reason: $!\n"); @passwds = ; close PASSWD; foreach $pass (@passwds) { # Go through each pass and see if we match.. chomp ($pass); ($userid, $pw, $view, $add, $del, $mod, $admin, $email) = split (/:/, $pass); if (($in{'email'} eq $email) && ($db_userid ne $userid)) { $message = "Email address already exists."; } elsif (($in{'email'} eq $email) && ($db_userid eq $userid)) { $message = "You entered the same email address which is already on file"; } } if ($message) { &html_change_email_form($message); return; } open (PASSWD, "<$auth_pw_file") || &cgierr("unable to open password file. Reason: $!\n"); @passwds = ; close PASSWD; $found = ''; PASS: foreach $pass (@passwds) { # Go through each pass and see if we match.. next PASS if ($pass =~ /^$/); # Skip blank lines. chomp ($pass); if ($pass =~ /^$db_userid:/) { $found = $pass; } else { $output .= $pass . "\n"; } } if (!$found) { &html_change_email_form ("Your userid was not found in the password file."); return; } open (PASS, ">$auth_pw_file") or &cgierr ("unable to open: $auth_pw_file.\nReason: $!"); if ($db_use_flock) { flock(PASS, 2) or &cgierr("unable to get exclusive lock on $auth_pw_file.\nReason: $!"); } print PASS $output; close PASS; ($userid, $pw, $view, $add, $del, $mod, $admin, $email) = split (/:/, $found); $password = &generate_password; srand( time() ^ ($$ + ($$ << 15)) ); # Seed Random Number my @salt_chars = ('A' .. 'Z', 0 .. 9, 'a' .. 'z', '.', '/'); my $salt = join '', @salt_chars[rand 64, rand 64]; my $encrypted = crypt($password, $salt); open (PASS, ">>$auth_pw_file") or &cgierr ("unable to open: $auth_pw_file.\nReason: $!"); if ($db_use_flock) { flock(PASS, 2) or &cgierr("unable to get exclusive lock on $auth_pw_file.\nReason: $!"); } print PASS "$userid:$encrypted:$view:$add:$del:$mod:$admin:$in{'email'}\n"; close PASS; open (MAIL, "$mailprog") || &cgierr("Can't start mail program"); print MAIL "To: $in{'email'}\n"; print MAIL "From: $admin_email\n"; print MAIL "Subject: $html_title New Password\n\n"; print MAIL "-" x 75 . "\n\n"; print MAIL "Here is your new $html_title password.\n\n"; print MAIL "Your $html_title User ID is: $userid\n"; print MAIL "Your $html_title password is: $password\n\n"; print MAIL "Please keep this email for future reference.\n\n"; print MAIL "To log on, go to\n\n"; print MAIL "$db_script_url?db=$db_setup\n"; print MAIL "and enter your User ID and password.\n\n"; print MAIL "Please contact $html_title support at: $admin_email\n"; print MAIL "if you have any questions.\n\n"; close (MAIL); &html_change_email_success; }