From: Janusz Dobrowolski <janusz@frontaccounting.eu>
Date: Tue, 31 Mar 2015 11:41:22 +0000 (+0200)
Subject: [0002707] Added check for email uniqueness during password reset.
X-Git-Tag: 2.3-final~61
X-Git-Url: https://delta.frontaccounting.com/gitweb/?p=fa-stable.git;a=commitdiff_plain;h=bbdff993d6f7a82e8de8b827c008691e037b37eb

[0002707] Added check for email uniqueness during password reset.
---

diff --git a/admin/db/users_db.inc b/admin/db/users_db.inc
index 7dfd7256..c50fc936 100644
--- a/admin/db/users_db.inc
+++ b/admin/db/users_db.inc
@@ -107,6 +107,9 @@ function get_user_by_email($email)
 
 	$result = db_query($sql, "could not get user for email $email");
 
+	if (db_num_rows($result) != 1)
+		return false;
+
 	return db_fetch($result);
 }
 
diff --git a/includes/current_user.inc b/includes/current_user.inc
index cc75e5e8..515f6e4e 100644
--- a/includes/current_user.inc
+++ b/includes/current_user.inc
@@ -139,18 +139,18 @@ class current_user
 
 		set_global_connection();
 
-		$myrow = get_user_by_email($email);
+		$user = get_user_by_email($email);
 
-		if ($myrow['id'] != "") {
+		if ($user != false) {
 
 			$bytes = openssl_random_pseudo_bytes(8, $cstrong);
 			$password   = base64_encode($bytes);
 
 			$hash = md5($password);
 
-			update_user_password($myrow['id'], $myrow['user_id'], $hash);
+			update_user_password($user['id'], $user['user_id'], $hash);
 
-			mail($myrow['email'], _("New password for")." ".$app_title, $password);
+			mail($user['email'], _("New password for")." ".$app_title, $password);
 
 			return true;
 		}
diff --git a/includes/session.inc b/includes/session.inc
index 73923741..cafdc15f 100644
--- a/includes/session.inc
+++ b/includes/session.inc
@@ -149,9 +149,9 @@ function password_reset_fail()
 	global $path_to_root;
 	
   echo "<center><br><br><font size='5' color='red'><b>" . _("Incorrect Email") . "<b></font><br><br>";
-  echo "<b>" . _("The email address does not exist in the system.") . "<b><br><br>";
+  echo "<b>" . _("The email address does not exist in the system, or is used by more than one user.") . "<b><br><br>";
 
-  echo _("If you are not an authorized user, please contact your system administrator to obtain an account to enable you to use the system.");
+  echo _("Plase try again or contact your system administrator to obtain new password.");
   echo "<br><a href='$path_to_root/index.php?reset=1'>" . _("Try again") . "</a>";
   echo "</center>";