###################################################################### # C H A N G E E M A I L # # # # Suggestion -- # # If you use this modification, also use the "get_email" mod and # # do not allow your users to change their email addresses within # # their records. I would set the field for email address to -1 # # (hidden) and also install the change email address in records # # mod. This will ensure that the email address in the records # # matches the email address in the password file. # ###################################################################### ###################################################################### # script: db.cfg # # # # add new lines # # # # Where to put it-- # # after # # $auth_user_field = 0; # ###################################################################### # This is the field position in the database used for storing # the email address of the one who owns the record. Set to -1 if not # used. $auth_email_field = 4; ###################################################################### # script: db.cgi # # sub main # # # # add lines # # # # Where to add them -- # # after # # elsif ($in{'admin_display'}) { if ($per_admin) { &admin_display; } else { &html_unauth; } } ###################################################################### elsif ($in{'change_email_form'}) { unless ($db_userid eq "default") { &html_change_email_form; } else { &html_unauth; } } elsif ($in{'change_email'}) { unless ($db_userid eq "default") { &change_email; } else { &html_unauth; } } ###################################################################### # script: db.cgi # # sub change_email # # # # new subroutine # # There's probably a lot more in this routine than needs to be, # # but since I am a novice, I was happy that it at least works right # ###################################################################### sub change_email { # -------------------------------------------------------- #### Following subroutine added for secure_password_lookup mod my ($query, $uid, $sth, $orig_password, $crypt_pass, $rc, $update, $message, $userid, $pw, $view, $add, $del, $mod, $admin, $email, $password, $found, $output, $pass); # Check to make sure email is ok unless ($in{'email'} =~ /.+\@.+\..+/) { $message = "Invalid email address format."; } # Checks to see if email address is already on record. If so, it returns the error. # If email address is not on record, it continues. my $username_q = $DBH->quote($in{'userid'}); my $email_q = $DBH->quote($in{'email'}); $query = qq! SELECT * FROM $db_table_user WHERE Email = $email_q !; my $sth = $DBH->prepare ($query) or &cgierr("Unable to query database. Reason: $DBI::errstr. Query: $query"); $sth->execute or &cgierr("Unable to query database. Reason: $DBI::errstr. Query: $query"); if ($sth->rows) { $message = "Email address $email_q already exists. Please try another."; } if ($message) { &html_change_email_form($message); return; } elsif ($in{'username'} && !$in{'inquire'}) { $username_q = $DBH->quote($in{'username'}); if (($in{'email'} eq $email) && ($in{'username'} ne $userid)) { $message .= "email address already exists."; } foreach (qw!per_view per_add per_del per_mod per_admin!) { $update .= $_ . "=" . $DBH->quote($in{$_}) . ","; } chop ($update); $query = qq! SELECT * FROM $db_table_user WHERE username = $username_q !; my $sth = $DBH->prepare($query); $sth->execute(); if ($sth->rows) { my @salt_chars = ('A' .. 'Z', 0 .. 9, 'a' .. 'z', '.', '/'); $in{'pw'} = crypt($in{'pw'}, join '', @salt_chars[rand 64, rand 64]); $in{'pw'} = &generate_password; my @salt_chars = ('A' .. 'Z', 0 .. 9, 'a' .. 'z', '.', '/'); my $salt = join '', @salt_chars[rand 64, rand 64]; my $encrypted = crypt($in{'pw'}, $salt); my $password_q = $DBH->quote($encrypted); my $email_q = $DBH->quote($in{'email'}); $query = qq! UPDATE $db_table_user SET password=$password_q, email=$email_q WHERE username = $username_q !; $rc = $DBH->do($query); $rc ? ($message = "User: $in{'username'} updated.") : ($message = "Error updating user: $in{'username'}. Reason: $DBI::errstr"); } else { $message = "Error, user $username_q not found!"; } } open (MAIL, "$mailprog") || &cgierr("Can't start mail program"); print MAIL "To: $in{'email'}\n"; print MAIL "From: $admin_email\n"; print MAIL "Subject: $html_title New Password\n\n"; print MAIL "-" x 75 . "\n\n"; print MAIL "Here is your new $html_title password.\n\n"; print MAIL "Your $html_title User ID is: $in{'username'}\n"; print MAIL "Your $html_title password is: $in{'pw'}\n\n"; print MAIL "Please keep this email for future reference.\n\n"; print MAIL "To log on, go to\n\n"; print MAIL "$db_script_url?db=$db_setup\n"; print MAIL "and enter your User ID and password.\n\n"; print MAIL "Please contact $html_title support at: $admin_email\n"; print MAIL "if you have any questions.\n\n"; close (MAIL); &html_change_email_success; } ###################################################################### # script: db.cgi # # sub get_username # # # # new subroutine # # I got the idea to set this up to work the same way as the # # sub get_email from another mod. This pulls the username from the # # database. # ###################################################################### sub get_username { # -------------------------------------------------------- # Pulls the email address from the password file. my ($message, $userid, $pw, $view, $add, $del, $mod, $admin, $email, $password, $found, $output, $pass, $query); my $username_q = $DBH->quote($db_userid); $query = qq! SELECT * FROM $db_table_user WHERE username = $username_q !; my $sth = $DBH->prepare($query); $sth->execute(); if ($sth->rows) { while (@data = $sth->fetchrow_array) { $username = $data[0]; } } $sth->finish; return $username; } ##################################################################### # script: html.pl # # sub html_footer # # # # add line # # # # Where to put it-- # # after # # print qq!| Admin ! # if ($per_admin); # ##################################################################### print qq!| Change Email Address ! unless ($db_userid eq "default"); ############################################################################### # script: html.pl # # sub html_change_email_form # # # # new subroutine # # Modified to work with sub get_username subroutine # ############################################################################### sub html_change_email_form { # -------------------------------------------------------- # This form is displayed when users want to change their password. # my $error = shift; if ($in{'change_email_form'}) { $rec{'username'} = &get_username; } &html_print_headers; print qq| $html_title: Change Email Address.
$html_title: Change Email Address

<$font_title>Change Email Address

<$font>To change your email address, simply enter your new email address in the field below. You will then be asked to log in again, using the new password you will receive at your new address.

|; if ($error) { print "$error

"; } print qq|
Email address:

|; } sub html_change_email_success { # -------------------------------------------------------- &html_print_headers; print qq| $html_title: Email Address Changed
$html_title: Email Address Changed

<$font_title>Email Address Changed

<$font>Your email address has been changed! Please use your username and new password to log in.

User ID:
Password:

|; }