Commit cd59a313 authored by Lukas Fleischer's avatar Lukas Fleischer
Browse files

Show hint if password is empty during login



A user might have an empty password due to two reasons:

* The user just created an account and needs to set an initial password.
* The password has been reset by the administrator.

In both cases, the user might be confused as to why the login does not
work. Add a message that helps users debug the issue in both cases.

Signed-off-by: default avatarLukas Fleischer <archlinux@cryptocrack.de>
parent 589f506a
......@@ -486,8 +486,16 @@ function try_login() {
else {
$login_error = "Error trying to generate session id.";
}
}
else {
} elseif (passwd_is_empty($userID)) {
$login_error = __('Your password has been reset. ' .
'If you just created a new account, please ' .
'use the link from the confirmation email ' .
'to set an initial password. Otherwise, ' .
'please request a reset key on the %s' .
'Password Reset%s page.', '<a href="' .
htmlspecialchars(get_uri('/passreset')) . '">',
'</a>');
} else {
$login_error = __("Bad username or password.");
}
}
......@@ -745,6 +753,27 @@ function valid_passwd($userID, $passwd) {
return false;
}
/**
* Determine if a user's password is empty
*
* @param string $uid The user ID to check for an empty password
*
* @return bool True if the user's password is empty, otherwise false
*/
function passwd_is_empty($uid) {
$dbh = DB::connect();
$q = "SELECT * FROM Users WHERE ID = " . $dbh->quote($uid) . " ";
$q .= "AND Passwd = " . $dbh->quote('');
$result = $dbh->query($q);
if ($result->fetchColumn()) {
return true;
} else {
return false;
}
}
/**
* Determine if the PGP key fingerprint is valid (must be 40 hexadecimal digits)
*
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment