From e6d45b6d6028527079744af20dc9407a2a3867f2 Mon Sep 17 00:00:00 2001 From: Byron Jones Date: Tue, 25 Aug 2015 13:40:13 +0800 Subject: Bug 1196134 - add ability for admins to force a user to change their password on next login --- token.cgi | 25 +++++++------------------ 1 file changed, 7 insertions(+), 18 deletions(-) (limited to 'token.cgi') diff --git a/token.cgi b/token.cgi index e87e24fab..a326b2f32 100755 --- a/token.cgi +++ b/token.cgi @@ -212,25 +212,14 @@ sub changePassword { my ($token, $password) = @_; my $dbh = Bugzilla->dbh; - # Create a crypted version of the new password - my $cryptedpassword = bz_crypt($password); - - # Get the user's ID from the tokens table. - my ($userid) = $dbh->selectrow_array('SELECT userid FROM tokens - WHERE token = ?', undef, $token); - - # Update the user's password in the profiles table and delete the token - # from the tokens table. - $dbh->bz_start_transaction(); - $dbh->do(q{UPDATE profiles - SET cryptpassword = ? - WHERE userid = ?}, - undef, ($cryptedpassword, $userid) ); - Bugzilla->memcached->clear({ table => 'profiles', id => $userid }); - $dbh->do('DELETE FROM tokens WHERE token = ?', undef, $token); - $dbh->bz_commit_transaction(); + my ($user_id) = $dbh->selectrow_array('SELECT userid FROM tokens WHERE token = ?', undef, $token); + my $user = Bugzilla::User->check({ id => $user_id }); + $user->set_password($password); + $user->update(); + delete_token($token); + $dbh->do("DELETE FROM tokens WHERE userid = ? AND tokentype = 'password'", undef, $user_id); - Bugzilla->logout_user_by_id($userid); + Bugzilla->logout_user_by_id($user_id); $vars->{'message'} = "password_changed"; -- cgit v1.2.3-24-g4f1b