This should be set to something like 'http://localhost' for development
or 'https://aur.archlinux.org' in production. It ensures all links in
the site stay in the development site and there is no sudden jump from
development to production environments.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Wrap mysql_real_escape_string() in a wrapper function db_escape_string()
to ease porting to other databases, and as another step to pulling more
of the database code into a central location.
This is a rebased version of a patch by elij submitted about half a year
ago.
Thanks-to: elij <elij.mx@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Use the standard string type specifier instead of "%h" in format
strings. Both specifiers are treated equally in __() so we shouldn't
break anything here. This also allows us to replace the hacky
substitution algorithm in __() by vsprintf().
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Ensure we are not quoting these values in any of our SQL queries.
Thanks-to: elij <elij.mx@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This works by adding a new field to the 'Users' table called 'ResetKey',
which is a 32 characters long, random string. When the user requests a
password reset, a new 'reset key' is generated and sent to the user's
e-mail address in the form of a link in the following format:
http://aur.archlinux.org/passreset.php?resetkey=<reset key>
When the above link is followed, the user is presented with a form to
verify his/her e-mail address and specify the new desired password. If
the e-mail address matches the reset key in the database, the new
password is assigned to the account. If there is an error, a relevant
message is displayed and the user is prompted to re-enter the required
information. Upon successful completion of this procedure, the ResetKey
field in the database is blanked and the specific key cannot be reused.
One SQL query is needed to add the ResetKey field to the 'Users' table:
ALTER TABLE `Users` ADD `ResetKey` CHAR(32) NOT NULL DEFAULT '';
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
