Hack for old/new mixtures in email addresses ('{DOT}' vs. '.')

diff --git a/inc/libs/user_functions.php b/inc/libs/user_functions.php
index 8e1435575bbc784b2ab413086058ad3e6fdd4a85..75d9fe3de1494f7841a8413198543cb2e722032c 100644 (file)
--- a/inc/libs/user_functions.php
+++ b/inc/libs/user_functions.php
@@ -39,13 +39,13 @@
 // Some security stuff...
 if (!defined('__SECURITY')) {
        die();
 // Some security stuff...
 if (!defined('__SECURITY')) {
        die();

-}
+} // END - if

 
 // Add links for selecting some users
 function alpha ($sortby, $colspan, $return=false) {
        if (!isGetRequestElementSet('offset')) setRequestGetElement('offset', 0);
 
 // Add links for selecting some users
 function alpha ($sortby, $colspan, $return=false) {
        if (!isGetRequestElementSet('offset')) setRequestGetElement('offset', 0);

-       $add = "&page=".getRequestElement('page')."&offset=".getRequestElement('offset');
-       if (isGetRequestElementSet('mode')) $add .= "&mode=".getRequestElement('mode');
+       $add = '&page='.getRequestElement('page').'&offset='.getRequestElement('offset');
+       if (isGetRequestElementSet('mode')) $add .= '&mode='.getRequestElement('mode');

 
        /* Creates the list of letters and makes them a link. */
        $alphabet = explode(',', getMessage('_ALL2') . ',A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,' . getMessage('_OTHERS'));
 
        /* Creates the list of letters and makes them a link. */
        $alphabet = explode(',', getMessage('_ALL2') . ',A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,' . getMessage('_OTHERS'));


@@ -54,18 +54,18 @@ function alpha ($sortby, $colspan, $return=false) {
        while (list($counter, $ltr) = each($alphabet)) {
                if (getRequestElement('letter') == $ltr) {
                        // Current letter is letter from URL
        while (list($counter, $ltr) = each($alphabet)) {
                if (getRequestElement('letter') == $ltr) {
                        // Current letter is letter from URL

-                       $OUT .= "<strong>".$ltr."</strong>";
+                       $OUT .= '<strong>' . $ltr . '</strong>';

                } else {
                        // Output link to letter
                } else {
                        // Output link to letter

-                       $OUT .= "<a href=\"{?URL?}/modules.php?module=admin&amp;what=".getWhat();
-                       if (isGetRequestElementSet('mode')) $OUT .= "&amp;mode=".getRequestElement('mode');
-                       $OUT .= "&amp;letter=".$ltr."&amp;sortby=".$sortby.$add."\">".$ltr."</a>";
+                       $OUT .= '<a href="{?URL?}/modules.php?module=admin&amp;what=' . getWhat();
+                       if (isGetRequestElementSet('mode')) $OUT .= '&amp;mode=' . getRequestElement('mode');
+                       $OUT .= '&amp;letter=' . $ltr . '&amp;sortby=' . $sortby . $add . '">' . $ltr . '</a>';

                }
 
                if ((($counter / getConfig('user_alpha')) == round($counter / getConfig('user_alpha'))) && ($counter > 0)) {
                }
 
                if ((($counter / getConfig('user_alpha')) == round($counter / getConfig('user_alpha'))) && ($counter > 0)) {

-                       $OUT .= "&nbsp;]<br />[&nbsp;";
+                       $OUT .= '&nbsp;]<br />[&nbsp;';

                } elseif ( $counter != $num ) {
                } elseif ( $counter != $num ) {

-                       $OUT .= "&nbsp;|&nbsp;";
+                       $OUT .= '&nbsp;|&nbsp;';

                }
        } // END - while
 
                }
        } // END - while
 


@@ -111,9 +111,9 @@ function addSortLinks ($letter, $sortby, $colspan, $return=false) {
 
        foreach ($list as $sort => $title) {
                if ($sortby == $sort) {
 
        foreach ($list as $sort => $title) {
                if ($sortby == $sort) {

-                       $OUT .= "<strong>" . $title . "</strong>&nbsp;|&nbsp;";
+                       $OUT .= '<strong>' . $title . '</strong>&nbsp;|&nbsp;';

                } else {
                } else {

-                       $OUT .= "<a href=\"{?URL?}/modules.php?module=admin&amp;what=list_user&amp;letter=" . $letter . "&amp;sortby=" . $sort.$add . "\">" . $title . "</a>&nbsp;|&nbsp;";
+                       $OUT .= '<a href="{?URL?}/modules.php?module=admin&amp;what=list_user&amp;letter=' . $letter . '&amp;sortby=' . $sort.$add . '">' . $title . '</a>&nbsp;|&nbsp;';

                }
        } // END - foreach
 
                }
        } // END - foreach
 


@@ -406,9 +406,6 @@ function doUserLogin ($userid, $passwd, $successUrl = '', $errorUrl = 'modules.p
 
 // Try to send a new password for the given user account
 function doNewUserPassword ($email, $userid) {
 
 // Try to send a new password for the given user account
 function doNewUserPassword ($email, $userid) {

-       // Compile email when found in address (only secure chars!)
-       if (!empty($email)) $email = str_replace('{DOT}', '.', $email);
-

        // Init result and error
        $errorCode = '';
        $result = false;
        // Init result and error
        $errorCode = '';
        $result = false;


@@ -417,8 +414,8 @@ function doNewUserPassword ($email, $userid) {
        // @TODO We should try to rewrite this to fetchUserData() somehow
        if (!empty($email)) {
                // Email entered
        // @TODO We should try to rewrite this to fetchUserData() somehow
        if (!empty($email)) {
                // Email entered

-               $result = SQL_QUERY_ESC("SELECT `userid`, `status` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `email`='%s' LIMIT 1",
-                       array($email), __FUNCTION__, __LINE__);
+               $result = SQL_QUERY_ESC("SELECT `userid`, `status` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `email`='%s' OR `email`='%s' LIMIT 1",
+                       array($email, str_replace('.', '{DOT}', $email)), __FUNCTION__, __LINE__);

        } elseif ((isExtensionActive('nickname')) && (isNicknameOrUserid($userid))) {
                // Nickname entered
                $result = SQL_QUERY_ESC("SELECT `userid`, `status` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `nickname`='%s' OR `userid`='%s' OR `email`='%s' LIMIT 1",
        } elseif ((isExtensionActive('nickname')) && (isNicknameOrUserid($userid))) {
                // Nickname entered
                $result = SQL_QUERY_ESC("SELECT `userid`, `status` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `nickname`='%s' OR `userid`='%s' OR `email`='%s' LIMIT 1",