search

XOOPS / XoopsCore25

XOOPS Core 2.5.x (current release is 2.5.11: https://github.com/XOOPS/XoopsCore25/releases)
GNU General Public License v2.0
71 stars 59 forks source link

lostpass.php: issues with Google Cache on Gmail #1128

Open mambax7 opened 2 years ago

mambax7 commented 2 years ago

See here: https://xoops.org/modules/newbb/viewtopic.php?post_id=366276

lostpass.php Has some errors when the user is on Gmail Gmail on Chrome will use cache.google.com, If user clicks mail url【xoops_url/lostpass.php?email=xxx@xxx.com&code=xxxxx】 It will go to: google_url/url?q=xoops_url/lostpass.php?email%3Dxxx@xxx.com%26code%3Dxxxxx&source=gmail&ust=xxxxxxxx&usg=xxxxxxx"

cache.google.com will cache the URL and it will send【lostpass1.tpl】again.

Fix: 

if (empty($getuser)) {
    $msg = _US_SORRYNOTFOUND;
    redirect_header('user.php', 2, $msg);
} else {
    $code   = isset($_GET['code']) ? trim($_GET['code']) : '';
    $areyou = substr($getuser[0]->getVar('pass'), 0, 9);
    if ($code != '' && $areyou == $code) {
        $newpass     = xoops_makepass();
        $xoopsMailer = xoops_getMailer();
        $xoopsMailer->useMail();
        $xoopsMailer->setTemplate('lostpass2.tpl');
        $xoopsMailer->assign('SITENAME', $xoopsConfig['sitename']);
        $xoopsMailer->assign('ADMINMAIL', $xoopsConfig['adminmail']);
        $xoopsMailer->assign('SITEURL', XOOPS_URL . '/');
        $xoopsMailer->assign('IP', $_SERVER['REMOTE_ADDR']);
        $xoopsMailer->assign('AGENT', $_SERVER['HTTP_USER_AGENT']);
        $xoopsMailer->assign('NEWPWD', $newpass);
        $xoopsMailer->setToUsers($getuser[0]);
        $xoopsMailer->setFromEmail($xoopsConfig['adminmail']);
        $xoopsMailer->setFromName($xoopsConfig['sitename']);
        $xoopsMailer->setSubject(sprintf(_US_NEWPWDREQ, XOOPS_URL));
        if (!$xoopsMailer->send()) {
            echo $xoopsMailer->getErrors();
        }
        // Next step: add the new password to the database
        $sql = sprintf(
            "UPDATE %s SET pass = '%s' WHERE uid = %u",
            $xoopsDB->prefix('users'),
            password_hash($newpass, PASSWORD_DEFAULT),
            $getuser[0]->getVar('uid')
        );
        if (!$xoopsDB->queryF($sql)) {
            include $GLOBALS['xoops']->path('header.php');
            echo _US_MAILPWDNG;
            include $GLOBALS['xoops']->path('footer.php');
            exit();
        }
        redirect_header('user.php', 3, sprintf(_US_PWDMAILED, $getuser[0]->getVar('uname')), false);
        // If no Code, send it
    } elseif (isset($_POST['email'])) {
        $xoopsMailer = xoops_getMailer();
        $xoopsMailer->useMail();
        $xoopsMailer->setTemplate('lostpass1.tpl');
        $xoopsMailer->assign('SITENAME', $xoopsConfig['sitename']);
        $xoopsMailer->assign('ADMINMAIL', $xoopsConfig['adminmail']);
        $xoopsMailer->assign('SITEURL', XOOPS_URL . '/');
        $xoopsMailer->assign('IP', $_SERVER['REMOTE_ADDR']);
        $xoopsMailer->assign('AGENT', $_SERVER['HTTP_USER_AGENT']);
        $xoopsMailer->assign('NEWPWD_LINK', XOOPS_URL . '/lostpass.php?email=' . $email . '&code=' . $areyou);
        $xoopsMailer->setToUsers($getuser[0]);
        $xoopsMailer->setFromEmail($xoopsConfig['adminmail']);
        $xoopsMailer->setFromName($xoopsConfig['sitename']);
        $xoopsMailer->setSubject(sprintf(_US_NEWPWDREQ, $xoopsConfig['sitename']));
        include $GLOBALS['xoops']->path('header.php');
        if (!$xoopsMailer->send()) {
            echo $xoopsMailer->getErrors();
        }
        echo '';
        printf(_US_CONFMAIL, $getuser[0]->getVar('uname'));
        echo '';
        include $GLOBALS['xoops']->path('footer.php');
    } else {
        redirect_header('user.php', 2, 'Please input your EMAIL.');
    }
}
zyspec commented 2 years ago

When investigating need to check ./modules/profile/lostpass.php too since it uses the exact same code.

geekwright commented 2 years ago

I am suspicious, as the above code contains a bug (in $areyou generation) that was fixed over a year ago that could affect cache behavior.

Will investigate further.