From 7627a051da62e2113ef2ef19e6f368986eb99833 Mon Sep 17 00:00:00 2001 From: Anand Doshi Date: Fri, 5 Aug 2011 17:43:53 +0530 Subject: [PATCH 1/3] restore db fix. Allow dbname with $. Terminal didn't allow $ without escape char. --- cgi-bin/webnotes/model/db_schema.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cgi-bin/webnotes/model/db_schema.py b/cgi-bin/webnotes/model/db_schema.py index 0ab2de0b78..e1e02058d2 100644 --- a/cgi-bin/webnotes/model/db_schema.py +++ b/cgi-bin/webnotes/model/db_schema.py @@ -358,7 +358,7 @@ class DbManager: mysql = mysql_path and os.path.join(mysql_path, 'mysql') or 'mysql' try: - ret = os.system("%s -u root -p%s %s < %s"%(mysql, root_password.replace(" ", "\ "), target, source)) + ret = os.system("%s -u root -p%s %s < %s"%(mysql, root_password.replace(" ", "\ "), target.replace("$", "\$"), source)) except Exception,e: raise e From d99d252a702e10618732e31f5a311529e466ec39 Mon Sep 17 00:00:00 2001 From: Anand Doshi Date: Mon, 8 Aug 2011 16:28:10 +0530 Subject: [PATCH 2/3] Block unregistered users from resetting password --- cgi-bin/webnotes/profile.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/cgi-bin/webnotes/profile.py b/cgi-bin/webnotes/profile.py index dd135ee1ba..57d938f2a4 100644 --- a/cgi-bin/webnotes/profile.py +++ b/cgi-bin/webnotes/profile.py @@ -149,11 +149,14 @@ class Profile: pwd = self.get_random_password() # get profile - profile = webnotes.conn.sql("SELECT name, email, first_name, last_name FROM tabProfile WHERE name=%s OR email=%s",(self.name, self.name)) + profile = webnotes.conn.sql("SELECT name, email, first_name, last_name, registered FROM tabProfile WHERE name=%s OR email=%s",(self.name, self.name)) if not profile: raise Exception, "Profile %s not found" % self.name - + elif not profile[0][4]: + # if an unregistered user tries to reset password + raise Exception, "You cannot reset your password as you have not completed registration. You need to complete registration using the link provided in the email." + # update tab Profile webnotes.conn.sql("UPDATE tabProfile SET password=password(%s) WHERE name=%s", (pwd, profile[0][0])) From ce61112bfd44f5ce74d446b4ae9a8b19349b1488 Mon Sep 17 00:00:00 2001 From: Anand Doshi Date: Mon, 8 Aug 2011 16:52:09 +0530 Subject: [PATCH 3/3] Block a user from resetting password if registration is not complete --- cgi-bin/webnotes/profile.py | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/cgi-bin/webnotes/profile.py b/cgi-bin/webnotes/profile.py index 57d938f2a4..bb9a201da2 100644 --- a/cgi-bin/webnotes/profile.py +++ b/cgi-bin/webnotes/profile.py @@ -149,13 +149,16 @@ class Profile: pwd = self.get_random_password() # get profile - profile = webnotes.conn.sql("SELECT name, email, first_name, last_name, registered FROM tabProfile WHERE name=%s OR email=%s",(self.name, self.name)) - + profile = webnotes.conn.sql("SELECT name, email, first_name, last_name FROM tabProfile WHERE name=%s OR email=%s",(self.name, self.name)) + + profile_cols = [desc[0] for desc in webnotes.conn.sql("DESCRIBE tabProfile")] + if not profile: raise Exception, "Profile %s not found" % self.name - elif not profile[0][4]: + elif 'registered' in profile_cols: + if not webnotes.conn.sql("SELECT registered FROM tabProfile WHERE name=%s", self.name)[0][0]: # if an unregistered user tries to reset password - raise Exception, "You cannot reset your password as you have not completed registration. You need to complete registration using the link provided in the email." + raise Exception, "You cannot reset your password as you have not completed registration. You need to complete registration using the link provided in the email." # update tab Profile webnotes.conn.sql("UPDATE tabProfile SET password=password(%s) WHERE name=%s", (pwd, profile[0][0]))