diff --git a/db/boinc_db_types.h b/db/boinc_db_types.h index 8d9cfd88ea1..c352446fe71 100644 --- a/db/boinc_db_types.h +++ b/db/boinc_db_types.h @@ -210,6 +210,7 @@ struct USER { // the "external CPID" that gets exported to stats sites // is MD5(cpid, email) char passwd_hash[256]; + // MD5(password, email_addr) bool email_validated; // deprecated int donated; char login_token[32]; diff --git a/html/inc/user.inc b/html/inc/user.inc index ed6f969e7ce..cb0bc7e4bf9 100644 --- a/html/inc/user.inc +++ b/html/inc/user.inc @@ -204,6 +204,16 @@ function notify_description($notify) { return null; } +// a string that can be used to authenticate some operations, +// but can't be used to log in to the account +// (e.g. can't be used to change email addr or passwd) +// +// this is a function of +// - authenticator (never changes) +// - user ID (never changes) +// - password +// - email addr +// function weak_auth($user) { $x = md5($user->authenticator.$user->passwd_hash); return "{$user->id}_$x"; diff --git a/html/user/edit_email_form.php b/html/user/edit_email_form.php index ffb326b3850..8b8e746bd35 100644 --- a/html/user/edit_email_form.php +++ b/html/user/edit_email_form.php @@ -24,6 +24,8 @@ $user = get_logged_in_user(); page_head(tra("Change email address")); +echo tra("Note: if you change your email address, your %1weak account key%2 will change.", "", ""); +echo "
"; $email_text = ""; if (is_valid_email_addr($user->email_addr)) { diff --git a/html/user/edit_passwd_form.php b/html/user/edit_passwd_form.php index 478ec110c89..110c273112a 100644 --- a/html/user/edit_passwd_form.php +++ b/html/user/edit_passwd_form.php @@ -24,6 +24,8 @@ $user = get_logged_in_user(); page_head(tra("Change password")); +echo tra("Note: if you change your password, your %1weak account key%2 will change.", "", ""); +echo "
"; form_start(secure_url_base()."edit_passwd_action.php", "post"); form_input_text(tra("New password"), "passwd", "", "password",'id="passwd"',passwd_visible_checkbox("passwd")); diff --git a/html/user/weak_auth.php b/html/user/weak_auth.php index 75266224a15..dd00218d6b1 100644 --- a/html/user/weak_auth.php +++ b/html/user/weak_auth.php @@ -20,7 +20,6 @@ require_once("../inc/user.inc"); $user = get_logged_in_user(); -page_head(tra("Account keys")); $weak_auth = weak_auth($user); @@ -48,21 +47,23 @@ // $account_file = "account_" . rtrim($url, '_') . ".xml"; +page_head(tra("Account keys")); +text_start(); echo "
",
tra("You can access your account either by using your email address and password,
or by using an assigned 'account key'.
Your account key is:"),
- "$user->authenticator+ " $user->authenticator ", tra("This key can be used to:"), "
|