[rt-users] Autoreset Password
Todd Chapman
rt at chaka.net
Mon Oct 18 17:46:46 EDT 2004
Probably $out never goes out of of scope. Also you have
$out and $OUT, which are two different variables.
I bet of you change every instance of '.=' to '=' and
restart your web server everything will be fine.
-Todd
On Mon, Oct 18, 2004 at 05:43:40PM -0400, Hammad wrote:
> Guys:
>
> I have the following 'scrips' to get executed in "reset password" queue upon
> creation of a new ticket, I was using RT 3.2.2. Here's the problem: Everytime
> an un-privileged user resets his password, he gets an email back with his
> password and the password for few other un-privileged users.(Huge Security
> problem) Its Random, sometime he only gets his password and sometimes email has
> few more usersname added to it. Help on this will be appreciated. BTW: this use
> to work with RT 3.0.10
>
> -----------------Scrips----------------------------
> Subject: Your Password has been Reset
>
> {*RT::User::GenerateRandomNextChar = \&RT::User::_GenerateRandomNextChar;
>
> if (($Transaction->CreatorObj->id != $RT::Nobody->id) &&
> (!$Transaction->CreatorObj->Privileged)
> )
> {
> my $user = RT::User->new($RT::SystemUser);
> $user->Load($Transaction->CreatorObj->Id);
> my ($stat, $pass) = $user->SetRandomPassword();
>
> if (!$stat) {
> $OUT .=
> "An internal error has occurred. RT was not able to set a password
> for you.
> Please contact your local RT administrator for assistance.";
>
> }
> $out .= "
> Greetings:
>
> Your password has been RESET as you requested. Please do not reply to this
> message or to this email address unless you want your password reset again.
>
> If you have other issue and need to contact SYSADMIN.
>
> Here is your password:
>
> Username: ".$user->Name."
> Password: ".$pass."
>
> Thank you,
> ";
> }
> }
> --------------------------End Scrips-------------------------
>
> Hammad
>
>
>
>
> _______________________________________________
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>
> Be sure to check out the RT wiki at http://wiki.bestpractical.com
More information about the rt-users
mailing list