[rt-users] Autoreset Password

Todd Chapman rt at chaka.net
Mon Oct 18 17:46:46 EDT 2004


Probably $out never goes out of of scope. Also you have
$out and $OUT, which are two different variables.

I bet of you change every instance of '.=' to '=' and
restart your web server everything will be fine.

-Todd

On Mon, Oct 18, 2004 at 05:43:40PM -0400, Hammad wrote:
> Guys:
> 
> I have the following 'scrips' to get executed in "reset password" queue upon
> creation of a new ticket, I was using RT 3.2.2. Here's the problem: Everytime
> an un-privileged user resets his password, he gets an email back with his
> password and the password for few other un-privileged users.(Huge Security
> problem) Its Random, sometime he only gets his password and sometimes email has
> few more usersname added to it. Help on this will be appreciated. BTW: this use
> to work with RT 3.0.10
> 
> -----------------Scrips----------------------------
> Subject: Your Password has been Reset
> 
> {*RT::User::GenerateRandomNextChar = \&RT::User::_GenerateRandomNextChar;
> 
>     if (($Transaction->CreatorObj->id != $RT::Nobody->id) &&
>         (!$Transaction->CreatorObj->Privileged)
>        )
>     {
>         my $user = RT::User->new($RT::SystemUser);
>         $user->Load($Transaction->CreatorObj->Id);
>         my ($stat, $pass) = $user->SetRandomPassword();
> 
>         if (!$stat) {
>                 $OUT .=
>            "An internal error has occurred. RT was not able to set a password
> for you.
>            Please contact your local RT administrator for assistance.";
> 
>         }
>     $out .= "
> Greetings:
> 
> Your password has been RESET as you requested. Please do not reply to this
> message or to this email address unless you want your password reset again.
> 
> If you have other issue and need to contact SYSADMIN.
> 
> Here is your password:
> 
>         Username: ".$user->Name."
>         Password: ".$pass."
> 
> Thank you,
>     ";
>     }
> }
> --------------------------End Scrips-------------------------
> 
> Hammad
> 
> 
> 
> 
> _______________________________________________
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
> 
> Be sure to check out the RT wiki at http://wiki.bestpractical.com



More information about the rt-users mailing list