Merge pull request #9 from anandpdoshi/master

Allow db name with $ symbol to be escaped in os.system commands

cgi-bin/webnotes/model/db_schema.py

@@ -358,7 +358,7 @@ class DbManager:
 		mysql = mysql_path and os.path.join(mysql_path, 'mysql') or 'mysql'
 		
 		try:
-			ret = os.system("%s -u root -p%s %s < %s"%(mysql, root_password.replace(" ", "\ "), target, source))
+			ret = os.system("%s -u root -p%s %s < %s"%(mysql, root_password.replace(" ", "\ "), target.replace("$", "\$"), source))
 		except Exception,e:
 			raise e
 

cgi-bin/webnotes/profile.py

@@ -150,10 +150,16 @@ class Profile:
 		
 		# get profile
 		profile = webnotes.conn.sql("SELECT name, email, first_name, last_name FROM tabProfile WHERE name=%s OR email=%s",(self.name, self.name))
-		
+
+		profile_cols = [desc[0] for desc in webnotes.conn.sql("DESCRIBE tabProfile")]
+
 		if not profile:
 			raise Exception, "Profile %s not found" % self.name
-		
+		elif 'registered' in profile_cols:
+			if not webnotes.conn.sql("SELECT registered FROM tabProfile WHERE name=%s", self.name)[0][0]:
+			# if an unregistered user tries to reset password
+				raise Exception, "You cannot reset your password as you have not completed registration. You need to complete registration using the link provided in the email."
+
 		# update tab Profile
 		webnotes.conn.sql("UPDATE tabProfile SET password=password(%s) WHERE name=%s", (pwd, profile[0][0]))