summaryrefslogtreecommitdiffstats
path: root/Bugzilla
diff options
context:
space:
mode:
authorjustdave%syndicomm.com <>2002-04-02 08:52:37 +0200
committerjustdave%syndicomm.com <>2002-04-02 08:52:37 +0200
commita8c72c4d3b30aa45a587a846d825235f5e8fc8a5 (patch)
tree7200e87785413e4e8104860ea10ff394e716d108 /Bugzilla
parent0e583bdb0923a962fcef1af39896398862e13077 (diff)
downloadbugzilla-a8c72c4d3b30aa45a587a846d825235f5e8fc8a5.tar.gz
bugzilla-a8c72c4d3b30aa45a587a846d825235f5e8fc8a5.tar.xz
Remaining pieces of Bug 23067 from yesterday... no idea why the first commit didn't pick these up.
Diffstat (limited to 'Bugzilla')
-rw-r--r--Bugzilla/Token.pm118
1 files changed, 100 insertions, 18 deletions
diff --git a/Bugzilla/Token.pm b/Bugzilla/Token.pm
index 4f7f61882..9c136184b 100644
--- a/Bugzilla/Token.pm
+++ b/Bugzilla/Token.pm
@@ -37,6 +37,62 @@ package Token;
# Functions
################################################################################
+sub IssueEmailChangeToken {
+ my ($userid, $old_email, $new_email) = @_;
+
+ # Generate a unique token and insert it into the tokens table.
+ # We have to lock the tokens table before generating the token,
+ # since the database must be queried for token uniqueness.
+ &::SendSQL("LOCK TABLES tokens WRITE");
+ my $token = GenerateUniqueToken();
+ my $quotedtoken = &::SqlQuote($token);
+ my $quoted_emails = &::SqlQuote($old_email . ":" . $new_email);
+ &::SendSQL("INSERT INTO tokens ( userid , issuedate , token ,
+ tokentype , eventdata )
+ VALUES ( $userid , NOW() , $quotedtoken ,
+ 'emailold' , $quoted_emails )");
+ my $newtoken = GenerateUniqueToken();
+ $quotedtoken = &::SqlQuote($newtoken);
+ &::SendSQL("INSERT INTO tokens ( userid , issuedate , token ,
+ tokentype , eventdata )
+ VALUES ( $userid , NOW() , $quotedtoken ,
+ 'emailnew' , $quoted_emails )");
+ &::SendSQL("UNLOCK TABLES");
+
+ # Mail the user the token along with instructions for using it.
+
+ my $template = $::template;
+ my $vars = $::vars;
+
+ $vars->{'oldemailaddress'} = $old_email . &::Param('emailsuffix');
+ $vars->{'newemailaddress'} = $new_email . &::Param('emailsuffix');
+
+ $vars->{'token'} = &::url_quote($token);
+ $vars->{'emailaddress'} = $old_email . &::Param('emailsuffix');
+
+ my $message;
+ $template->process("token/emailchangeold.txt.tmpl", $vars, \$message)
+ || &::DisplayError("Template process failed: " . $template->error())
+ && exit;
+
+ open SENDMAIL, "|/usr/lib/sendmail -t -i";
+ print SENDMAIL $message;
+ close SENDMAIL;
+
+ $vars->{'token'} = &::url_quote($newtoken);
+ $vars->{'emailaddress'} = $new_email . &::Param('emailsuffix');
+
+ $message = "";
+ $template->process("token/emailchangenew.txt.tmpl", $vars, \$message)
+ || &::DisplayError("Template process failed: " . $template->error())
+ && exit;
+
+ open SENDMAIL, "|/usr/lib/sendmail -t -i";
+ print SENDMAIL $message;
+ close SENDMAIL;
+
+}
+
sub IssuePasswordToken {
# Generates a random token, adds it to the tokens table, and sends it
# to the user with instructions for using it to change their password.
@@ -65,6 +121,14 @@ sub IssuePasswordToken {
}
+sub CleanTokenTable {
+ &::SendSQL("LOCK TABLES tokens WRITE");
+ &::SendSQL("DELETE FROM tokens
+ WHERE TO_DAYS(NOW()) - TO_DAYS(issuedate) >= 3");
+ &::SendSQL("UNLOCK TABLES");
+}
+
+
sub GenerateUniqueToken {
# Generates a unique random token. Uses &GenerateRandomPassword
# for the tokens themselves and checks uniqueness by searching for
@@ -143,25 +207,27 @@ sub Cancel {
# Format the user's real name and email address into a single string.
my $username = $realname ? $realname . " <" . $loginname . ">" : $loginname;
- # Notify the user via email about the cancellation.
- open SENDMAIL, "|/usr/lib/sendmail -t -i";
- print SENDMAIL qq|From: bugzilla-daemon
-To: $username
-Subject: "$tokentype" token cancelled
+ my $template = $::template;
+ my $vars = $::vars;
-A token was cancelled from $::ENV{'REMOTE_ADDR'}. This is either
-an honest mistake or the result of a malicious hack attempt.
-Take a look at the information below and forward this email
-to $maintainer if you suspect foul play.
+ $vars->{'emailaddress'} = $username;
+ $vars->{'maintainer'} = $maintainer;
+ $vars->{'remoteaddress'} = $::ENV{'REMOTE_ADDR'};
+ $vars->{'token'} = &::url_quote($token);
+ $vars->{'tokentype'} = $tokentype;
+ $vars->{'issuedate'} = $issuedate;
+ $vars->{'eventdata'} = $eventdata;
+ $vars->{'cancelaction'} = $cancelaction;
- Token: $token
- Token Type: $tokentype
- User: $username
- Issue Date: $issuedate
- Event Data: $eventdata
+ # Notify the user via email about the cancellation.
-Cancelled Because: $cancelaction
-|;
+ my $message;
+ $template->process("token/tokencancel.txt.tmpl", $vars, \$message)
+ || &::DisplayError("Template process failed: " . $template->error())
+ && exit;
+
+ open SENDMAIL, "|/usr/lib/sendmail -t -i";
+ print SENDMAIL $message;
close SENDMAIL;
# Delete the token from the database.
@@ -171,14 +237,30 @@ Cancelled Because: $cancelaction
}
sub HasPasswordToken {
- # Returns a password token if the user has one. Otherwise returns 0 (false).
+ # Returns a password token if the user has one.
my ($userid) = @_;
- &::SendSQL("SELECT token FROM tokens WHERE userid = $userid LIMIT 1");
+ &::SendSQL("SELECT token FROM tokens
+ WHERE userid = $userid AND tokentype = 'password' LIMIT 1");
my ($token) = &::FetchSQLData();
return $token;
}
+sub HasEmailChangeToken {
+ # Returns an email change token if the user has one.
+
+ my ($userid) = @_;
+
+ &::SendSQL("SELECT token FROM tokens
+ WHERE userid = $userid
+ AND tokentype = 'emailnew'
+ OR tokentype = 'emailold' LIMIT 1");
+ my ($token) = &::FetchSQLData();
+
+ return $token;
+}
+
+
1;