summaryrefslogtreecommitdiffstats
path: root/createaccount.cgi
diff options
context:
space:
mode:
authorlpsolit%gmail.com <>2006-08-20 03:11:59 +0200
committerlpsolit%gmail.com <>2006-08-20 03:11:59 +0200
commit59285f71c6ed0d4db7d4b0455902130a2d7c83bd (patch)
tree49e2e47a53bb4ac31c10d3225b5e0a66edc5c126 /createaccount.cgi
parent9dfdfd787ff4c0afac28b66e67082712ec2a3d92 (diff)
downloadbugzilla-59285f71c6ed0d4db7d4b0455902130a2d7c83bd.tar.gz
bugzilla-59285f71c6ed0d4db7d4b0455902130a2d7c83bd.tar.xz
Bug 87795: Creating an account should send token and wait for confirmation (prevent user account abuse) - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat r=bkor a=myk
Diffstat (limited to 'createaccount.cgi')
-rwxr-xr-xcreateaccount.cgi19
1 files changed, 2 insertions, 17 deletions
diff --git a/createaccount.cgi b/createaccount.cgi
index ab011f336..6f325347e 100755
--- a/createaccount.cgi
+++ b/createaccount.cgi
@@ -60,21 +60,13 @@ unless ($createexp) {
my $login = $cgi->param('login');
if (defined($login)) {
- # We've been asked to create an account.
- my $realname = trim($cgi->param('realname'));
-
validate_email_syntax($login)
|| ThrowUserError('illegal_email_address', {addr => $login});
$vars->{'login'} = $login;
- $dbh->bz_lock_tables('profiles WRITE', 'profiles_activity WRITE',
- 'user_group_map WRITE', 'email_setting WRITE',
- 'groups READ', 'tokens READ', 'fielddefs READ');
-
if (!is_available_username($login)) {
# Account already exists
- $dbh->bz_unlock_tables();
$template->process("account/exists.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
exit;
@@ -83,17 +75,10 @@ if (defined($login)) {
if ($login !~ /$createexp/) {
ThrowUserError("account_creation_disabled");
}
-
- # Create account
- my $password = insert_new_user($login, $realname);
-
- $dbh->bz_unlock_tables();
- # Clear out the login cookies in case the user is currently logged in.
- Bugzilla->logout();
+ # Create and send a token for this new account.
+ Bugzilla::Token::issue_new_user_account_token($login);
- Bugzilla::BugMail::MailPassword($login, $password);
-
$template->process("account/created.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
exit;