diff options
author | lpsolit%gmail.com <> | 2006-08-20 03:11:59 +0200 |
---|---|---|
committer | lpsolit%gmail.com <> | 2006-08-20 03:11:59 +0200 |
commit | 59285f71c6ed0d4db7d4b0455902130a2d7c83bd (patch) | |
tree | 49e2e47a53bb4ac31c10d3225b5e0a66edc5c126 /template/en/default/account/email | |
parent | 9dfdfd787ff4c0afac28b66e67082712ec2a3d92 (diff) | |
download | bugzilla-59285f71c6ed0d4db7d4b0455902130a2d7c83bd.tar.gz bugzilla-59285f71c6ed0d4db7d4b0455902130a2d7c83bd.tar.xz |
Bug 87795: Creating an account should send token and wait for confirmation (prevent user account abuse) - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat r=bkor a=myk
Diffstat (limited to 'template/en/default/account/email')
-rw-r--r-- | template/en/default/account/email/confirm-new.html.tmpl | 64 | ||||
-rw-r--r-- | template/en/default/account/email/request-new.txt.tmpl | 44 |
2 files changed, 108 insertions, 0 deletions
diff --git a/template/en/default/account/email/confirm-new.html.tmpl b/template/en/default/account/email/confirm-new.html.tmpl new file mode 100644 index 000000000..0e9ab98e5 --- /dev/null +++ b/template/en/default/account/email/confirm-new.html.tmpl @@ -0,0 +1,64 @@ +[%# 1.0@bugzilla.org %] +[%# The contents of this file are subject to the Mozilla Public + # License Version 1.1 (the "License"); you may not use this file + # except in compliance with the License. You may obtain a copy of + # the License at http://www.mozilla.org/MPL/ + # + # Software distributed under the License is distributed on an "AS + # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + # implied. See the License for the specific language governing + # rights and limitations under the License. + # + # The Original Code is the Bugzilla Bug Tracking System. + # + # Contributor(s): Frédéric Buclin <LpSolit@gmail.com> + #%] + +[%# INTERFACE: + # token: string. The token to be used in the user account creation. + # email: email address of the user account. + # date: creation date of the token. + #%] + +[% title = BLOCK %]Create a new user account for '[% email FILTER html %]'[% END %] +[% PROCESS "global/header.html.tmpl" + title = title + onload = "document.forms['confirm_account_form'].realname.focus();" %] + +[% expiration_ts = date + (constants.MAX_TOKEN_AGE * 86400) %] +<div> + To complete the creation of your user account, you must choose a password in the + form below. You can also enter your real name, which is optional.<p> + If you don't fill this form before + <u>[%+ time2str("%H:%M on the %o of %B, %Y", expiration_ts) %]</u>, the creation + of this account will be automatically cancelled. +</div> + +<form id="confirm_account_form" method="post" action="token.cgi"> + <input type="hidden" name="t" value="[% token FILTER html %]"> + <input type="hidden" name="a" value="confirm_new_account"> + <table> + <tr> + <th align="right">Email Address:</th> + <td>[% email FILTER html %]</td> + </tr> + <tr> + <th align="right"><label for="realname">Real Name</label>:</th> + <td><input type="text" id="realname" name="realname" value=""></td> + </tr> + <tr> + <th align="right"><label for="passwd1">Type your password</label>:</th> + <td><input type="password" id="passwd1" name="passwd1" value=""></td> + </tr> + <tr> + <th align="right"><label for="passwd1">Re-type your password</label>:</th> + <td><input type="password" id="passwd2" name="passwd2" value=""></td> + </tr> + <tr> + <th align="right"> </th> + <td><input type="submit" id="confirm" value="Send"></td> + </tr> + </table> +</form> + +[% PROCESS global/footer.html.tmpl %] diff --git a/template/en/default/account/email/request-new.txt.tmpl b/template/en/default/account/email/request-new.txt.tmpl new file mode 100644 index 000000000..85fdec157 --- /dev/null +++ b/template/en/default/account/email/request-new.txt.tmpl @@ -0,0 +1,44 @@ +[%# 1.0@bugzilla.org %] +[%# The contents of this file are subject to the Mozilla Public + # License Version 1.1 (the "License"); you may not use this file + # except in compliance with the License. You may obtain a copy of + # the License at http://www.mozilla.org/MPL/ + # + # Software distributed under the License is distributed on an "AS + # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + # implied. See the License for the specific language governing + # rights and limitations under the License. + # + # The Original Code is the Bugzilla Bug Tracking System. + # + # Contributor(s): Frédéric Buclin <LpSolit@gmail.com> + #%] + +[%# INTERFACE: + # token: random string used to authenticate the transaction. + # token_ts: creation date of the token. + # email: email address of the new account. + #%] + +[% PROCESS global/variables.none.tmpl %] + +[% expiration_ts = token_ts + (constants.MAX_TOKEN_AGE * 86400) %] +From: bugzilla-admin-daemon +To: [% email %] +Subject: [% terms.Bugzilla %]: confirm account creation + +[%+ terms.Bugzilla %] has received a request to create a user account +using your email address ([% email %]). + +To confirm that you want to create an account using that email address, +visit the following link: + +[%+ Param('urlbase') %]token.cgi?t=[% token FILTER url_quote %]&a=request_new_account + +If you are not the person who made this request, or you wish to cancel +this request, visit the following link: + +[%+ Param('urlbase') %]token.cgi?t=[% token FILTER url_quote %]&a=cancel_new_account + +If you do nothing, the request will lapse after [%+ constants.MAX_TOKEN_AGE %] days +(at precisely [%+ time2str("%H:%M on the %o of %B, %Y", expiration_ts) %]). |