summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Bugzilla/User.pm15
-rwxr-xr-xuserprefs.cgi17
2 files changed, 17 insertions, 15 deletions
diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm
index c1ab65dc3..f707a8e80 100644
--- a/Bugzilla/User.pm
+++ b/Bugzilla/User.pm
@@ -179,20 +179,25 @@ sub super_user {
sub update {
my $self = shift;
+ my $options = shift;
+
my $changes = $self->SUPER::update(@_);
my $dbh = Bugzilla->dbh;
if (exists $changes->{login_name}) {
- # If we changed the login, silently delete any tokens.
- $dbh->do('DELETE FROM tokens WHERE userid = ?', undef, $self->id);
+ # Delete all the tokens related to the userid
+ $dbh->do('DELETE FROM tokens WHERE userid = ?', undef, $self->id)
+ unless $options->{keep_tokens};
# And rederive regex groups
$self->derive_regexp_groups();
}
# Logout the user if necessary.
- Bugzilla->logout_user($self)
- if (exists $changes->{login_name} || exists $changes->{disabledtext}
- || exists $changes->{cryptpassword});
+ Bugzilla->logout_user($self)
+ if (!$options->{keep_session}
+ && (exists $changes->{login_name}
+ || exists $changes->{disabledtext}
+ || exists $changes->{cryptpassword}));
# XXX Can update profiles_activity here as soon as it understands
# field names like login_name.
diff --git a/userprefs.cgi b/userprefs.cgi
index 4ba0fd906..a4083a981 100755
--- a/userprefs.cgi
+++ b/userprefs.cgi
@@ -79,6 +79,9 @@ sub DoAccount {
sub SaveAccount {
my $cgi = Bugzilla->cgi;
my $dbh = Bugzilla->dbh;
+
+ $dbh->bz_start_transaction;
+
my $user = Bugzilla->user;
my $oldpassword = $cgi->param('old_password');
@@ -101,12 +104,7 @@ sub SaveAccount {
validate_password($pwd1, $pwd2);
if ($oldpassword ne $pwd1) {
- my $cryptedpassword = bz_crypt($pwd1);
- $dbh->do(q{UPDATE profiles
- SET cryptpassword = ?
- WHERE userid = ?},
- undef, ($cryptedpassword, $user->id));
-
+ $user->set_password($pwd1);
# Invalidate all logins except for the current one
Bugzilla->logout(LOGOUT_KEEP_CURRENT);
}
@@ -137,10 +135,9 @@ sub SaveAccount {
}
}
- my $realname = trim($cgi->param('realname'));
- trick_taint($realname); # Only used in a placeholder
- $dbh->do("UPDATE profiles SET realname = ? WHERE userid = ?",
- undef, ($realname, $user->id));
+ $user->set_name($cgi->param('realname'));
+ $user->update({ keep_session => 1, keep_tokens => 1 });
+ $dbh->bz_commit_transaction;
}