diff options
-rw-r--r-- | Bugzilla/User.pm | 15 | ||||
-rwxr-xr-x | userprefs.cgi | 17 |
2 files changed, 17 insertions, 15 deletions
diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm index c1ab65dc3..f707a8e80 100644 --- a/Bugzilla/User.pm +++ b/Bugzilla/User.pm @@ -179,20 +179,25 @@ sub super_user { sub update { my $self = shift; + my $options = shift; + my $changes = $self->SUPER::update(@_); my $dbh = Bugzilla->dbh; if (exists $changes->{login_name}) { - # If we changed the login, silently delete any tokens. - $dbh->do('DELETE FROM tokens WHERE userid = ?', undef, $self->id); + # Delete all the tokens related to the userid + $dbh->do('DELETE FROM tokens WHERE userid = ?', undef, $self->id) + unless $options->{keep_tokens}; # And rederive regex groups $self->derive_regexp_groups(); } # Logout the user if necessary. - Bugzilla->logout_user($self) - if (exists $changes->{login_name} || exists $changes->{disabledtext} - || exists $changes->{cryptpassword}); + Bugzilla->logout_user($self) + if (!$options->{keep_session} + && (exists $changes->{login_name} + || exists $changes->{disabledtext} + || exists $changes->{cryptpassword})); # XXX Can update profiles_activity here as soon as it understands # field names like login_name. diff --git a/userprefs.cgi b/userprefs.cgi index 4ba0fd906..a4083a981 100755 --- a/userprefs.cgi +++ b/userprefs.cgi @@ -79,6 +79,9 @@ sub DoAccount { sub SaveAccount { my $cgi = Bugzilla->cgi; my $dbh = Bugzilla->dbh; + + $dbh->bz_start_transaction; + my $user = Bugzilla->user; my $oldpassword = $cgi->param('old_password'); @@ -101,12 +104,7 @@ sub SaveAccount { validate_password($pwd1, $pwd2); if ($oldpassword ne $pwd1) { - my $cryptedpassword = bz_crypt($pwd1); - $dbh->do(q{UPDATE profiles - SET cryptpassword = ? - WHERE userid = ?}, - undef, ($cryptedpassword, $user->id)); - + $user->set_password($pwd1); # Invalidate all logins except for the current one Bugzilla->logout(LOGOUT_KEEP_CURRENT); } @@ -137,10 +135,9 @@ sub SaveAccount { } } - my $realname = trim($cgi->param('realname')); - trick_taint($realname); # Only used in a placeholder - $dbh->do("UPDATE profiles SET realname = ? WHERE userid = ?", - undef, ($realname, $user->id)); + $user->set_name($cgi->param('realname')); + $user->update({ keep_session => 1, keep_tokens => 1 }); + $dbh->bz_commit_transaction; } |