summaryrefslogtreecommitdiffstats
path: root/changepassword.cgi
diff options
context:
space:
mode:
Diffstat (limited to 'changepassword.cgi')
-rwxr-xr-xchangepassword.cgi63
1 files changed, 38 insertions, 25 deletions
diff --git a/changepassword.cgi b/changepassword.cgi
index 9e031bb16..8a8e5623d 100755
--- a/changepassword.cgi
+++ b/changepassword.cgi
@@ -1,5 +1,5 @@
-#! /usr/bonsaitools/bin/mysqltcl
-# -*- Mode: tcl; indent-tabs-mode: nil -*-
+#!/usr/bonsaitools/bin/perl -w
+# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public License
# Version 1.0 (the "License"); you may not use this file except in
@@ -18,61 +18,74 @@
# Netscape Communications Corporation. All Rights Reserved.
#
# Contributor(s): Terry Weissman <terry@mozilla.org>
-source "CGI.tcl"
-confirm_login
+#! /usr/bonsaitools/bin/mysqltcl
+# -*- Mode: tcl; indent-tabs-mode: nil -*-
+
+require "CGI.pl";
-if {![info exists FORM(pwd1)]} {
- puts "Content-type: text/html
+confirm_login();
+
+if (! defined $::FORM{'pwd1'}) {
+ print "Content-type: text/html
<H1>Change your password</H1>
<form method=post>
<table>
<tr>
-<td align=right>Please enter the new password for <b>$COOKIE(Bugzilla_login)</b>:</td>
+<td align=right>Please enter the new password for <b>$::COOKIE{'Bugzilla_login'}</b>:</td>
<td><input type=password name=pwd1></td>
</tr>
<tr>
<td align=right>Re-enter your new password:</td>
<td><input type=password name=pwd2></td>
</table>
-<input type=submit value=Submit>"
- exit
+<input type=submit value=Submit>\n";
+ exit;
}
-if {![cequal $FORM(pwd1) $FORM(pwd2)]} {
- puts "Content-type: text/html
+if ($::FORM{'pwd1'} ne $::FORM{'pwd2'}) {
+ print "Content-type: text/html
<H1>Try again.</H1>
-The two passwords you entered did not match. Please click <b>Back</b> and try again."
- exit
+The two passwords you entered did not match. Please click <b>Back</b> and try again.\n";
+ exit;
}
-set pwd $FORM(pwd1)
+my $pwd = $::FORM{'pwd1'};
-if {![regexp {^[a-zA-Z0-9-_]*$} $pwd] || [clength $pwd] < 3 || [clength $pwd] > 15} {
- puts "Content-type: text/html
+if ($pwd !~ /^[a-zA-Z0-9-_]*$/ || length($pwd) < 3 || length($pwd) > 15) {
+ print "Content-type: text/html
<H1>Sorry; we're picky.</H1>
Please choose a password that is between 3 and 15 characters long, and that
contains only numbers, letters, hyphens, or underlines.
<p>
-Please click <b>Back</b> and try again."
- exit
+Please click <b>Back</b> and try again.\n";
+ exit;
}
-puts "Content-type: text/html\n"
+print "Content-type: text/html\n\n";
+
+# Generate a random salt.
+
+sub x {
+ my $sc="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789./";
+ return substr($sc, int (rand () * 100000) % (length ($sc) + 1), 1);
+}
+my $salt = x() . x();
+
+my $encrypted = crypt($pwd, $salt);
-SendSQL "select encrypt('$pwd')"
-set encrypted [lindex [FetchSQLData] 0]
+SendSQL("update profiles set password='$pwd',cryptpassword='$encrypted' where login_name=" .
+ SqlQuote($::COOKIE{'Bugzilla_login'}));
-SendSQL "update profiles set password='$pwd',cryptpassword='$encrypted' where login_name='[SqlQuote $COOKIE(Bugzilla_login)]'"
-SendSQL "update logincookies set cryptpassword = '$encrypted' where cookie = $COOKIE(Bugzilla_logincookie)"
+SendSQL("update logincookies set cryptpassword = '$encrypted' where cookie = $::COOKIE{'Bugzilla_logincookie'}");
-puts "<H1>OK, done.</H1>
+print "<H1>OK, done.</H1>
Your new password has been set.
<p>
-<a href=query.cgi>Back to query page.</a>"
+<a href=query.cgi>Back to query page.</a>\n";