summaryrefslogtreecommitdiffstats
path: root/token.cgi
diff options
context:
space:
mode:
Diffstat (limited to 'token.cgi')
-rwxr-xr-xtoken.cgi57
1 files changed, 35 insertions, 22 deletions
diff --git a/token.cgi b/token.cgi
index babcc028b..b2792306e 100755
--- a/token.cgi
+++ b/token.cgi
@@ -122,22 +122,22 @@ sub requestChangePassword {
my $token = $cgi->param('token');
check_hash_token($token, ['reqpw']);
- my $login_name = $cgi->param('loginname')
- or ThrowUserError("login_needed_for_password_change");
+ my $email = $cgi->param('email')
+ or ThrowUserError("email_needed_for_password_change");
- check_email_syntax($login_name);
- my $user = new Bugzilla::User({ name => $login_name });
+ my $userid = email_to_id($email, 'throw_error_if_not_exist');
+ my $user = new Bugzilla::User($userid);
# Make sure the user account is active.
- if ($user && !$user->is_enabled) {
+ if (!$user->is_enabled) {
ThrowUserError('account_disabled',
- {disabled_reason => get_text('account_disabled', {account => $login_name})});
+ {disabled_reason => get_text('account_disabled', {email => $email})});
}
- Bugzilla::Token::IssuePasswordToken($user) if $user;
+ Bugzilla::Token::IssuePasswordToken($user);
$vars->{'message'} = "password_change_request";
- $vars->{'login_name'} = $login_name;
+ $vars->{'email'} = $email;
print $cgi->header();
$template->process("global/message.html.tmpl", $vars)
@@ -208,7 +208,7 @@ sub changeEmail {
my ($old_email, $new_email) = split(/:/,$eventdata);
$dbh->bz_start_transaction();
-
+
my $user = Bugzilla::User->check({ id => $userid });
my $cgipassword = $cgi->param('password');
@@ -218,14 +218,14 @@ sub changeEmail {
# The new email address should be available as this was
# confirmed initially so cancel token if it is not still available
- if (! is_available_username($new_email,$old_email)) {
+ if (!is_available_email($new_email, $old_email)) {
$vars->{'email'} = $new_email; # Needed for Bugzilla::Token::Cancel's mail
Bugzilla::Token::Cancel($token, "account_exists", $vars);
ThrowUserError("account_exists", { email => $new_email } );
}
- # Update the user's login name in the profiles table.
- $user->set_login($new_email);
+ # Update the user's email address in the profiles table.
+ $user->set_email($new_email);
$user->update({ keep_session => 1, keep_tokens => 1 });
delete_token($token);
$dbh->do(q{DELETE FROM tokens WHERE userid = ?
@@ -256,8 +256,8 @@ sub cancelChangeEmail {
my $user = Bugzilla::User->check({ id => $userid });
# check to see if it has been altered
- if ($user->login ne $old_email) {
- $user->set_login($old_email);
+ if ($user->email ne $old_email) {
+ $user->set_email($old_email);
$user->update({ keep_tokens => 1 });
$vars->{'message'} = "email_change_canceled_reinstated";
@@ -285,13 +285,20 @@ sub cancelChangeEmail {
}
sub request_create_account {
- my ($date, $login_name, $token) = @_;
+ my ($date, $data, $token) = @_;
Bugzilla->user->check_account_creation_enabled;
- $vars->{'token'} = $token;
- $vars->{'email'} = $login_name . Bugzilla->params->{'emailsuffix'};
- $vars->{'expiration_ts'} = ctime(str2time($date) + MAX_TOKEN_AGE * 86400);
+ # Be careful! Some logins may contain ":" in them.
+ my ($email, $login) = split(':', $data, 2);
+ $vars = {
+ token => $token,
+ login => $login,
+ email => $email,
+ # Make sure nobody else chose this login meanwhile.
+ login_already_in_use => login_to_id($login) ? 1 : 0,
+ expiration_ts => ctime(str2time($date) + MAX_TOKEN_AGE * 86400)
+ };
print $cgi->header();
$template->process('account/email/confirm-new.html.tmpl', $vars)
@@ -299,7 +306,7 @@ sub request_create_account {
}
sub confirm_create_account {
- my ($login_name, $token) = @_;
+ my ($data, $token) = @_;
Bugzilla->user->check_account_creation_enabled;
@@ -308,8 +315,13 @@ sub confirm_create_account {
# Make sure that these never show up anywhere in the UI.
$cgi->delete('passwd1', 'passwd2');
+ # Be careful! Some logins may contain ":" in them.
+ my ($email, $login) = split(':', $data, 2);
+ $login = $cgi->param('login') if login_to_id($login);
+
my $otheruser = Bugzilla::User->create({
- login_name => $login_name,
+ login_name => $login,
+ email => $email,
realname => scalar $cgi->param('realname'),
cryptpassword => $password});
@@ -332,10 +344,11 @@ sub confirm_create_account {
}
sub cancel_create_account {
- my ($login_name, $token) = @_;
+ my ($data, $token) = @_;
$vars->{'message'} = 'account_creation_canceled';
- $vars->{'account'} = $login_name;
+ # Be careful! Some logins may contain ":" in them.
+ ($vars->{'email'}, $vars->{'login'}) = split(':', $data, 2);
Bugzilla::Token::Cancel($token, $vars->{'message'});
print $cgi->header();