summaryrefslogtreecommitdiffstats
path: root/userprefs.cgi
diff options
context:
space:
mode:
Diffstat (limited to 'userprefs.cgi')
-rwxr-xr-xuserprefs.cgi95
1 files changed, 76 insertions, 19 deletions
diff --git a/userprefs.cgi b/userprefs.cgi
index e38cd4095..ddeb0f1f7 100755
--- a/userprefs.cgi
+++ b/userprefs.cgi
@@ -65,16 +65,33 @@ chop $defaultflagstring;
sub DoAccount {
SendSQL("SELECT realname FROM profiles WHERE userid = $userid");
$vars->{'realname'} = FetchSQLData();
+
+ if(Param('allowemailchange')) {
+ SendSQL("SELECT tokentype, issuedate + INTERVAL 3 DAY, eventdata
+ FROM tokens
+ WHERE userid = $userid
+ AND tokentype LIKE 'email%'
+ ORDER BY tokentype ASC LIMIT 1");
+ if(MoreSQLData()) {
+ my ($tokentype, $change_date, $eventdata) = &::FetchSQLData();
+ $vars->{'login_change_date'} = $change_date;
+
+ if($tokentype eq 'emailnew') {
+ my ($oldemail,$newemail) = split(/:/,$eventdata);
+ $vars->{'new_login_name'} = $newemail;
+ }
+ }
+ }
}
sub SaveAccount {
+ my $pwd1 = $::FORM{'new_password1'};
+ my $pwd2 = $::FORM{'new_password2'};
+
if ($::FORM{'Bugzilla_password'} ne "" ||
- $::FORM{'new_password1'} ne "" ||
- $::FORM{'new_password2'} ne "")
+ $pwd1 ne "" || $pwd2 ne "")
{
my $old = SqlQuote($::FORM{'Bugzilla_password'});
- my $pwd1 = SqlQuote($::FORM{'new_password1'});
- my $pwd2 = SqlQuote($::FORM{'new_password2'});
SendSQL("SELECT cryptpassword FROM profiles WHERE userid = $userid");
my $oldcryptedpwd = FetchOneColumn();
if (!$oldcryptedpwd) {
@@ -87,23 +104,63 @@ sub SaveAccount {
DisplayError("You did not enter your old password correctly.");
exit;
}
- if ($pwd1 ne $pwd2) {
- DisplayError("The two passwords you entered did not match.");
- exit;
+
+ if ($pwd1 ne "" || $pwd2 ne "")
+ {
+ if ($pwd1 ne $pwd2) {
+ DisplayError("The two passwords you entered did not match.");
+ exit;
+ }
+ if ($::FORM{'new_password1'} eq '') {
+ DisplayError("You must enter a new password.");
+ exit;
+ }
+ my $passworderror = ValidatePassword($pwd1);
+ (DisplayError($passworderror) && exit) if $passworderror;
+
+ my $cryptedpassword = SqlQuote(Crypt($pwd1));
+ SendSQL("UPDATE profiles
+ SET cryptpassword = $cryptedpassword
+ WHERE userid = $userid");
+ # Invalidate all logins except for the current one
+ InvalidateLogins($userid, $::COOKIE{"Bugzilla_logincookie"});
}
- if ($::FORM{'new_password1'} eq '') {
- DisplayError("You must enter a new password.");
- exit;
+ }
+
+ if(Param("allowemailchange") && $::FORM{'new_login_name'}) {
+ my $old_login_name = $::FORM{'Bugzilla_login'};
+ my $new_login_name = trim($::FORM{'new_login_name'});
+
+ if($old_login_name ne $new_login_name) {
+ if( $::FORM{'Bugzilla_password'} eq "") {
+ DisplayError("You must enter your old password to
+ change email address.");
+ exit;
+ }
+
+ use Token;
+ # Block multiple email changes for the same user.
+ if (Token::HasEmailChangeToken($userid)) {
+ DisplayError("Email change already in progress;
+ please check your email.");
+ exit;
+ }
+
+ # Before changing an email address, confirm one does not exist.
+ CheckEmailSyntax($new_login_name);
+ trick_taint($new_login_name);
+ if (!ValidateNewUser($new_login_name)) {
+ DisplayError("Account $new_login_name already exists");
+ exit;
+ }
+
+ Token::IssueEmailChangeToken($userid,$old_login_name,
+ $new_login_name);
+
+ $vars->{'changes_saved'} =
+ "An email has been sent to both old and new email
+ addresses to confirm the change of email address.";
}
- my $passworderror = ValidatePassword($::FORM{'new_password1'});
- (DisplayError($passworderror) && exit) if $passworderror;
-
- my $cryptedpassword = SqlQuote(Crypt($::FORM{'new_password1'}));
- SendSQL("UPDATE profiles
- SET cryptpassword = $cryptedpassword
- WHERE userid = $userid");
- # Invalidate all logins except for the current one
- InvalidateLogins($userid, $::COOKIE{"Bugzilla_logincookie"});
}
SendSQL("UPDATE profiles SET " .