diff options
Diffstat (limited to 'userprefs.cgi')
| -rwxr-xr-x | userprefs.cgi | 58 |
1 files changed, 38 insertions, 20 deletions
diff --git a/userprefs.cgi b/userprefs.cgi index c94c63f5f..54cad3c51 100755 --- a/userprefs.cgi +++ b/userprefs.cgi @@ -37,8 +37,6 @@ sub DoAccount { my $dbh = Bugzilla->dbh; my $user = Bugzilla->user; - $vars->{'realname'} = $user->name; - if (Bugzilla->params->{'allowemailchange'} && $user->authorizer->can_change_email) { @@ -55,11 +53,11 @@ sub DoAccount { ORDER BY tokentype ASC " . $dbh->sql_limit(1), undef, $user->id); if (scalar(@token) > 0) { my ($tokentype, $change_date, $eventdata) = @token; - $vars->{'login_change_date'} = $change_date; + $vars->{'email_change_date'} = $change_date; if($tokentype eq 'emailnew') { my ($oldemail,$newemail) = split(/:/,$eventdata); - $vars->{'new_login_name'} = $newemail; + $vars->{'new_email'} = $newemail; } } } @@ -77,7 +75,8 @@ sub SaveAccount { my $verified_password; my $pwd1 = $cgi->param('new_password1'); my $pwd2 = $cgi->param('new_password2'); - my $new_login_name = trim(scalar $cgi->param('new_login_name')); + my $new_login = clean_text(scalar $cgi->param('new_login')); + my $new_email = clean_text(scalar $cgi->param('new_email')); if ($user->authorizer->can_change_password && ($pwd1 ne "" || $pwd2 ne "")) @@ -95,28 +94,47 @@ sub SaveAccount { } } + # This is used only if email and login are separate + if ($user->authorizer->can_change_login + && !Bugzilla->params->{"use_email_as_login"} + && $new_login + && $user->login ne $new_login) + { + $verified_password || $user->check_current_password($oldpassword); + + if ($new_login =~ /@/ && + $new_login ne $user->email) + { + ThrowUserError("login_at_sign_disallowed"); + } + + if (Bugzilla::Token::HasEmailChangeToken($user->id)) { + ThrowUserError("login_change_during_email_change"); + } + + $user->set_login($new_login); + } + + # This is used for the single value if use_email_as_login is true, or for + # the email address otherwise. if ($user->authorizer->can_change_email && Bugzilla->params->{"allowemailchange"} - && $new_login_name) + && $new_email + && $user->email ne $new_email) { - if ($user->login ne $new_login_name) { - $verified_password || $user->check_current_password($oldpassword); + $verified_password || $user->check_current_password($oldpassword); - # Block multiple email changes for the same user. - if (Bugzilla::Token::HasEmailChangeToken($user->id)) { - ThrowUserError("email_change_in_progress"); - } + # Block multiple email changes for the same user. + if (Bugzilla::Token::HasEmailChangeToken($user->id)) { + ThrowUserError("email_change_in_progress"); + } - # Before changing an email address, confirm one does not exist. - check_email_syntax($new_login_name); - is_available_username($new_login_name) - || ThrowUserError("account_exists", {email => $new_login_name}); + # Before changing to an email address, confirm it does not exist. + $user->check_email($new_email); - $vars->{'email_token'} = Bugzilla::Token::IssueEmailChangeToken($new_login_name); - $vars->{'email_changes_saved'} = 1; - } + $vars->{'email_token'} = Bugzilla::Token::IssueEmailChangeToken($new_email); + $vars->{'email_changes_saved'} = 1; } - $user->set_name(scalar $cgi->param('realname')); $user->update({ keep_session => 1, keep_tokens => 1 }); $dbh->bz_commit_transaction; |