summaryrefslogtreecommitdiffstats
path: root/token.cgi
AgeCommit message (Collapse)AuthorFilesLines
2002-08-26Bug 76923 - Don't |use diagnostics| (its really expensive at startup time)bbaetz%student.usyd.edu.au1-1/+0
r=joel x2
2002-08-10Bug 159901 - token.cgi: localize strings send to message.html.tmpl. Patch by ↵gerv%gerv.net1-12/+4
burnus; r=gerv.
2002-06-17Bug 151053, ConnectToDatabase/quietly_check_login sometimes not calledbbaetz%student.usyd.edu.au1-0/+1
early enough r=mattyt, jouni
2002-04-24Bug 138588 - change to use new template structure. Patch by gerv, r=myk, ↵gerv%gerv.net1-16/+9
afranke.
2002-04-02Remaining pieces of Bug 23067 from yesterday... no idea why the first ↵justdave%syndicomm.com1-1/+128
commit didn't pick these up.
2002-03-16Bug 126789 - templatise token.cgi. r=bbaetz, mattyt.gerv%gerv.net1-61/+29
2002-02-04Bug 95732 - remove logincookies.cryptpassword, and invalidate cookies frombbaetz%student.usyd.edu.au1-0/+2
the db when required instead. (Also fixes bug 58242 as a side effect) r=myk, kiko
2002-01-20Fix for bug 108982: enable taint mode for all user-facing CGI files.justdave%syndicomm.com1-1/+3
Patch by Brad Baetz <bbaetz@student.usyd.edu.au> r= jake, justdave
2001-08-17Fix for bug 95731: "INSERT INTO shadowlog" failed because "Table 'shadowlog' ↵jake%acutex.net1-1/+1
not locked", fixed typo in lock tables command. Patch by Myk Melez <myk@mozilla.org> r= jake@acutex.net
2001-07-11Fix for bug 77473, bug 74032, and bug 85472: Passwords are no longer stored ↵justdave%syndicomm.com1-0/+243
in plaintext in the database. Passwords are no longer encrypted with MySQL's ENCRYPT() function (because it doesn't work on some installs), but with Perl's crypt() function. The crypt-related routines now properly deal with salts so that they work on systems that use methods other than UNIX crypt to crypt the passwords (such as MD5). Checksetup.pl will walk through your database and re-crypt everyone's passwords based on the plaintext password entry, then drop the plaintext password column. As a consequence of no longer having a plaintext password, it is no longer possible to email someone their password, so the login screen has been changed to request a password reset instead. The user is emailed a temporary identifying token, with a link back to Bugzilla. They click on the link or paste it into their browser and Bugzilla allows them to change their password. Patch by Myk Melez <myk@mozilla.org> r= justdave@syndicomm.com, jake@acutex.net