From 022265211b1a3b3dad3fcf679756392c3eb6a285 Mon Sep 17 00:00:00 2001
From: "justdave%syndicomm.com" <>
Date: Wed, 11 Jul 2001 12:29:16 +0000
Subject: Fix for bug 77473, bug 74032, and bug 85472: Passwords are no longer
 stored in plaintext in the database.  Passwords are no longer encrypted with
 MySQL's ENCRYPT() function (because it doesn't work on some installs), but
 with Perl's crypt() function.  The crypt-related routines now properly deal
 with salts so that they work on systems that use methods other than UNIX
 crypt to crypt the passwords (such as MD5).  Checksetup.pl will walk through
 your database and re-crypt everyone's passwords based on the plaintext
 password entry, then drop the plaintext password column.  As a consequence of
 no longer having a plaintext password, it is no longer possible to email
 someone their password, so the login screen has been changed to request a
 password reset instead.  The user is emailed a temporary identifying token,
 with a link back to Bugzilla.  They click on the link or paste it into their
 browser and Bugzilla allows them to change their password. Patch by Myk Melez
 <myk@mozilla.org> r= justdave@syndicomm.com, jake@acutex.net

---
 createaccount.cgi | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

(limited to 'createaccount.cgi')

diff --git a/createaccount.cgi b/createaccount.cgi
index c2358d6fd..5b9bfb9f6 100755
--- a/createaccount.cgi
+++ b/createaccount.cgi
@@ -57,13 +57,18 @@ my $realname = $::FORM{'realname'};
 if (defined $login) {
     CheckEmailSyntax($login);
     if (DBname_to_id($login) != 0) {
-	PutHeader("Account exists");
-	print "A bugzilla account for the name <tt>$login</tt> already\n";
-	print "exists.  If you have forgotten the password for it, then\n";
-	print "<a href=query.cgi?GoAheadAndLogIn>click here</a> and use\n";
-	print "the <b>E-mail me a password</b> button.\n";
+        PutHeader("Account Exists");
+        print qq|
+          <form method="get" action="token.cgi">
+            <input type="hidden" name="a" value="reqpw">
+            <input type="hidden" name="loginname" value="$login">
+            A Bugzilla account for <tt>$login</tt> already exists.  If you
+            are the account holder and have forgotten your password, 
+            <input type="submit" value="submit a request to change it">.
+          </form>
+        |;
         PutFooter();
-	exit;
+        exit;
     }
     PutHeader("Account created");
     my $password = InsertNewUser($login, $realname);
-- 
cgit v1.2.3-24-g4f1b