From 59285f71c6ed0d4db7d4b0455902130a2d7c83bd Mon Sep 17 00:00:00 2001 From: "lpsolit%gmail.com" <> Date: Sun, 20 Aug 2006 01:11:59 +0000 Subject: Bug 87795: Creating an account should send token and wait for confirmation (prevent user account abuse) - Patch by Frédéric Buclin r=mkanat r=bkor a=myk MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- createaccount.cgi | 19 ++----------------- 1 file changed, 2 insertions(+), 17 deletions(-) (limited to 'createaccount.cgi') diff --git a/createaccount.cgi b/createaccount.cgi index ab011f336..6f325347e 100755 --- a/createaccount.cgi +++ b/createaccount.cgi @@ -60,21 +60,13 @@ unless ($createexp) { my $login = $cgi->param('login'); if (defined($login)) { - # We've been asked to create an account. - my $realname = trim($cgi->param('realname')); - validate_email_syntax($login) || ThrowUserError('illegal_email_address', {addr => $login}); $vars->{'login'} = $login; - $dbh->bz_lock_tables('profiles WRITE', 'profiles_activity WRITE', - 'user_group_map WRITE', 'email_setting WRITE', - 'groups READ', 'tokens READ', 'fielddefs READ'); - if (!is_available_username($login)) { # Account already exists - $dbh->bz_unlock_tables(); $template->process("account/exists.html.tmpl", $vars) || ThrowTemplateError($template->error()); exit; @@ -83,17 +75,10 @@ if (defined($login)) { if ($login !~ /$createexp/) { ThrowUserError("account_creation_disabled"); } - - # Create account - my $password = insert_new_user($login, $realname); - - $dbh->bz_unlock_tables(); - # Clear out the login cookies in case the user is currently logged in. - Bugzilla->logout(); + # Create and send a token for this new account. + Bugzilla::Token::issue_new_user_account_token($login); - Bugzilla::BugMail::MailPassword($login, $password); - $template->process("account/created.html.tmpl", $vars) || ThrowTemplateError($template->error()); exit; -- cgit v1.2.3-24-g4f1b