From 59285f71c6ed0d4db7d4b0455902130a2d7c83bd Mon Sep 17 00:00:00 2001 From: "lpsolit%gmail.com" <> Date: Sun, 20 Aug 2006 01:11:59 +0000 Subject: Bug 87795: Creating an account should send token and wait for confirmation (prevent user account abuse) - Patch by Frédéric Buclin r=mkanat r=bkor a=myk MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../en/default/account/email/confirm-new.html.tmpl | 64 ++++++++++++++++++++++ .../en/default/account/email/request-new.txt.tmpl | 44 +++++++++++++++ 2 files changed, 108 insertions(+) create mode 100644 template/en/default/account/email/confirm-new.html.tmpl create mode 100644 template/en/default/account/email/request-new.txt.tmpl (limited to 'template/en/default/account/email') diff --git a/template/en/default/account/email/confirm-new.html.tmpl b/template/en/default/account/email/confirm-new.html.tmpl new file mode 100644 index 000000000..0e9ab98e5 --- /dev/null +++ b/template/en/default/account/email/confirm-new.html.tmpl @@ -0,0 +1,64 @@ +[%# 1.0@bugzilla.org %] +[%# The contents of this file are subject to the Mozilla Public + # License Version 1.1 (the "License"); you may not use this file + # except in compliance with the License. You may obtain a copy of + # the License at http://www.mozilla.org/MPL/ + # + # Software distributed under the License is distributed on an "AS + # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + # implied. See the License for the specific language governing + # rights and limitations under the License. + # + # The Original Code is the Bugzilla Bug Tracking System. + # + # Contributor(s): Frédéric Buclin + #%] + +[%# INTERFACE: + # token: string. The token to be used in the user account creation. + # email: email address of the user account. + # date: creation date of the token. + #%] + +[% title = BLOCK %]Create a new user account for '[% email FILTER html %]'[% END %] +[% PROCESS "global/header.html.tmpl" + title = title + onload = "document.forms['confirm_account_form'].realname.focus();" %] + +[% expiration_ts = date + (constants.MAX_TOKEN_AGE * 86400) %] +
+ To complete the creation of your user account, you must choose a password in the + form below. You can also enter your real name, which is optional.

+ If you don't fill this form before + [%+ time2str("%H:%M on the %o of %B, %Y", expiration_ts) %], the creation + of this account will be automatically cancelled. +

+ +
+ + + + + + + + + + + + + + + + + + + + + + + +
Email Address:[% email FILTER html %]
:
:
:
 
+
+ +[% PROCESS global/footer.html.tmpl %] diff --git a/template/en/default/account/email/request-new.txt.tmpl b/template/en/default/account/email/request-new.txt.tmpl new file mode 100644 index 000000000..85fdec157 --- /dev/null +++ b/template/en/default/account/email/request-new.txt.tmpl @@ -0,0 +1,44 @@ +[%# 1.0@bugzilla.org %] +[%# The contents of this file are subject to the Mozilla Public + # License Version 1.1 (the "License"); you may not use this file + # except in compliance with the License. You may obtain a copy of + # the License at http://www.mozilla.org/MPL/ + # + # Software distributed under the License is distributed on an "AS + # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + # implied. See the License for the specific language governing + # rights and limitations under the License. + # + # The Original Code is the Bugzilla Bug Tracking System. + # + # Contributor(s): Frédéric Buclin + #%] + +[%# INTERFACE: + # token: random string used to authenticate the transaction. + # token_ts: creation date of the token. + # email: email address of the new account. + #%] + +[% PROCESS global/variables.none.tmpl %] + +[% expiration_ts = token_ts + (constants.MAX_TOKEN_AGE * 86400) %] +From: bugzilla-admin-daemon +To: [% email %] +Subject: [% terms.Bugzilla %]: confirm account creation + +[%+ terms.Bugzilla %] has received a request to create a user account +using your email address ([% email %]). + +To confirm that you want to create an account using that email address, +visit the following link: + +[%+ Param('urlbase') %]token.cgi?t=[% token FILTER url_quote %]&a=request_new_account + +If you are not the person who made this request, or you wish to cancel +this request, visit the following link: + +[%+ Param('urlbase') %]token.cgi?t=[% token FILTER url_quote %]&a=cancel_new_account + +If you do nothing, the request will lapse after [%+ constants.MAX_TOKEN_AGE %] days +(at precisely [%+ time2str("%H:%M on the %o of %B, %Y", expiration_ts) %]). -- cgit v1.2.3-24-g4f1b