external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

process_account_form(): Allow using empty passwords

Browse source 
If an empty password is passed during account registration, login for
the new user is disabled and a reset key is sent to the new user's
e-mail address so that they can set an initial password manually.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This commit is contained in:
Lukas Fleischer 2013-03-19 13:37:56 +01:00
parent 5d31bb2450
commit 97dd4b0f4d
1 changed files with 25 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
web/lib/acctfuncs.inc.php
View file

@ -91,7 +91,7 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
$P="",$C="",$R="",$L="",$I="",$K="",$UID=0) { $P="",$C="",$R="",$L="",$I="",$K="",$UID=0) {
# error check and process request for a new/modified account # error check and process request for a new/modified account
global $SUPPORTED_LANGS; global $SUPPORTED_LANGS, $AUR_LOCATION;
$dbh = DB::connect(); $dbh = DB::connect();
@ -107,16 +107,8 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
$error = __("Missing a required field."); $error = __("Missing a required field.");
} }
if ($TYPE == "new") { if ($TYPE != "new" && !$UID) {
# they need password fields for this type of action $error = __("Missing User ID");
#
if (empty($P) || empty($C)) {
$error = __("Missing a required field.");
}
} else {
if (!$UID) {
$error = __("Missing User ID");
}
} }
if (!$error && !valid_username($U) && !user_is_privileged($editor_user)) if (!$error && !valid_username($U) && !user_is_privileged($editor_user))
@ -190,7 +182,13 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
if ($TYPE == "new") { if ($TYPE == "new") {
# no errors, go ahead and create the unprivileged user # no errors, go ahead and create the unprivileged user
$salt = generate_salt(); $salt = generate_salt();
$P = salted_hash($P, $salt); if (empty($P)) {
$send_resetkey = true;
$email = $E;
} else {
$send_resetkey = false;
$P = salted_hash($P, $salt);
}
$U = $dbh->quote($U); $U = $dbh->quote($U);
$E = $dbh->quote($E); $E = $dbh->quote($E);
$P = $dbh->quote($P); $P = $dbh->quote($P);
@ -213,7 +211,21 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
print __("The account, %s%s%s, has been successfully created.", print __("The account, %s%s%s, has been successfully created.",
"<strong>", htmlspecialchars($U,ENT_QUOTES), "</strong>"); "<strong>", htmlspecialchars($U,ENT_QUOTES), "</strong>");
print "<p>\n"; print "<p>\n";
print __("Click on the Login link above to use your account."); if ($send_resetkey) {
$body = __('Welcome to %s! In order ' .
'to set an initial password ' .
'for your new account, ' .
'please click the link ' .
'below. If the link does ' .
'not work try copying and ' .
'pasting it into your ' .
'browser.',
$AUR_LOCATION);
send_resetkey($email, $body);
print __("A password reset key has been sent to your e-mail address.");
} else {
print __("Click on the Login link above to use your account.");
}
print "</p>\n"; print "</p>\n";
} }