aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Bugzilla/Auth/Verify/LDAP.pm3
-rw-r--r--Bugzilla/User.pm50
-rwxr-xr-xcreateaccount.cgi4
-rw-r--r--globals.pl24
4 files changed, 55 insertions, 26 deletions
diff --git a/Bugzilla/Auth/Verify/LDAP.pm b/Bugzilla/Auth/Verify/LDAP.pm
index d5b115ca0..cda67fb80 100644
--- a/Bugzilla/Auth/Verify/LDAP.pm
+++ b/Bugzilla/Auth/Verify/LDAP.pm
@@ -33,6 +33,7 @@ use strict;
use Bugzilla::Config;
use Bugzilla::Constants;
+use Bugzilla::User qw(insert_new_user);
use Net::LDAP;
@@ -149,7 +150,7 @@ sub authenticate {
if($userRealName eq "") {
$userRealName = $user_entry->get_value("cn");
}
- &::InsertNewUser($username, $userRealName);
+ insert_new_user($username, $userRealName);
($userid, $disabledtext) = $dbh->selectrow_array($sth,
undef,
diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm
index 373a65655..e3990f070 100644
--- a/Bugzilla/User.pm
+++ b/Bugzilla/User.pm
@@ -37,6 +37,10 @@ use Bugzilla::Config;
use Bugzilla::Error;
use Bugzilla::Util;
use Bugzilla::Constants;
+use Bugzilla::Auth;
+
+use Exporter qw(import);
+@Bugzilla::User::EXPORT_OK = qw(insert_new_user);
################################################################################
# Functions
@@ -929,6 +933,31 @@ sub get_userlist {
return $self->{'userlist'};
}
+sub insert_new_user ($$) {
+ my ($username, $realname) = (@_);
+ my $dbh = Bugzilla->dbh;
+
+ # Generate a new random password for the user.
+ my $password = &::GenerateRandomPassword();
+ my $cryptpassword = bz_crypt($password);
+
+ # XXX - These should be moved into ValidateNewUser or CheckEmailSyntax
+ # At the least, they shouldn't be here. They're safe for now, though.
+ trick_taint($username);
+ trick_taint($realname);
+
+ # Insert the new user record into the database.
+ $dbh->do("INSERT INTO profiles
+ (login_name, realname, cryptpassword, emailflags)
+ VALUES (?, ?, ?, ?)",
+ undef,
+ ($username, $realname, $cryptpassword, DEFAULT_EMAIL_SETTINGS));
+
+ # Return the password to the calling code so it can be included
+ # in an email sent to the user.
+ return $password;
+}
+
1;
__END__
@@ -943,6 +972,9 @@ Bugzilla::User - Object for a Bugzilla user
my $user = new Bugzilla::User($id);
+ # Class Functions
+ $random_password = insert_new_user($username, $realname);
+
=head1 DESCRIPTION
This package handles Bugzilla users. Data obtained from here is read-only;
@@ -1135,6 +1167,24 @@ value.
=back
+=head1 CLASS FUNCTIONS
+
+=over4
+
+These are functions that are not called on a User object, but instead are
+called "statically," just like a normal procedural function.
+
+=item C<insert_new_user>
+
+Creates a new user in the database with a random password.
+
+Params: $username (scalar, string) - The login name for the new user.
+ $realname (scalar, string) - The full name for the new user.
+
+Returns: The password that we randomly generated for this user, in plain text.
+
+=back
+
=head1 SEE ALSO
L<Bugzilla|Bugzilla>
diff --git a/createaccount.cgi b/createaccount.cgi
index 2447c1117..6867ea3c4 100755
--- a/createaccount.cgi
+++ b/createaccount.cgi
@@ -30,6 +30,8 @@ use lib qw(.);
require "CGI.pl";
+use Bugzilla::User qw(insert_new_user);
+
# Shut up misguided -w warnings about "used only once":
use vars qw(
$template
@@ -74,7 +76,7 @@ if (defined($login)) {
}
# Create account
- my $password = InsertNewUser($login, $realname);
+ my $password = insert_new_user($login, $realname);
MailPassword($login, $password);
$template->process("account/created.html.tmpl", $vars)
diff --git a/globals.pl b/globals.pl
index 0badac43e..c97467b36 100644
--- a/globals.pl
+++ b/globals.pl
@@ -410,30 +410,6 @@ sub ValidateNewUser {
return 1;
}
-sub InsertNewUser {
- my ($username, $realname) = (@_);
-
- # Generate a new random password for the user.
- my $password = GenerateRandomPassword();
- my $cryptpassword = bz_crypt($password);
-
-
- my $defaultflagstring = SqlQuote(Bugzilla::Constants::DEFAULT_EMAIL_SETTINGS);
-
- # Insert the new user record into the database.
- $username = SqlQuote($username);
- $realname = SqlQuote($realname);
- $cryptpassword = SqlQuote($cryptpassword);
- PushGlobalSQLState();
- SendSQL("INSERT INTO profiles (login_name, realname, cryptpassword, emailflags)
- VALUES ($username, $realname, $cryptpassword, $defaultflagstring)");
- PopGlobalSQLState();
-
- # Return the password to the calling code so it can be included
- # in an email sent to the user.
- return $password;
-}
-
sub GenerateRandomPassword {
my $size = (shift or 10); # default to 10 chars if nothing specified
return join("", map{ ('0'..'9','a'..'z','A'..'Z')[rand 62] } (1..$size));