diff options
author | lpsolit%gmail.com <> | 2006-08-20 01:11:59 +0000 |
---|---|---|
committer | lpsolit%gmail.com <> | 2006-08-20 01:11:59 +0000 |
commit | 59285f71c6ed0d4db7d4b0455902130a2d7c83bd (patch) | |
tree | 49e2e47a53bb4ac31c10d3225b5e0a66edc5c126 /createaccount.cgi | |
parent | 9dfdfd787ff4c0afac28b66e67082712ec2a3d92 (diff) | |
download | bugs-59285f71c6ed0d4db7d4b0455902130a2d7c83bd.tar bugs-59285f71c6ed0d4db7d4b0455902130a2d7c83bd.tar.gz bugs-59285f71c6ed0d4db7d4b0455902130a2d7c83bd.tar.bz2 bugs-59285f71c6ed0d4db7d4b0455902130a2d7c83bd.tar.xz bugs-59285f71c6ed0d4db7d4b0455902130a2d7c83bd.zip |
Bug 87795: Creating an account should send token and wait for confirmation (prevent user account abuse) - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat r=bkor a=myk
Diffstat (limited to 'createaccount.cgi')
-rwxr-xr-x | createaccount.cgi | 19 |
1 files changed, 2 insertions, 17 deletions
diff --git a/createaccount.cgi b/createaccount.cgi index ab011f336..6f325347e 100755 --- a/createaccount.cgi +++ b/createaccount.cgi @@ -60,21 +60,13 @@ unless ($createexp) { my $login = $cgi->param('login'); if (defined($login)) { - # We've been asked to create an account. - my $realname = trim($cgi->param('realname')); - validate_email_syntax($login) || ThrowUserError('illegal_email_address', {addr => $login}); $vars->{'login'} = $login; - $dbh->bz_lock_tables('profiles WRITE', 'profiles_activity WRITE', - 'user_group_map WRITE', 'email_setting WRITE', - 'groups READ', 'tokens READ', 'fielddefs READ'); - if (!is_available_username($login)) { # Account already exists - $dbh->bz_unlock_tables(); $template->process("account/exists.html.tmpl", $vars) || ThrowTemplateError($template->error()); exit; @@ -83,17 +75,10 @@ if (defined($login)) { if ($login !~ /$createexp/) { ThrowUserError("account_creation_disabled"); } - - # Create account - my $password = insert_new_user($login, $realname); - - $dbh->bz_unlock_tables(); - # Clear out the login cookies in case the user is currently logged in. - Bugzilla->logout(); + # Create and send a token for this new account. + Bugzilla::Token::issue_new_user_account_token($login); - Bugzilla::BugMail::MailPassword($login, $password); - $template->process("account/created.html.tmpl", $vars) || ThrowTemplateError($template->error()); exit; |