[aur-dev] [PATCH 2/3] process_account_form(): Allow using empty passwords
Lukas Fleischer
archlinux at cryptocrack.de
Tue Mar 19 09:05:44 EDT 2013
If an empty password is passed during account registration, login for
the new user is disabled and a reset key is sent to the new user's
e-mail address so that they can set an initial password manually.
Signed-off-by: Lukas Fleischer <archlinux at cryptocrack.de>
---
web/lib/acctfuncs.inc.php | 38 +++++++++++++++++++++++++-------------
1 file changed, 25 insertions(+), 13 deletions(-)
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
index edca8a3..aabb096 100644
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@@ -91,7 +91,7 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
$P="",$C="",$R="",$L="",$I="",$K="",$UID=0) {
# error check and process request for a new/modified account
- global $SUPPORTED_LANGS;
+ global $SUPPORTED_LANGS, $AUR_LOCATION;
$dbh = DB::connect();
@@ -107,16 +107,8 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
$error = __("Missing a required field.");
}
- if ($TYPE == "new") {
- # they need password fields for this type of action
- #
- if (empty($P) || empty($C)) {
- $error = __("Missing a required field.");
- }
- } else {
- if (!$UID) {
- $error = __("Missing User ID");
- }
+ if ($TYPE != "new" && !$UID) {
+ $error = __("Missing User ID");
}
if (!$error && !valid_username($U) && !user_is_privileged($editor_user))
@@ -190,7 +182,13 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
if ($TYPE == "new") {
# no errors, go ahead and create the unprivileged user
$salt = generate_salt();
- $P = salted_hash($P, $salt);
+ if (empty($P)) {
+ $send_resetkey = true;
+ $email = $E;
+ } else {
+ $send_resetkey = false;
+ $P = salted_hash($P, $salt);
+ }
$U = $dbh->quote($U);
$E = $dbh->quote($E);
$P = $dbh->quote($P);
@@ -213,7 +211,21 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
print __("The account, %s%s%s, has been successfully created.",
"<strong>", htmlspecialchars($U,ENT_QUOTES), "</strong>");
print "<p>\n";
- print __("Click on the Login link above to use your account.");
+ if ($send_resetkey) {
+ $body = __('Welcome to %s! In order ' .
+ 'to set an initial password ' .
+ 'for your new account, ' .
+ 'please click the link ' .
+ 'below. If the link does ' .
+ 'not work try copying and ' .
+ 'pasting it into your ' .
+ 'browser.',
+ $AUR_LOCATION);
+ send_resetkey($email, $body);
+ print __("A password reset key has been sent to your e-mail address.");
+ } else {
+ print __("Click on the Login link above to use your account.");
+ }
print "</p>\n";
}
--
1.8.2.480.g556678c
More information about the aur-dev
mailing list