[aur-dev] [PATCH 2/3] process_account_form(): Allow using empty passwords

Tue Mar 19 09:05:44 EDT 2013

If an empty password is passed during account registration, login for
the new user is disabled and a reset key is sent to the new user's
e-mail address so that they can set an initial password manually.

Signed-off-by: Lukas Fleischer <archlinux at cryptocrack.de>
---
 web/lib/acctfuncs.inc.php | 38 +++++++++++++++++++++++++-------------
 1 file changed, 25 insertions(+), 13 deletions(-)

diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
index edca8a3..aabb096 100644
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@@ -91,7 +91,7 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
 			$P="",$C="",$R="",$L="",$I="",$K="",$UID=0) {
 
 	# error check and process request for a new/modified account
-	global $SUPPORTED_LANGS;
+	global $SUPPORTED_LANGS, $AUR_LOCATION;
 
 	$dbh = DB::connect();
 
@@ -107,16 +107,8 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
 		$error = __("Missing a required field.");
 	}
 
-	if ($TYPE == "new") {
-		# they need password fields for this type of action
-		#
-		if (empty($P) || empty($C)) {
-			$error = __("Missing a required field.");
-		}
-	} else {
-		if (!$UID) {
-			$error = __("Missing User ID");
-		}
+	if ($TYPE != "new" && !$UID) {
+		$error = __("Missing User ID");
 	}
 
   if (!$error && !valid_username($U) && !user_is_privileged($editor_user))
@@ -190,7 +182,13 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
 		if ($TYPE == "new") {
 			# no errors, go ahead and create the unprivileged user
 			$salt = generate_salt();
-			$P = salted_hash($P, $salt);
+			if (empty($P)) {
+				$send_resetkey = true;
+				$email = $E;
+			} else {
+				$send_resetkey = false;
+				$P = salted_hash($P, $salt);
+			}
 			$U = $dbh->quote($U);
 			$E = $dbh->quote($E);
 			$P = $dbh->quote($P);
@@ -213,7 +211,21 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
 				print __("The account, %s%s%s, has been successfully created.",
 						"<strong>", htmlspecialchars($U,ENT_QUOTES), "</strong>");
 				print "<p>\n";
-				print __("Click on the Login link above to use your account.");
+				if ($send_resetkey) {
+					$body = __('Welcome to %s! In order ' .
+						'to set an initial password ' .
+						'for your new account, ' .
+						'please click the link ' .
+						'below. If the link does ' .
+						'not work try copying and ' .
+						'pasting it into your ' .
+						'browser.',
+						$AUR_LOCATION);
+					send_resetkey($email, $body);
+					print __("A password reset key has been sent to your e-mail address.");
+				} else {
+					print __("Click on the Login link above to use your account.");
+				}
 				print "</p>\n";
 			}
 
-- 
1.8.2.480.g556678c

