]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - IkiWiki/Plugin/passwordauth.pm
cherry-pick uri security fix
[git.ikiwiki.info.git] / IkiWiki / Plugin / passwordauth.pm
index 1aac17a9ebcf326f48771799c06826076b28566a..af16c27542257de13251adae31acdd6578d31b95 100644 (file)
@@ -4,7 +4,7 @@ package IkiWiki::Plugin::passwordauth;
 
 use warnings;
 use strict;
 
 use warnings;
 use strict;
-use IkiWiki;
+use IkiWiki 2.00;
 
 sub import { #{{{
         hook(type => "formbuilder_setup", id => "passwordauth",
 
 sub import { #{{{
         hook(type => "formbuilder_setup", id => "passwordauth",
@@ -21,14 +21,26 @@ sub formbuilder_setup (@) { #{{{
        my $cgi=$params{cgi};
 
        if ($form->title eq "signin" || $form->title eq "register") {
        my $cgi=$params{cgi};
 
        if ($form->title eq "signin" || $form->title eq "register") {
-               $form->field(name => "name", required => 0, size => 30);
+               $form->field(name => "name", required => 0);
                $form->field(name => "password", type => "password", required => 0);
                
                if ($form->submitted eq "Register" || $form->submitted eq "Create Account") {
                        $form->field(name => "confirm_password", type => "password");
                $form->field(name => "password", type => "password", required => 0);
                
                if ($form->submitted eq "Register" || $form->submitted eq "Create Account") {
                        $form->field(name => "confirm_password", type => "password");
+                       $form->field(name => "account_creation_password", type => "password") if (length $config{account_creation_password});
                        $form->field(name => "email", size => 50);
                        $form->title("register");
                        $form->text("");
                        $form->field(name => "email", size => 50);
                        $form->title("register");
                        $form->text("");
+               
+                       $form->field(name => "confirm_password",
+                               validate => sub {
+                                       shift eq $form->field("password");
+                               },
+                       );
+                       $form->field(name => "password",
+                               validate => sub {
+                                       shift eq $form->field("confirm_password");
+                               },
+                       );
                }
 
                if ($form->submitted) {
                }
 
                if ($form->submitted) {
@@ -46,11 +58,12 @@ sub formbuilder_setup (@) { #{{{
        
                        if ($submittype eq "Create Account") {
                                $form->field(
        
                        if ($submittype eq "Create Account") {
                                $form->field(
-                                       name => "confirm_password",
+                                       name => "account_creation_password",
                                        validate => sub {
                                        validate => sub {
-                                               shift eq $form->field("password");
+                                               shift eq $config{account_creation_password};
                                        },
                                        },
-                               );
+                                       required => 1,
+                               ) if (length $config{account_creation_password});
                                $form->field(
                                        name => "email",
                                        validate => "EMAIL",
                                $form->field(
                                        name => "email",
                                        validate => "EMAIL",
@@ -101,21 +114,26 @@ sub formbuilder_setup (@) { #{{{
                }
                else {
                        # First time settings.
                }
                else {
                        # First time settings.
-                       $form->field(name => "name", comment => "(use FirstnameLastName)");
+                       $form->field(name => "name");
                        if ($session->param("name")) {
                                $form->field(name => "name", value => $session->param("name"));
                        }
                }
        }
        elsif ($form->title eq "preferences") {
                        if ($session->param("name")) {
                                $form->field(name => "name", value => $session->param("name"));
                        }
                }
        }
        elsif ($form->title eq "preferences") {
-               $form->field(name => "name", disabled => 1, value =>
-                       $session->param("name"), force => 1);
-               $form->field(name => "password", type => "password");
+               $form->field(name => "name", disabled => 1, 
+                       value => $session->param("name"), force => 1,
+                       fieldset => "login");
+               $form->field(name => "password", type => "password",
+                       fieldset => "login",
+                       validate => sub {
+                               shift eq $form->field("confirm_password");
+                       }),
                $form->field(name => "confirm_password", type => "password",
                $form->field(name => "confirm_password", type => "password",
+                       fieldset => "login",
                        validate => sub {
                                shift eq $form->field("password");
                        validate => sub {
                                shift eq $form->field("password");
-                       });
-               
+                       }),
        }
 }
 
        }
 }
 
@@ -141,10 +159,10 @@ sub formbuilder (@) { #{{{
                                        'regdate' => time})) {
                                        $form->field(name => "confirm_password", type => "hidden");
                                        $form->field(name => "email", type => "hidden");
                                        'regdate' => time})) {
                                        $form->field(name => "confirm_password", type => "hidden");
                                        $form->field(name => "email", type => "hidden");
-                                       $form->text("Account creation successful. Now you can Login.");
+                                       $form->text(gettext("Account creation successful. Now you can Login."));
                                }
                                else {
                                }
                                else {
-                                       error("Error creating account.");
+                                       error(gettext("Error creating account."));
                                }
                        }
                        elsif ($form->submitted eq 'Mail Password') {
                                }
                        }
                        elsif ($form->submitted eq 'Mail Password') {
@@ -165,9 +183,9 @@ sub formbuilder (@) { #{{{
                                        From => "$config{wikiname} admin <$config{adminemail}>",
                                        Subject => "$config{wikiname} information",
                                        Message => $template->output,
                                        From => "$config{wikiname} admin <$config{adminemail}>",
                                        Subject => "$config{wikiname} information",
                                        Message => $template->output,
-                               ) or error("Failed to send mail");
+                               ) or error(gettext("Failed to send mail"));
                        
                        
-                               $form->text("Your password has been emailed to you.");
+                               $form->text(gettext("Your password has been emailed to you."));
                                $form->field(name => "name", required => 0);
                                push @$buttons, "Mail Password";
                        }
                                $form->field(name => "name", required => 0);
                                push @$buttons, "Mail Password";
                        }
@@ -187,14 +205,12 @@ sub formbuilder (@) { #{{{
                        my $user_name=$form->field('name');
                        foreach my $field (qw(password)) {
                                if (defined $form->field($field) && length $form->field($field)) {
                        my $user_name=$form->field('name');
                        foreach my $field (qw(password)) {
                                if (defined $form->field($field) && length $form->field($field)) {
-                                       userinfo_set($user_name, $field, $form->field($field)) || error("failed to set $field");
+                                       IkiWiki::userinfo_set($user_name, $field, $form->field($field)) ||
+                                               error("failed to set $field");
                                }
                        }
                }
        }
                                }
                        }
                }
        }
-       
-       IkiWiki::printheader($session);
-       print IkiWiki::misctemplate($form->title, $form->render(submit => $buttons));
 } #}}}
 
 1
 } #}}}
 
 1