eval q{use CGI::Session};
error($@) if $@;
- my $token = CGI::Session->new->id;
+ my $token = CGI::Session->new("driver:DB_File", undef, {FileName => "/dev/null"})->id;
if (! $reversable) {
setpassword($user, $token, $tokenfield);
}
$form->field(
name => "password",
validate => sub {
- checkpassword($form->field("name"), shift);
+ checkpassword(scalar $form->field("name"), shift);
},
);
}
my $name=shift;
length $name &&
$name=~/$config{wiki_file_regexp}/ &&
+ # don't allow registering
+ # accounts that look like
+ # openids, or email
+ # addresses, even if the
+ # file regexp allows it
+ $name!~/[\/:\@]/ &&
! IkiWiki::userinfo_get($name, "regdate");
},
);
}
elsif ($form->title eq "preferences") {
my $user=$session->param("name");
- if (! IkiWiki::openiduser($user)) {
+ if (! IkiWiki::openiduser($user) && ! IkiWiki::emailuser($user)) {
$form->field(name => "name", disabled => 1,
value => $user, force => 1,
fieldset => "login");
noimageinline => 1));
}
else {
- $form->text("<a href=\"".
+ $form->text("<a rel=\"nofollow\" href=\"".
IkiWiki::cgiurl(do => "edit", page => $userpage).
"\">".gettext("Create your user page")."</a>");
}
if ($form->title eq "signin" || $form->title eq "register") {
if (($form->submitted && $form->validate) || $do_register) {
+ my $user_name = $form->field('name');
+
if ($form->submitted eq 'Login') {
- $session->param("name", $form->field("name"));
+ $session->param("name", $user_name);
IkiWiki::cgi_postsignin($cgi, $session);
}
elsif ($form->submitted eq 'Create Account') {
- my $user_name=$form->field('name');
+ my $email = $form->field('email');
+ my $password = $form->field('password');
+
if (IkiWiki::userinfo_setall($user_name, {
- 'email' => $form->field('email'),
+ 'email' => $email,
'regdate' => time})) {
- setpassword($user_name, $form->field('password'));
+ setpassword($user_name, $password);
$form->field(name => "confirm_password", type => "hidden");
$form->field(name => "email", type => "hidden");
$form->text(gettext("Account creation successful. Now you can Login."));
}
}
elsif ($form->submitted eq 'Reset Password') {
- my $user_name=$form->field("name");
my $email=IkiWiki::userinfo_get($user_name, "email");
if (! length $email) {
error(gettext("No email address, so cannot email password reset instructions."));
my $template=template("passwordmail.tmpl");
$template->param(
user_name => $user_name,
- passwordurl => IkiWiki::cgiurl_abs(
+ passwordurl => IkiWiki::cgiurl_abs_samescheme(
'do' => "reset",
'name' => $user_name,
'token' => $token,
elsif ($form->title eq "preferences") {
if ($form->submitted eq "Save Preferences" && $form->validate) {
my $user_name=$form->field('name');
- if (defined $form->field("password") && length $form->field("password")) {
- setpassword($user_name, $form->field('password'));
+ my $password=$form->field('password');
+ if (defined $password && length $password) {
+ setpassword($user_name, $password);
}
}
}