X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/8a8e54f3f61721b40c60712c4c5c0cefd049502e..4ba3c1159272c8070d5dc962ff1634ad6ba21618:/IkiWiki/Plugin/passwordauth.pm?ds=sidebyside
diff --git a/IkiWiki/Plugin/passwordauth.pm b/IkiWiki/Plugin/passwordauth.pm
index 0cf2a26ea..cfa3ad418 100644
--- a/IkiWiki/Plugin/passwordauth.pm
+++ b/IkiWiki/Plugin/passwordauth.pm
@@ -113,7 +113,7 @@ sub gentoken ($$;$) {
eval q{use CGI::Session};
error($@) if $@;
- my $token = CGI::Session->new->id;
+ my $token = CGI::Session->new("driver:DB_File", undef, {FileName => "/dev/null"})->id;
if (! $reversable) {
setpassword($user, $token, $tokenfield);
}
@@ -231,7 +231,7 @@ sub formbuilder_setup (@) {
$form->field(
name => "password",
validate => sub {
- checkpassword($form->field("name"), shift);
+ checkpassword(scalar $form->field("name"), shift);
},
);
}
@@ -251,6 +251,12 @@ sub formbuilder_setup (@) {
my $name=shift;
length $name &&
$name=~/$config{wiki_file_regexp}/ &&
+ # don't allow registering
+ # accounts that look like
+ # openids, or email
+ # addresses, even if the
+ # file regexp allows it
+ $name!~/[\/:\@]/ &&
! IkiWiki::userinfo_get($name, "regdate");
},
);
@@ -277,7 +283,7 @@ sub formbuilder_setup (@) {
}
elsif ($form->title eq "preferences") {
my $user=$session->param("name");
- if (! IkiWiki::openiduser($user)) {
+ if (! IkiWiki::openiduser($user) && ! IkiWiki::emailuser($user)) {
$form->field(name => "name", disabled => 1,
value => $user, force => 1,
fieldset => "login");
@@ -299,7 +305,7 @@ sub formbuilder_setup (@) {
noimageinline => 1));
}
else {
- $form->text("text(" "edit", page => $userpage).
"\">".gettext("Create your user page")."");
}
@@ -319,16 +325,20 @@ sub formbuilder (@) {
if ($form->title eq "signin" || $form->title eq "register") {
if (($form->submitted && $form->validate) || $do_register) {
+ my $user_name = $form->field('name');
+
if ($form->submitted eq 'Login') {
- $session->param("name", $form->field("name"));
+ $session->param("name", $user_name);
IkiWiki::cgi_postsignin($cgi, $session);
}
elsif ($form->submitted eq 'Create Account') {
- my $user_name=$form->field('name');
+ my $email = $form->field('email');
+ my $password = $form->field('password');
+
if (IkiWiki::userinfo_setall($user_name, {
- 'email' => $form->field('email'),
+ 'email' => $email,
'regdate' => time})) {
- setpassword($user_name, $form->field('password'));
+ setpassword($user_name, $password);
$form->field(name => "confirm_password", type => "hidden");
$form->field(name => "email", type => "hidden");
$form->text(gettext("Account creation successful. Now you can Login."));
@@ -338,7 +348,6 @@ sub formbuilder (@) {
}
}
elsif ($form->submitted eq 'Reset Password') {
- my $user_name=$form->field("name");
my $email=IkiWiki::userinfo_get($user_name, "email");
if (! length $email) {
error(gettext("No email address, so cannot email password reset instructions."));
@@ -349,7 +358,7 @@ sub formbuilder (@) {
my $template=template("passwordmail.tmpl");
$template->param(
user_name => $user_name,
- passwordurl => IkiWiki::cgiurl_abs(
+ passwordurl => IkiWiki::cgiurl_abs_samescheme(
'do' => "reset",
'name' => $user_name,
'token' => $token,
@@ -388,8 +397,9 @@ sub formbuilder (@) {
elsif ($form->title eq "preferences") {
if ($form->submitted eq "Save Preferences" && $form->validate) {
my $user_name=$form->field('name');
- if (defined $form->field("password") && length $form->field("password")) {
- setpassword($user_name, $form->field('password'));
+ my $password=$form->field('password');
+ if (defined $password && length $password) {
+ setpassword($user_name, $password);
}
}
}