X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/b199349ffddce2b8afd89567882e182f7ef9bff1..c90bbb50bc629b7c0723aa2433926fb0d59f2fdb:/IkiWiki/Plugin/passwordauth.pm

diff --git a/IkiWiki/Plugin/passwordauth.pm b/IkiWiki/Plugin/passwordauth.pm
index 3bdd9de2e..cfa3ad418 100644
--- a/IkiWiki/Plugin/passwordauth.pm
+++ b/IkiWiki/Plugin/passwordauth.pm
@@ -113,7 +113,7 @@ sub gentoken ($$;$) {
 
 	eval q{use CGI::Session};
 	error($@) if $@;
-	my $token = CGI::Session->new->id;
+	my $token = CGI::Session->new("driver:DB_File", undef, {FileName => "/dev/null"})->id;
 	if (! $reversable) {
 		setpassword($user, $token, $tokenfield);
 	}
@@ -231,7 +231,7 @@ sub formbuilder_setup (@) {
 				$form->field(
 					name => "password",
 					validate => sub {
-						checkpassword($form->field("name"), shift);
+						checkpassword(scalar $form->field("name"), shift);
 					},
 				);
 			}
@@ -305,7 +305,7 @@ sub formbuilder_setup (@) {
 						noimageinline => 1));
 			}
 			else {
-				$form->text("<a href=\"".
+				$form->text("<a rel=\"nofollow\" href=\"".
 					IkiWiki::cgiurl(do => "edit", page => $userpage).
 					"\">".gettext("Create your user page")."</a>");
 			}
@@ -325,16 +325,20 @@ sub formbuilder (@) {
 
 	if ($form->title eq "signin" || $form->title eq "register") {
 		if (($form->submitted && $form->validate) || $do_register) {
+			my $user_name = $form->field('name');
+
 			if ($form->submitted eq 'Login') {
-				$session->param("name", $form->field("name"));
+				$session->param("name", $user_name);
 				IkiWiki::cgi_postsignin($cgi, $session);
 			}
 			elsif ($form->submitted eq 'Create Account') {
-				my $user_name=$form->field('name');
+				my $email = $form->field('email');
+				my $password = $form->field('password');
+
 				if (IkiWiki::userinfo_setall($user_name, {
-				    	'email' => $form->field('email'),
+					'email' => $email,
 					'regdate' => time})) {
-					setpassword($user_name, $form->field('password'));
+					setpassword($user_name, $password);
 					$form->field(name => "confirm_password", type => "hidden");
 					$form->field(name => "email", type => "hidden");
 					$form->text(gettext("Account creation successful. Now you can Login."));
@@ -344,7 +348,6 @@ sub formbuilder (@) {
 				}
 			}
 			elsif ($form->submitted eq 'Reset Password') {
-				my $user_name=$form->field("name");
 				my $email=IkiWiki::userinfo_get($user_name, "email");
 				if (! length $email) {
 					error(gettext("No email address, so cannot email password reset instructions."));
@@ -355,7 +358,7 @@ sub formbuilder (@) {
 				my $template=template("passwordmail.tmpl");
 				$template->param(
 					user_name => $user_name,
-					passwordurl => IkiWiki::cgiurl_abs(
+					passwordurl => IkiWiki::cgiurl_abs_samescheme(
 						'do' => "reset",
 						'name' => $user_name,
 						'token' => $token,
@@ -394,8 +397,9 @@ sub formbuilder (@) {
 	elsif ($form->title eq "preferences") {
 		if ($form->submitted eq "Save Preferences" && $form->validate) {
 			my $user_name=$form->field('name');
-			if (defined $form->field("password") && length $form->field("password")) {
-				setpassword($user_name, $form->field('password'));
+			my $password=$form->field('password');
+			if (defined $password && length $password) {
+				setpassword($user_name, $password);
 			}
 		}
 	}