summaryrefslogtreecommitdiffstats
path: root/web/lib
diff options
context:
space:
mode:
authorLukas Fleischer <archlinux@cryptocrack.de>2013-03-19 13:37:56 +0100
committerLukas Fleischer <archlinux@cryptocrack.de>2013-03-19 14:03:34 +0100
commit97dd4b0f4de69e63e7924ba9ecb726b3c07008f4 (patch)
treef0402db0beb636a199801e81ba2619d3d6b078a3 /web/lib
parent5d31bb24502536d53968f1ba0062d2b0aedb11c5 (diff)
downloadaurweb-97dd4b0f4de69e63e7924ba9ecb726b3c07008f4.tar.xz
process_account_form(): Allow using empty passwords
If an empty password is passed during account registration, login for the new user is disabled and a reset key is sent to the new user's e-mail address so that they can set an initial password manually. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web/lib')
-rw-r--r--web/lib/acctfuncs.inc.php38
1 files changed, 25 insertions, 13 deletions
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
index edca8a3..aabb096 100644
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@@ -91,7 +91,7 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
$P="",$C="",$R="",$L="",$I="",$K="",$UID=0) {
# error check and process request for a new/modified account
- global $SUPPORTED_LANGS;
+ global $SUPPORTED_LANGS, $AUR_LOCATION;
$dbh = DB::connect();
@@ -107,16 +107,8 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
$error = __("Missing a required field.");
}
- if ($TYPE == "new") {
- # they need password fields for this type of action
- #
- if (empty($P) || empty($C)) {
- $error = __("Missing a required field.");
- }
- } else {
- if (!$UID) {
- $error = __("Missing User ID");
- }
+ if ($TYPE != "new" && !$UID) {
+ $error = __("Missing User ID");
}
if (!$error && !valid_username($U) && !user_is_privileged($editor_user))
@@ -190,7 +182,13 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
if ($TYPE == "new") {
# no errors, go ahead and create the unprivileged user
$salt = generate_salt();
- $P = salted_hash($P, $salt);
+ if (empty($P)) {
+ $send_resetkey = true;
+ $email = $E;
+ } else {
+ $send_resetkey = false;
+ $P = salted_hash($P, $salt);
+ }
$U = $dbh->quote($U);
$E = $dbh->quote($E);
$P = $dbh->quote($P);
@@ -213,7 +211,21 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
print __("The account, %s%s%s, has been successfully created.",
"<strong>", htmlspecialchars($U,ENT_QUOTES), "</strong>");
print "<p>\n";
- print __("Click on the Login link above to use your account.");
+ if ($send_resetkey) {
+ $body = __('Welcome to %s! In order ' .
+ 'to set an initial password ' .
+ 'for your new account, ' .
+ 'please click the link ' .
+ 'below. If the link does ' .
+ 'not work try copying and ' .
+ 'pasting it into your ' .
+ 'browser.',
+ $AUR_LOCATION);
+ send_resetkey($email, $body);
+ print __("A password reset key has been sent to your e-mail address.");
+ } else {
+ print __("Click on the Login link above to use your account.");
+ }
print "</p>\n";
}