Fossil SCM
Add a non-functioning place-holder button to request a password reset to the /register page.
Commit
5c62a2c3a78e94cd847bc95b03f8899bc025622ab74b95569660e33ca543828f
Parent
ac86dfa085cd5ee…
1 file changed
+85
-16
+85
-16
| --- src/login.c | ||
| +++ src/login.c | ||
| @@ -927,20 +927,29 @@ | ||
| 927 | 927 | ** Generate and verify a /resetpw URL for user UID. |
| 928 | 928 | */ |
| 929 | 929 | void test_resetpw_url(void){ |
| 930 | 930 | char *zSuffix; |
| 931 | 931 | int uid; |
| 932 | + int xuid; | |
| 933 | + char *zLogin; | |
| 932 | 934 | db_find_and_open_repository(0, 0); |
| 933 | 935 | verify_all_options(); |
| 934 | 936 | if( g.argc!=3 ){ |
| 935 | 937 | usage("UID"); |
| 936 | 938 | } |
| 937 | 939 | uid = atoi(g.argv[2]); |
| 938 | 940 | zSuffix = login_resetpw_suffix(uid, 0); |
| 939 | - fossil_print("/resetpw/%s %d\n", zSuffix, | |
| 940 | - login_resetpw_suffix_is_valid(zSuffix)); | |
| 941 | + xuid = login_resetpw_suffix_is_valid(zSuffix); | |
| 942 | + if( xuid>0 ){ | |
| 943 | + zLogin = db_text(0, "SELECT login FROM user WHERE uid=%d", xuid); | |
| 944 | + }else{ | |
| 945 | + zLogin = 0; | |
| 946 | + } | |
| 947 | + fossil_print("/resetpw/%s %d (%s)\n", | |
| 948 | + zSuffix, xuid, zLogin ? zLogin : "???"); | |
| 941 | 949 | fossil_free(zSuffix); |
| 950 | + fossil_free(zLogin); | |
| 942 | 951 | } |
| 943 | 952 | |
| 944 | 953 | /* |
| 945 | 954 | ** WEBPAGE: resetpw |
| 946 | 955 | ** |
| @@ -1785,10 +1794,75 @@ | ||
| 1785 | 1794 | zUserID, zUserID, zUserID |
| 1786 | 1795 | ); |
| 1787 | 1796 | return rc; |
| 1788 | 1797 | } |
| 1789 | 1798 | |
| 1799 | +/* | |
| 1800 | +** zEMail is an email address. (Example: "[email protected]".) This routine | |
| 1801 | +** searches for a user or subscriber that has that email address. If the | |
| 1802 | +** email address is used no-where in the system, return 0. If the email | |
| 1803 | +** address is assigned to a particular user return the UID for that user. | |
| 1804 | +** If the email address is used, but not by a particular user, return -1. | |
| 1805 | +*/ | |
| 1806 | +static int email_address_in_use(const char *zEMail){ | |
| 1807 | + int uid; | |
| 1808 | + uid = db_int(0, | |
| 1809 | + "SELECT uid FROM user" | |
| 1810 | + " WHERE info LIKE '%%<%q>%%'", zEMail); | |
| 1811 | + if( uid>0 ){ | |
| 1812 | + if( db_exists("SELECT 1 FROM user WHERE uid=%d AND (" | |
| 1813 | + " cap GLOB '*[as]*' OR" | |
| 1814 | + " find_emailaddr(info)<>%Q COLLATE nocase)", | |
| 1815 | + uid, zEMail) ){ | |
| 1816 | + uid = -1; | |
| 1817 | + } | |
| 1818 | + } | |
| 1819 | + if( uid==0 && alert_tables_exist() ){ | |
| 1820 | + uid = db_int(0, | |
| 1821 | + "SELECT user.uid FROM subscriber JOIN user ON login=suname" | |
| 1822 | + " WHERE semail=%Q AND sverified", zEMail); | |
| 1823 | + if( uid ){ | |
| 1824 | + if( db_exists("SELECT 1 FROM user WHERE uid=%d AND " | |
| 1825 | + " cap GLOB '*[as]*'", | |
| 1826 | + uid) ){ | |
| 1827 | + uid = -1; | |
| 1828 | + } | |
| 1829 | + } | |
| 1830 | + } | |
| 1831 | + return uid; | |
| 1832 | +} | |
| 1833 | + | |
| 1834 | +/* | |
| 1835 | +** COMMAND: test-email-used | |
| 1836 | +** Usage: fossil test-email-used EMAIL ... | |
| 1837 | +** | |
| 1838 | +** Given a list of email addresses, show the UID and LOGIN associated | |
| 1839 | +** with each one. | |
| 1840 | +*/ | |
| 1841 | +void test_email_used(void){ | |
| 1842 | + int i; | |
| 1843 | + db_find_and_open_repository(0, 0); | |
| 1844 | + verify_all_options(); | |
| 1845 | + if( g.argc<3 ){ | |
| 1846 | + usage("EMAIL ..."); | |
| 1847 | + } | |
| 1848 | + for(i=2; i<g.argc; i++){ | |
| 1849 | + const char *zEMail = g.argv[i]; | |
| 1850 | + int uid = email_address_in_use(zEMail); | |
| 1851 | + if( uid==0 ){ | |
| 1852 | + fossil_print("%s: not used\n", zEMail); | |
| 1853 | + }else if( uid<0 ){ | |
| 1854 | + fossil_print("%s: used but no password reset is available\n", zEMail); | |
| 1855 | + }else{ | |
| 1856 | + char *zLogin = db_text(0, "SELECT login FROM user WHERE uid=%d", uid); | |
| 1857 | + fossil_print("%s: UID %d (%s)\n", zEMail, uid, zLogin); | |
| 1858 | + fossil_free(zLogin); | |
| 1859 | + } | |
| 1860 | + } | |
| 1861 | +} | |
| 1862 | + | |
| 1863 | + | |
| 1790 | 1864 | /* |
| 1791 | 1865 | ** Check an email address and confirm that it is valid for self-registration. |
| 1792 | 1866 | ** The email address is known already to be well-formed. Return true |
| 1793 | 1867 | ** if the email address is on the allowed list. |
| 1794 | 1868 | ** |
| @@ -1826,10 +1900,11 @@ | ||
| 1826 | 1900 | const char *zDName; |
| 1827 | 1901 | unsigned int uSeed; |
| 1828 | 1902 | const char *zDecoded; |
| 1829 | 1903 | int iErrLine = -1; |
| 1830 | 1904 | const char *zErr = 0; |
| 1905 | + int uid = 0; /* User id with the same email */ | |
| 1831 | 1906 | int captchaIsCorrect = 0; /* True on a correct captcha */ |
| 1832 | 1907 | char *zCaptcha = ""; /* Value of the captcha text */ |
| 1833 | 1908 | char *zPerms; /* Permissions for the default user */ |
| 1834 | 1909 | int canDoAlerts = 0; /* True if receiving email alerts is possible */ |
| 1835 | 1910 | int doAlerts = 0; /* True if subscription is wanted too */ |
| @@ -1884,26 +1959,16 @@ | ||
| 1884 | 1959 | iErrLine = 4; |
| 1885 | 1960 | zErr = "Password must be at least 6 characters long"; |
| 1886 | 1961 | }else if( fossil_strcmp(zPasswd,zConfirm)!=0 ){ |
| 1887 | 1962 | iErrLine = 5; |
| 1888 | 1963 | zErr = "Passwords do not match"; |
| 1964 | + }else if( (uid = email_address_in_use(zEAddr))!=0 ){ | |
| 1965 | + iErrLine = 3; | |
| 1966 | + zErr = "This email address is already associated with a user"; | |
| 1889 | 1967 | }else if( login_self_choosen_userid_already_exists(zUserID) ){ |
| 1890 | 1968 | iErrLine = 1; |
| 1891 | 1969 | zErr = "This User ID is already taken. Choose something different."; |
| 1892 | - }else if( | |
| 1893 | - /* If the email is found anywhere in USER.INFO... */ | |
| 1894 | - db_exists("SELECT 1 FROM user WHERE info LIKE '%%%q%%'", zEAddr) | |
| 1895 | - || | |
| 1896 | - /* Or if the email is a verify subscriber email with an associated | |
| 1897 | - ** user... */ | |
| 1898 | - (alert_tables_exist() && | |
| 1899 | - db_exists( | |
| 1900 | - "SELECT 1 FROM subscriber WHERE semail=%Q AND suname IS NOT NULL" | |
| 1901 | - " AND sverified",zEAddr)) | |
| 1902 | - ){ | |
| 1903 | - iErrLine = 3; | |
| 1904 | - zErr = "This email address is already claimed by another user"; | |
| 1905 | 1970 | }else{ |
| 1906 | 1971 | /* If all of the tests above have passed, that means that the submitted |
| 1907 | 1972 | ** form contains valid data and we can proceed to create the new login */ |
| 1908 | 1973 | Blob sql; |
| 1909 | 1974 | int uid; |
| @@ -2037,11 +2102,15 @@ | ||
| 2037 | 2102 | @ <td class="form_label" align="right" id="emaddr">Email Address:</td> |
| 2038 | 2103 | @ <td><input aria-labelledby="emaddr" type="text" name="ea" \ |
| 2039 | 2104 | @ value="%h(zEAddr)" size="30"></td> |
| 2040 | 2105 | @ </tr> |
| 2041 | 2106 | if( iErrLine==3 ){ |
| 2042 | - @ <tr><td><td><span class='loginError'>↑ %h(zErr)</span></td></tr> | |
| 2107 | + @ <tr><td><td><span class='loginError'>↑ %h(zErr)</span> | |
| 2108 | + if( uid>0 ){ | |
| 2109 | + @ <br /><button>ToDo: Request Password Reset For UID %d(uid)</button> | |
| 2110 | + } | |
| 2111 | + @ </td></tr> | |
| 2043 | 2112 | } |
| 2044 | 2113 | if( canDoAlerts ){ |
| 2045 | 2114 | int a = atoi(PD("alerts","1")); |
| 2046 | 2115 | @ <tr> |
| 2047 | 2116 | @ <td class="form_label" align="right" id="emalrt">Email Alerts?</td> |
| 2048 | 2117 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -927,20 +927,29 @@ | |
| 927 | ** Generate and verify a /resetpw URL for user UID. |
| 928 | */ |
| 929 | void test_resetpw_url(void){ |
| 930 | char *zSuffix; |
| 931 | int uid; |
| 932 | db_find_and_open_repository(0, 0); |
| 933 | verify_all_options(); |
| 934 | if( g.argc!=3 ){ |
| 935 | usage("UID"); |
| 936 | } |
| 937 | uid = atoi(g.argv[2]); |
| 938 | zSuffix = login_resetpw_suffix(uid, 0); |
| 939 | fossil_print("/resetpw/%s %d\n", zSuffix, |
| 940 | login_resetpw_suffix_is_valid(zSuffix)); |
| 941 | fossil_free(zSuffix); |
| 942 | } |
| 943 | |
| 944 | /* |
| 945 | ** WEBPAGE: resetpw |
| 946 | ** |
| @@ -1785,10 +1794,75 @@ | |
| 1785 | zUserID, zUserID, zUserID |
| 1786 | ); |
| 1787 | return rc; |
| 1788 | } |
| 1789 | |
| 1790 | /* |
| 1791 | ** Check an email address and confirm that it is valid for self-registration. |
| 1792 | ** The email address is known already to be well-formed. Return true |
| 1793 | ** if the email address is on the allowed list. |
| 1794 | ** |
| @@ -1826,10 +1900,11 @@ | |
| 1826 | const char *zDName; |
| 1827 | unsigned int uSeed; |
| 1828 | const char *zDecoded; |
| 1829 | int iErrLine = -1; |
| 1830 | const char *zErr = 0; |
| 1831 | int captchaIsCorrect = 0; /* True on a correct captcha */ |
| 1832 | char *zCaptcha = ""; /* Value of the captcha text */ |
| 1833 | char *zPerms; /* Permissions for the default user */ |
| 1834 | int canDoAlerts = 0; /* True if receiving email alerts is possible */ |
| 1835 | int doAlerts = 0; /* True if subscription is wanted too */ |
| @@ -1884,26 +1959,16 @@ | |
| 1884 | iErrLine = 4; |
| 1885 | zErr = "Password must be at least 6 characters long"; |
| 1886 | }else if( fossil_strcmp(zPasswd,zConfirm)!=0 ){ |
| 1887 | iErrLine = 5; |
| 1888 | zErr = "Passwords do not match"; |
| 1889 | }else if( login_self_choosen_userid_already_exists(zUserID) ){ |
| 1890 | iErrLine = 1; |
| 1891 | zErr = "This User ID is already taken. Choose something different."; |
| 1892 | }else if( |
| 1893 | /* If the email is found anywhere in USER.INFO... */ |
| 1894 | db_exists("SELECT 1 FROM user WHERE info LIKE '%%%q%%'", zEAddr) |
| 1895 | || |
| 1896 | /* Or if the email is a verify subscriber email with an associated |
| 1897 | ** user... */ |
| 1898 | (alert_tables_exist() && |
| 1899 | db_exists( |
| 1900 | "SELECT 1 FROM subscriber WHERE semail=%Q AND suname IS NOT NULL" |
| 1901 | " AND sverified",zEAddr)) |
| 1902 | ){ |
| 1903 | iErrLine = 3; |
| 1904 | zErr = "This email address is already claimed by another user"; |
| 1905 | }else{ |
| 1906 | /* If all of the tests above have passed, that means that the submitted |
| 1907 | ** form contains valid data and we can proceed to create the new login */ |
| 1908 | Blob sql; |
| 1909 | int uid; |
| @@ -2037,11 +2102,15 @@ | |
| 2037 | @ <td class="form_label" align="right" id="emaddr">Email Address:</td> |
| 2038 | @ <td><input aria-labelledby="emaddr" type="text" name="ea" \ |
| 2039 | @ value="%h(zEAddr)" size="30"></td> |
| 2040 | @ </tr> |
| 2041 | if( iErrLine==3 ){ |
| 2042 | @ <tr><td><td><span class='loginError'>↑ %h(zErr)</span></td></tr> |
| 2043 | } |
| 2044 | if( canDoAlerts ){ |
| 2045 | int a = atoi(PD("alerts","1")); |
| 2046 | @ <tr> |
| 2047 | @ <td class="form_label" align="right" id="emalrt">Email Alerts?</td> |
| 2048 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -927,20 +927,29 @@ | |
| 927 | ** Generate and verify a /resetpw URL for user UID. |
| 928 | */ |
| 929 | void test_resetpw_url(void){ |
| 930 | char *zSuffix; |
| 931 | int uid; |
| 932 | int xuid; |
| 933 | char *zLogin; |
| 934 | db_find_and_open_repository(0, 0); |
| 935 | verify_all_options(); |
| 936 | if( g.argc!=3 ){ |
| 937 | usage("UID"); |
| 938 | } |
| 939 | uid = atoi(g.argv[2]); |
| 940 | zSuffix = login_resetpw_suffix(uid, 0); |
| 941 | xuid = login_resetpw_suffix_is_valid(zSuffix); |
| 942 | if( xuid>0 ){ |
| 943 | zLogin = db_text(0, "SELECT login FROM user WHERE uid=%d", xuid); |
| 944 | }else{ |
| 945 | zLogin = 0; |
| 946 | } |
| 947 | fossil_print("/resetpw/%s %d (%s)\n", |
| 948 | zSuffix, xuid, zLogin ? zLogin : "???"); |
| 949 | fossil_free(zSuffix); |
| 950 | fossil_free(zLogin); |
| 951 | } |
| 952 | |
| 953 | /* |
| 954 | ** WEBPAGE: resetpw |
| 955 | ** |
| @@ -1785,10 +1794,75 @@ | |
| 1794 | zUserID, zUserID, zUserID |
| 1795 | ); |
| 1796 | return rc; |
| 1797 | } |
| 1798 | |
| 1799 | /* |
| 1800 | ** zEMail is an email address. (Example: "[email protected]".) This routine |
| 1801 | ** searches for a user or subscriber that has that email address. If the |
| 1802 | ** email address is used no-where in the system, return 0. If the email |
| 1803 | ** address is assigned to a particular user return the UID for that user. |
| 1804 | ** If the email address is used, but not by a particular user, return -1. |
| 1805 | */ |
| 1806 | static int email_address_in_use(const char *zEMail){ |
| 1807 | int uid; |
| 1808 | uid = db_int(0, |
| 1809 | "SELECT uid FROM user" |
| 1810 | " WHERE info LIKE '%%<%q>%%'", zEMail); |
| 1811 | if( uid>0 ){ |
| 1812 | if( db_exists("SELECT 1 FROM user WHERE uid=%d AND (" |
| 1813 | " cap GLOB '*[as]*' OR" |
| 1814 | " find_emailaddr(info)<>%Q COLLATE nocase)", |
| 1815 | uid, zEMail) ){ |
| 1816 | uid = -1; |
| 1817 | } |
| 1818 | } |
| 1819 | if( uid==0 && alert_tables_exist() ){ |
| 1820 | uid = db_int(0, |
| 1821 | "SELECT user.uid FROM subscriber JOIN user ON login=suname" |
| 1822 | " WHERE semail=%Q AND sverified", zEMail); |
| 1823 | if( uid ){ |
| 1824 | if( db_exists("SELECT 1 FROM user WHERE uid=%d AND " |
| 1825 | " cap GLOB '*[as]*'", |
| 1826 | uid) ){ |
| 1827 | uid = -1; |
| 1828 | } |
| 1829 | } |
| 1830 | } |
| 1831 | return uid; |
| 1832 | } |
| 1833 | |
| 1834 | /* |
| 1835 | ** COMMAND: test-email-used |
| 1836 | ** Usage: fossil test-email-used EMAIL ... |
| 1837 | ** |
| 1838 | ** Given a list of email addresses, show the UID and LOGIN associated |
| 1839 | ** with each one. |
| 1840 | */ |
| 1841 | void test_email_used(void){ |
| 1842 | int i; |
| 1843 | db_find_and_open_repository(0, 0); |
| 1844 | verify_all_options(); |
| 1845 | if( g.argc<3 ){ |
| 1846 | usage("EMAIL ..."); |
| 1847 | } |
| 1848 | for(i=2; i<g.argc; i++){ |
| 1849 | const char *zEMail = g.argv[i]; |
| 1850 | int uid = email_address_in_use(zEMail); |
| 1851 | if( uid==0 ){ |
| 1852 | fossil_print("%s: not used\n", zEMail); |
| 1853 | }else if( uid<0 ){ |
| 1854 | fossil_print("%s: used but no password reset is available\n", zEMail); |
| 1855 | }else{ |
| 1856 | char *zLogin = db_text(0, "SELECT login FROM user WHERE uid=%d", uid); |
| 1857 | fossil_print("%s: UID %d (%s)\n", zEMail, uid, zLogin); |
| 1858 | fossil_free(zLogin); |
| 1859 | } |
| 1860 | } |
| 1861 | } |
| 1862 | |
| 1863 | |
| 1864 | /* |
| 1865 | ** Check an email address and confirm that it is valid for self-registration. |
| 1866 | ** The email address is known already to be well-formed. Return true |
| 1867 | ** if the email address is on the allowed list. |
| 1868 | ** |
| @@ -1826,10 +1900,11 @@ | |
| 1900 | const char *zDName; |
| 1901 | unsigned int uSeed; |
| 1902 | const char *zDecoded; |
| 1903 | int iErrLine = -1; |
| 1904 | const char *zErr = 0; |
| 1905 | int uid = 0; /* User id with the same email */ |
| 1906 | int captchaIsCorrect = 0; /* True on a correct captcha */ |
| 1907 | char *zCaptcha = ""; /* Value of the captcha text */ |
| 1908 | char *zPerms; /* Permissions for the default user */ |
| 1909 | int canDoAlerts = 0; /* True if receiving email alerts is possible */ |
| 1910 | int doAlerts = 0; /* True if subscription is wanted too */ |
| @@ -1884,26 +1959,16 @@ | |
| 1959 | iErrLine = 4; |
| 1960 | zErr = "Password must be at least 6 characters long"; |
| 1961 | }else if( fossil_strcmp(zPasswd,zConfirm)!=0 ){ |
| 1962 | iErrLine = 5; |
| 1963 | zErr = "Passwords do not match"; |
| 1964 | }else if( (uid = email_address_in_use(zEAddr))!=0 ){ |
| 1965 | iErrLine = 3; |
| 1966 | zErr = "This email address is already associated with a user"; |
| 1967 | }else if( login_self_choosen_userid_already_exists(zUserID) ){ |
| 1968 | iErrLine = 1; |
| 1969 | zErr = "This User ID is already taken. Choose something different."; |
| 1970 | }else{ |
| 1971 | /* If all of the tests above have passed, that means that the submitted |
| 1972 | ** form contains valid data and we can proceed to create the new login */ |
| 1973 | Blob sql; |
| 1974 | int uid; |
| @@ -2037,11 +2102,15 @@ | |
| 2102 | @ <td class="form_label" align="right" id="emaddr">Email Address:</td> |
| 2103 | @ <td><input aria-labelledby="emaddr" type="text" name="ea" \ |
| 2104 | @ value="%h(zEAddr)" size="30"></td> |
| 2105 | @ </tr> |
| 2106 | if( iErrLine==3 ){ |
| 2107 | @ <tr><td><td><span class='loginError'>↑ %h(zErr)</span> |
| 2108 | if( uid>0 ){ |
| 2109 | @ <br /><button>ToDo: Request Password Reset For UID %d(uid)</button> |
| 2110 | } |
| 2111 | @ </td></tr> |
| 2112 | } |
| 2113 | if( canDoAlerts ){ |
| 2114 | int a = atoi(PD("alerts","1")); |
| 2115 | @ <tr> |
| 2116 | @ <td class="form_label" align="right" id="emalrt">Email Alerts?</td> |
| 2117 |