gecko-dev/webtools/bugzilla/createaccount.cgi

#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Bugzilla Bug Tracking System.
#
# The Initial Developer of the Original Code is Netscape Communications
# Corporation. Portions created by Netscape are
# Copyright (C) 1998 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s): Terry Weissman <terry@mozilla.org>
#                 David Gardiner <david.gardiner@unisa.edu.au>
#                 Joe Robins <jmrobins@tgix.com>
#                 Christopher Aillon <christopher@aillon.com>

use diagnostics;
use strict;

use lib qw(.);

require "CGI.pl";

# Shut up misguided -w warnings about "used only once":

use vars %::FORM;

ConnectToDatabase();

# Clear out the login cookies.  Make people log in again if they create an
# account; otherwise, they'll probably get confused.

my $cookiepath = Param("cookiepath");
print "Set-Cookie: Bugzilla_login= ; path=$cookiepath; expires=Sun, 30-Jun-80 00:00:00 GMT
Set-Cookie: Bugzilla_logincookie= ; path=$cookiepath; expires=Sun, 30-Jun-80 00:00:00 GMT
Content-type: text/html

";

# If we're using LDAP for login, then we can't create a new account here.
if(Param('useLDAP')) {
  PutHeader("Can't create LDAP accounts");
  print "This site is using LDAP for authentication.  Please contact an LDAP ";
  print "administrator to get a new account created.\n";
  PutFooter();
  exit;
}

my $login = $::FORM{'login'};
my $realname = trim($::FORM{'realname'});
if (defined $login) {
    CheckEmailSyntax($login);
    if (DBname_to_id($login) != 0) {
        PutHeader("Account Exists");
        print qq|
          <form method="get" action="token.cgi">
            <input type="hidden" name="a" value="reqpw">
            <input type="hidden" name="loginname" value="$login">
            A Bugzilla account for <tt>$login</tt> already exists.  If you
            are the account holder and have forgotten your password, 
            <input type="submit" value="submit a request to change it">.
          </form>
        |;
        PutFooter();
        exit;
    }
    PutHeader("Account created");
    my $password = InsertNewUser($login, $realname);
    MailPassword($login, $password);
    print " You can also <a href=query.cgi?GoAheadAndLogIn>click\n";
    print "here</a> to log in for the first time.";
    PutFooter();
    exit;
}

PutHeader("Create a new bugzilla account");
print q{
To create a bugzilla account, all that you need to do is to enter a
legitimate e-mail address.  The account will be created, and its
password will be mailed to you. Optionally you may enter your real name 
as well.

<FORM method=get>
<table>
<tr>
<td align=right><b>E-mail address:</b></td>
<td><input size=35 name=login>}.Param('emailsuffix').q{</td>
</tr>
<tr>
<td align=right><b>Real name:</b></td>
<td><input size=35 name=realname></td>
</tr>
</table>
<input type="submit" value="Create Account">
};

PutFooter();
Fix for bug 108982: enable taint mode for all user-facing CGI files. Patch by Brad Baetz <bbaetz@student.usyd.edu.au> r= jake, justdave 2002-01-20 04:44:52 +03:00			`#!/usr/bonsaitools/bin/perl -wT`
Added stuff to make it more obvious how to create an account. 1999-03-27 05:28:51 +03:00			`# -- Mode: perl; indent-tabs-mode: nil --`
			`#`
updated license boilerplate 1999-11-02 02:33:56 +03:00			`# The contents of this file are subject to the Mozilla Public`
			`# License Version 1.1 (the "License"); you may not use this file`
			`# except in compliance with the License. You may obtain a copy of`
			`# the License at http://www.mozilla.org/MPL/`
			`#`
			`# Software distributed under the License is distributed on an "AS`
			`# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or`
			`# implied. See the License for the specific language governing`
			`# rights and limitations under the License.`
			`#`
Added stuff to make it more obvious how to create an account. 1999-03-27 05:28:51 +03:00			`# The Original Code is the Bugzilla Bug Tracking System.`
updated license boilerplate 1999-11-02 02:33:56 +03:00			`#`
Added stuff to make it more obvious how to create an account. 1999-03-27 05:28:51 +03:00			`# The Initial Developer of the Original Code is Netscape Communications`
updated license boilerplate 1999-11-02 02:33:56 +03:00			`# Corporation. Portions created by Netscape are`
			`# Copyright (C) 1998 Netscape Communications Corporation. All`
			`# Rights Reserved.`
			`#`
Added stuff to make it more obvious how to create an account. 1999-03-27 05:28:51 +03:00			`# Contributor(s): Terry Weissman <terry@mozilla.org>`
			`# David Gardiner <david.gardiner@unisa.edu.au>`
fixes for 51184, 51185, 51186: allow for ldap authentication. patches by jmrobins@tgix.com (Joe Robins). LDAP sections haven't been tested yet, but the code is arranged such that it shouldn't disturb existing user authentication system. 2000-09-15 22:35:18 +04:00			`# Joe Robins <jmrobins@tgix.com>`
Fix for bug 93388: Full name should be trimmed of whitespace before going into database. r1=Zach Lipton <zach@zachlipton.com> r2=Andreas Franke <afranke@ags.uni-sb.de>. Patch by Christopher Aillon <caillon@returnzero.com>. 2001-09-23 21:20:50 +04:00			`# Christopher Aillon <christopher@aillon.com>`
Added stuff to make it more obvious how to create an account. 1999-03-27 05:28:51 +03:00
			`use diagnostics;`
			`use strict;`

Fix for bug 108982: enable taint mode for all user-facing CGI files. Patch by Brad Baetz <bbaetz@student.usyd.edu.au> r= jake, justdave 2002-01-20 04:44:52 +03:00			`use lib qw(.);`

Added stuff to make it more obvious how to create an account. 1999-03-27 05:28:51 +03:00			`require "CGI.pl";`

			`# Shut up misguided -w warnings about "used only once":`

			`use vars %::FORM;`

			`ConnectToDatabase();`

			`# Clear out the login cookies. Make people log in again if they create an`
			`# account; otherwise, they'll probably get confused.`

Fix for bug 19910: Bugzilla installs on the same server would interfere with each others' cookies. Cookies now have a path value that can be set to indicate which bugzilla install they belong to. Browsers will only send the cookie to the appropriate installation. The path can be set in the 'cookiepath' parameter in editparams.cgi. Patch by Dave Lawrence <dkl@redhat.com> r= myk, justdave 2001-10-13 04:40:41 +04:00			`my $cookiepath = Param("cookiepath");`
			`print "Set-Cookie: Bugzilla_login= ; path=$cookiepath; expires=Sun, 30-Jun-80 00:00:00 GMT`
			`Set-Cookie: Bugzilla_logincookie= ; path=$cookiepath; expires=Sun, 30-Jun-80 00:00:00 GMT`
Added stuff to make it more obvious how to create an account. 1999-03-27 05:28:51 +03:00			`Content-type: text/html`

			`";`

fixes for 51184, 51185, 51186: allow for ldap authentication. patches by jmrobins@tgix.com (Joe Robins). LDAP sections haven't been tested yet, but the code is arranged such that it shouldn't disturb existing user authentication system. 2000-09-15 22:35:18 +04:00			`# If we're using LDAP for login, then we can't create a new account here.`
			`if(Param('useLDAP')) {`
			`PutHeader("Can't create LDAP accounts");`
			`print "This site is using LDAP for authentication. Please contact an LDAP ";`
			`print "administrator to get a new account created.\n";`
			`PutFooter();`
			`exit;`
			`}`
Added stuff to make it more obvious how to create an account. 1999-03-27 05:28:51 +03:00
			`my $login = $::FORM{'login'};`
Fix for bug 93388: Full name should be trimmed of whitespace before going into database. r1=Zach Lipton <zach@zachlipton.com> r2=Andreas Franke <afranke@ags.uni-sb.de>. Patch by Christopher Aillon <caillon@returnzero.com>. 2001-09-23 21:20:50 +04:00			`my $realname = trim($::FORM{'realname'});`
Added stuff to make it more obvious how to create an account. 1999-03-27 05:28:51 +03:00			`if (defined $login) {`
			`CheckEmailSyntax($login);`
			`if (DBname_to_id($login) != 0) {`
Fix for bug 77473, bug 74032, and bug 85472: Passwords are no longer stored in plaintext in the database. Passwords are no longer encrypted with MySQL's ENCRYPT() function (because it doesn't work on some installs), but with Perl's crypt() function. The crypt-related routines now properly deal with salts so that they work on systems that use methods other than UNIX crypt to crypt the passwords (such as MD5). Checksetup.pl will walk through your database and re-crypt everyone's passwords based on the plaintext password entry, then drop the plaintext password column. As a consequence of no longer having a plaintext password, it is no longer possible to email someone their password, so the login screen has been changed to request a password reset instead. The user is emailed a temporary identifying token, with a link back to Bugzilla. They click on the link or paste it into their browser and Bugzilla allows them to change their password. Patch by Myk Melez <myk@mozilla.org> r= justdave@syndicomm.com, jake@acutex.net 2001-07-11 09:29:21 +04:00			`PutHeader("Account Exists");`
			`print qq\|`
			`<form method="get" action="token.cgi">`
			`<input type="hidden" name="a" value="reqpw">`
			`<input type="hidden" name="loginname" value="$login">`
			`A Bugzilla account for <tt>$login</tt> already exists. If you`
			`are the account holder and have forgotten your password,`
			`<input type="submit" value="submit a request to change it">.`
			`</form>`
			`\|;`
Patch by Ramon Felciano <felciano@ingenuity.com>, with many tweaks by me. Added a footer to every page. Add some options to do things like display checkboxes instead of scrolling lists, and a new formatting for email diffs, and show list items capitalized instead of all upper case. 2000-01-15 01:35:49 +03:00			`PutFooter();`
Fix for bug 77473, bug 74032, and bug 85472: Passwords are no longer stored in plaintext in the database. Passwords are no longer encrypted with MySQL's ENCRYPT() function (because it doesn't work on some installs), but with Perl's crypt() function. The crypt-related routines now properly deal with salts so that they work on systems that use methods other than UNIX crypt to crypt the passwords (such as MD5). Checksetup.pl will walk through your database and re-crypt everyone's passwords based on the plaintext password entry, then drop the plaintext password column. As a consequence of no longer having a plaintext password, it is no longer possible to email someone their password, so the login screen has been changed to request a password reset instead. The user is emailed a temporary identifying token, with a link back to Bugzilla. They click on the link or paste it into their browser and Bugzilla allows them to change their password. Patch by Myk Melez <myk@mozilla.org> r= justdave@syndicomm.com, jake@acutex.net 2001-07-11 09:29:21 +04:00			`exit;`
Added stuff to make it more obvious how to create an account. 1999-03-27 05:28:51 +03:00			`}`
Patch by holger@holger.om.org (Holger Schurig) -- was displaying header twice in some cases. 1999-09-28 02:22:24 +04:00			`PutHeader("Account created");`
Patch by Chris Baldwin <chris.baldwin@siara.com> -- allow optional entry of the user's realname. Note that nothing actually makes use of this info at present. 1999-08-19 04:06:01 +04:00			`my $password = InsertNewUser($login, $realname);`
Oops. Accounts created via the "createaccount.cgi" page were not getting their password emailed to them. 1999-05-08 02:07:21 +04:00			`MailPassword($login, $password);`
refix for 40603: Assumes user is coming from different page reduce wording 2001-03-10 00:41:27 +03:00			`print " You can also <a href=query.cgi?GoAheadAndLogIn>click\n";`
			`print "here</a> to log in for the first time.";`
Patch by Ramon Felciano <felciano@ingenuity.com>, with many tweaks by me. Added a footer to every page. Add some options to do things like display checkboxes instead of scrolling lists, and a new formatting for email diffs, and show list items capitalized instead of all upper case. 2000-01-15 01:35:49 +03:00			`PutFooter();`
Added stuff to make it more obvious how to create an account. 1999-03-27 05:28:51 +03:00			`exit;`
			`}`

Patch by holger@holger.om.org (Holger Schurig) -- was displaying header twice in some cases. 1999-09-28 02:22:24 +04:00			`PutHeader("Create a new bugzilla account");`
Added stuff to make it more obvious how to create an account. 1999-03-27 05:28:51 +03:00			`print q{`
			`To create a bugzilla account, all that you need to do is to enter a`
			`legitimate e-mail address. The account will be created, and its`
Patch by Chris Baldwin <chris.baldwin@siara.com> -- allow optional entry of the user's realname. Note that nothing actually makes use of this info at present. 1999-08-19 04:06:01 +04:00			`password will be mailed to you. Optionally you may enter your real name`
			`as well.`
Added stuff to make it more obvious how to create an account. 1999-03-27 05:28:51 +03:00
			`<FORM method=get>`
			`<table>`
			`<tr>`
			`<td align=right><b>E-mail address:</b></td>`
Fix for bug 55630 - email-suffix is not shown in createaccount-page Patch by kai morich <mail@kai-morich.de> r= matty@chariot.net.au 2001-10-05 23:38:26 +04:00			`<td><input size=35 name=login>}.Param('emailsuffix').q{</td>`
Added stuff to make it more obvious how to create an account. 1999-03-27 05:28:51 +03:00			`</tr>`
Patch by Chris Baldwin <chris.baldwin@siara.com> -- allow optional entry of the user's realname. Note that nothing actually makes use of this info at present. 1999-08-19 04:06:01 +04:00			`<tr>`
			`<td align=right><b>Real name:</b></td>`
			`<td><input size=35 name=realname></td>`
			`</tr>`
Added stuff to make it more obvious how to create an account. 1999-03-27 05:28:51 +03:00			`</table>`
Fixing bug #17779 with patch from cdurst@world.std.com 2000-06-15 09:07:13 +04:00			`<input type="submit" value="Create Account">`
Added stuff to make it more obvious how to create an account. 1999-03-27 05:28:51 +03:00			`};`

Patch by Ramon Felciano <felciano@ingenuity.com>, with many tweaks by me. Added a footer to every page. Add some options to do things like display checkboxes instead of scrolling lists, and a new formatting for email diffs, and show list items capitalized instead of all upper case. 2000-01-15 01:35:49 +03:00			`PutFooter();`