(* COCANWIKI scripts. * Written by Richard W.M. Jones . * Copyright (C) 2004 Merjis Ltd. * $Id: forgot_password.ml,v 1.3 2004/09/09 09:35:33 rich Exp $ *) open Apache open Registry open Cgi open Printf open Cocanwiki open Cocanwiki_ok open Cocanwiki_strings let run r (q : cgi) (dbh : Dbi.connection) hostid { hostname = hostname } _ = let name = trim (q#param "name") in if name = "" then ( error ~back_button:true ~title:"No username or email address" q "You didn't give a username or email address"; raise CgiExit ); (* Look it up in the database. *) let sth = dbh#prepare_cached "select email, name, password from users where hostid = ? and (lower (name) = lower (?) or lower (email) = lower (?))" in sth#execute [`Int hostid; `String name; `String name]; try let email, name, password = match sth#fetch1 () with [ `String email; `String name; `String password ] -> email, name, password | _ -> assert false in (* Get the IP address of the user, if available. *) let ip = try Connection.remote_ip (Request.connection r) with Not_found -> "" in let subject = "Password for " ^ hostname in let body = "Someone, possibly you, requested your password for " ^ hostname ^ ".\n\n" ^ "Username: " ^ name ^ "\n" ^ "Password: " ^ password ^ "\n" ^ "\n" ^ "IP address of request: " ^ ip ^ "\n" in Sendmail.send_mail ~subject ~to_addr:[ email ] ~body (); let buttons = [ ok_button "/_login" ] in ok ~buttons ~title:"Password sent by email" q ("Your password was sent by email. If you don't receive the password " ^ "within an hour, please notify the site's administrator.") with Not_found -> (* Artificially limit the rate at which people can search the database * for usernames. *) Unix.sleep 10; error ~back_button:true ~title:"Nothing known" q "Sorry, don't know anyone with that name or email address." let () = register_script run