(* COCANWIKI - a wiki written in Objective CAML.
* Written by Richard W.M. Jones <rich@merjis.com>.
* Copyright (C) 2004 Merjis Ltd.
- * $Id: create_user.ml,v 1.4 2004/10/11 14:13:04 rich Exp $
+ * $Id: create_user.ml,v 1.8 2006/07/26 16:34:18 rich Exp $
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
open Cocanwiki_ok
open Cocanwiki_strings
-let run r (q : cgi) (dbh : Dbi.connection) hostid _ _ =
+let run r (q : cgi) dbh hostid _ _ =
let username = trim (q#param "username") in
let password1 = trim (q#param "password1") in
let password2 = trim (q#param "password2") in
if username = "" || password1 = "" || password2 = "" then (
error ~back_button:true ~title:"Bad username or password"
- q "The username or password you gave is empty.";
+ dbh hostid q "The username or password you gave is empty.";
return ()
);
if password1 <> password2 then (
error ~back_button:true ~title:"Passwords don't match"
- q "The two passwords you gave aren't identical.";
+ dbh hostid q "The two passwords you gave aren't identical.";
return ()
);
let password = password1 in
- (*
- Uh oh ... Not making UNICODE assumptions ... XXX
- if String.length username > 32 || String.length password > 32 then
- *)
-
- let email = trim (q#param "email") in
- let email = if string_is_whitespace email then `Null else `String email in
+ if UTF8.length username > 32 || UTF8.length password > 128 then (
+ error ~back_button:true ~title:"Username or password too long"
+ dbh hostid q "Usernames should be less than 32 characters long. For passwords we let you have a generous 128 characters.";
+ return ()
+ );
(* Not a duplicate? *)
- let sth = dbh#prepare_cached "select id from users
- where hostid = ? and name = ?" in
- sth#execute [`Int hostid; `String username];
-
- (try
- sth#fetch1 ();
- error ~back_button:true ~title:"Username already taken"
- q "Someone has already taken that username.";
- return ()
- with
- Not_found -> ());
+ let rows = PGSQL(dbh)
+ "select id from users where hostid = $hostid and name = $username" in
+
+ (match rows with
+ | [_] ->
+ error ~back_button:true ~title:"Username already taken"
+ dbh hostid q "Someone has already taken that username.";
+ return ()
+ | [] -> ()
+ | _ -> assert false
+ );
let can_edit = q#param_true "can_edit" in
let can_manage_users = q#param_true "can_manage_users" in
let can_manage_site = q#param_true "can_manage_site" in
let can_edit_global_css = q#param_true "can_edit_global_css" in
let can_import_mail = q#param_true "can_import_mail" in
+ let can_edit_macros = q#param_true "can_edit_macros" in
let force_password_change = q#param_true "force_password_change" in
(* Create the user account. *)
- let sth = dbh#prepare_cached "insert into users (name, password, email,
- hostid, can_edit, can_manage_users,
- can_manage_contacts, can_manage_site,
- can_edit_global_css, can_import_mail,
- force_password_change)
- values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)" in
- sth#execute [`String username; `String password; email; `Int hostid;
- `Bool can_edit; `Bool can_manage_users;
- `Bool can_manage_contacts; `Bool can_manage_site;
- `Bool can_edit_global_css; `Bool can_import_mail;
- `Bool force_password_change];
-
- dbh#commit ();
+ PGSQL(dbh)
+ "insert into users (name, password,
+ hostid, can_edit, can_manage_users,
+ can_manage_contacts, can_manage_site,
+ can_edit_global_css, can_import_mail,
+ can_edit_macros,
+ force_password_change)
+ values ($username, $password, $hostid, $can_edit, $can_manage_users,
+ $can_manage_contacts, $can_manage_site,
+ $can_edit_global_css, $can_import_mail,
+ $can_edit_macros,
+ $force_password_change)";
+
+ PGOCaml.commit dbh;
let buttons = [ ok_button "/_users" ] in
ok ~title:"Account created" ~buttons
- q ("An account was created for " ^ username ^ ".")
+ dbh hostid q ("An account was created for " ^ username ^ ".")
let () =
register_script ~restrict:[CanManageUsers] run