(* COCANWIKI - a wiki written in Objective CAML.
* Written by Richard W.M. Jones <rich@merjis.com>.
* Copyright (C) 2004 Merjis Ltd.
- * $Id: forgot_password.ml,v 1.7 2005/03/31 14:24:04 rich Exp $
+ * $Id: forgot_password.ml,v 1.12 2006/08/18 10:16:35 rich Exp $
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
open Cocanwiki_ok
open Cocanwiki_strings
-let run r (q : cgi) (dbh : Dbi.connection) hostid { hostname = hostname } _ =
+let run r (q : cgi) dbh hostid { hostname = hostname } _ =
let name = trim (q#param "name") in
if name = "" then (
error ~back_button:true ~title:"No username or email address"
- q "You didn't give a username or email address";
+ dbh hostid q "You didn't give a username or email address";
return ()
);
(* Look it up in the database. *)
- let sth = dbh#prepare_cached "select email, name, password from users
- where hostid = ?
- and email is not null
- and (lower (name) = lower (?)
- or lower (email) = lower (?))" in
- sth#execute [`Int hostid; `String name; `String name];
+ let rows = PGSQL(dbh)
+ "select email, name, password from users
+ where hostid = $hostid
+ and email is not null
+ and (lower (name) = lower ($name) or lower (email) = lower ($name))" in
- try
- let email, name, password = match sth#fetch1 () with
- [ `String email; `String name; `String password ] ->
- email, name, password
- | _ -> assert false in
+ let email, name, password =
+ match rows with
+ | [ Some email, name, password ] ->
+ email, name, password
+ | _ ->
+ (* Artificially limit the rate at which people can search the
+ * database for usernames.
+ *)
+ Unix.sleep 10;
+
+ error ~back_button:true ~title:"Nothing known"
+ dbh hostid q
+ "Sorry, don't know anyone with that name or email address.";
+ return () in
- (* Get the IP address of the user, if available. *)
- let ip =
- try Connection.remote_ip (Request.connection r) with Not_found -> "" in
+ (* Get the IP address of the user, if available. *)
+ let ip =
+ try Connection.remote_ip (Request.connection r) with Not_found -> "" in
- let subject = "Password for " ^ hostname in
+ let subject = "Password for " ^ hostname in
- let body =
- "Someone, possibly you, requested your password for " ^ hostname ^
+ let body =
+ "Someone, possibly you, requested your password for " ^ hostname ^
".\n\n" ^
"Username: " ^ name ^ "\n" ^
"Password: " ^ password ^ "\n" ^
"\n" ^
"IP address of request: " ^ ip ^ "\n" in
- Sendmail.send_mail ~subject ~to_addr:[ email ] body;
+ let content_type =
+ "text/plain", ["charset", Mimestring.mk_param "UTF-8"] in
+ let to_addrs = [ "", email ] in
- let buttons = [ ok_button "/_login" ] in
- ok ~buttons ~title:"Password sent by email"
- q
- ("Your password was sent by email. If you don't receive the password " ^
- "within an hour, please notify the site's administrator.")
- with
- Not_found ->
- (* Artificially limit the rate at which people can search the database
- * for usernames.
- *)
- Unix.sleep 10;
+ let msg = Netsendmail.compose ~subject ~to_addrs ~content_type body in
+ Netsendmail.sendmail msg;
- error ~back_button:true ~title:"Nothing known"
- q "Sorry, don't know anyone with that name or email address."
+ let buttons = [ ok_button "/_login" ] in
+ ok ~buttons ~title:"Password sent by email"
+ dbh hostid q
+ ("Your password was sent by email. If you don't receive the password " ^
+ "within an hour, please notify the site's administrator.")
let () =
register_script run