(* COCANWIKI - a wiki written in Objective CAML.
* Written by Richard W.M. Jones <rich@merjis.com>.
* Copyright (C) 2004 Merjis Ltd.
- * $Id: invite_user_confirm_form.ml,v 1.1 2004/10/14 15:57:15 rich Exp $
+ * $Id: invite_user_confirm_form.ml,v 1.6 2006/12/06 09:46:57 rich Exp $
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
open Cocanwiki
open Cocanwiki_ok
open Cocanwiki_template
-open Cocanwiki_strings
-let run r (q : cgi) (dbh : Dbi.connection) hostid _ _ =
- let template = get_template dbh hostid "invite_user_confirm_form.html" in
+let run r (q : cgi) dbh hostid _ _ =
+ let template = get_template r dbh hostid "invite_user_confirm_form.html" in
- (* Get the password. It's supposed to be unique so we can look up the
- * user by this. Do a bit of sanity checking on it, however, to make
- * sure we can't just use it to search for passwords, or some other type
- * of strange exploit.
- *)
- let password = q#param "p" in
- assert (String.length password = 32 && string_for_all isxdigit password);
+ (* Get the invite ID. *)
+ let invite = q#param "p" in
- let sth = dbh#prepare_cached "select name from users
- where hostid = ? and password = ?" in
- sth#execute [`Int hostid; `String password];
+ let rows = PGSQL(dbh) "select name from users
+ where hostid = $hostid and invite = $invite" in
- let username = sth#fetch1string () in
+ let username =
+ match rows with
+ | [username] -> username
+ | [] ->
+ error ~title:"Already signed up"
+ r dbh hostid q
+ ("It looks like you have already used your invitation. If " ^
+ "you cannot get to your account, please contact the " ^
+ "administrator.");
+ return ()
+ | _ -> assert false in
(* Update the template so that the user can set their preferred password. *)
template#set "username" username;
- template#set "old_password" password;
+ template#set "invite" invite;
q#template template
git.annexia.org / cocanwiki.git / blobdiff