(* COCANWIKI - a wiki written in Objective CAML.
* Written by Richard W.M. Jones <rich@merjis.com>.
* Copyright (C) 2004 Merjis Ltd.
- * $Id: invite_user_confirm_form.ml,v 1.1 2004/10/14 15:57:15 rich Exp $
+ * $Id: invite_user_confirm_form.ml,v 1.2 2004/10/23 15:00:15 rich Exp $
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
open Cocanwiki
open Cocanwiki_ok
open Cocanwiki_template
-open Cocanwiki_strings
let run r (q : cgi) (dbh : Dbi.connection) hostid _ _ =
let template = get_template dbh hostid "invite_user_confirm_form.html" in
- (* Get the password. It's supposed to be unique so we can look up the
- * user by this. Do a bit of sanity checking on it, however, to make
- * sure we can't just use it to search for passwords, or some other type
- * of strange exploit.
- *)
- let password = q#param "p" in
- assert (String.length password = 32 && string_for_all isxdigit password);
+ (* Get the invite ID. *)
+ let invite = q#param "p" in
let sth = dbh#prepare_cached "select name from users
- where hostid = ? and password = ?" in
- sth#execute [`Int hostid; `String password];
-
- let username = sth#fetch1string () in
+ where hostid = ? and invite = ?" in
+ sth#execute [`Int hostid; `String invite];
+
+ let username =
+ try sth#fetch1string ()
+ with
+ Not_found ->
+ error ~title:"Already signed up"
+ q ("It looks like you have already used your invitation. If " ^
+ "you cannot get to your account, please contact the " ^
+ "administrator.");
+ return () in
(* Update the template so that the user can set their preferred password. *)
template#set "username" username;
- template#set "old_password" password;
+ template#set "invite" invite;
q#template template
git.annexia.org / cocanwiki.git / blobdiff