X-Git-Url: http://git.annexia.org/?a=blobdiff_plain;f=scripts%2Finvite_user_confirm_form.ml;h=a61726d29405febb0f81e4a2211efc4cfddbd1de;hb=0d913c7fee349ac0d46a9f9ce31977b2e5c545af;hp=93e6dd88172d4d76685e468e1d0763a99c964994;hpb=0bbc87f2b064e8080f18e77ffcadcd6348ecd9be;p=cocanwiki.git

diff --git a/scripts/invite_user_confirm_form.ml b/scripts/invite_user_confirm_form.ml
index 93e6dd8..a61726d 100644
--- a/scripts/invite_user_confirm_form.ml
+++ b/scripts/invite_user_confirm_form.ml
@@ -1,7 +1,7 @@
 (* COCANWIKI - a wiki written in Objective CAML.
  * Written by Richard W.M. Jones <rich@merjis.com>.
  * Copyright (C) 2004 Merjis Ltd.
- * $Id: invite_user_confirm_form.ml,v 1.1 2004/10/14 15:57:15 rich Exp $
+ * $Id: invite_user_confirm_form.ml,v 1.2 2004/10/23 15:00:15 rich Exp $
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -27,28 +27,30 @@ open Printf
 open Cocanwiki
 open Cocanwiki_ok
 open Cocanwiki_template
-open Cocanwiki_strings
 
 let run r (q : cgi) (dbh : Dbi.connection) hostid _ _ =
   let template = get_template dbh hostid "invite_user_confirm_form.html" in
 
-  (* Get the password.  It's supposed to be unique so we can look up the
-   * user by this.  Do a bit of sanity checking on it, however, to make
-   * sure we can't just use it to search for passwords, or some other type
-   * of strange exploit.
-   *)
-  let password = q#param "p" in
-  assert (String.length password = 32 && string_for_all isxdigit password);
+  (* Get the invite ID. *)
+  let invite = q#param "p" in
 
   let sth = dbh#prepare_cached "select name from users
-                                 where hostid = ? and password = ?" in
-  sth#execute [`Int hostid; `String password];
-
-  let username = sth#fetch1string () in
+                                 where hostid = ? and invite = ?" in
+  sth#execute [`Int hostid; `String invite];
+
+  let username =
+    try sth#fetch1string ()
+    with
+	Not_found ->
+	  error ~title:"Already signed up"
+	    q ("It looks like you have already used your invitation.  If " ^
+	       "you cannot get to your account, please contact the " ^
+	       "administrator.");
+	  return () in
 
   (* Update the template so that the user can set their preferred password. *)
   template#set "username" username;
-  template#set "old_password" password;
+  template#set "invite" invite;
 
   q#template template