From 170cb27ec617423c937191bf36af09804621425c Mon Sep 17 00:00:00 2001 From: rich Date: Fri, 18 Aug 2006 10:16:35 +0000 Subject: [PATCH] Fix assert-fail when trying to recover non-existant password. --- scripts/forgot_password.ml | 64 ++++++++++++++++++++++------------------------ 1 file changed, 31 insertions(+), 33 deletions(-) diff --git a/scripts/forgot_password.ml b/scripts/forgot_password.ml index e88e9c3..db14cae 100644 --- a/scripts/forgot_password.ml +++ b/scripts/forgot_password.ml @@ -1,7 +1,7 @@ (* COCANWIKI - a wiki written in Objective CAML. * Written by Richard W.M. Jones . * Copyright (C) 2004 Merjis Ltd. - * $Id: forgot_password.ml,v 1.11 2006/07/31 09:49:43 rich Exp $ + * $Id: forgot_password.ml,v 1.12 2006/08/18 10:16:35 rich Exp $ * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -44,49 +44,47 @@ let run r (q : cgi) dbh hostid { hostname = hostname } _ = and email is not null and (lower (name) = lower ($name) or lower (email) = lower ($name))" in - try - let email, name, password = - match rows with - | [ Some email, name, password ] -> - email, name, password - | _ -> assert false in + let email, name, password = + match rows with + | [ Some email, name, password ] -> + email, name, password + | _ -> + (* Artificially limit the rate at which people can search the + * database for usernames. + *) + Unix.sleep 10; + + error ~back_button:true ~title:"Nothing known" + dbh hostid q + "Sorry, don't know anyone with that name or email address."; + return () in - (* Get the IP address of the user, if available. *) - let ip = - try Connection.remote_ip (Request.connection r) with Not_found -> "" in + (* Get the IP address of the user, if available. *) + let ip = + try Connection.remote_ip (Request.connection r) with Not_found -> "" in - let subject = "Password for " ^ hostname in + let subject = "Password for " ^ hostname in - let body = - "Someone, possibly you, requested your password for " ^ hostname ^ + let body = + "Someone, possibly you, requested your password for " ^ hostname ^ ".\n\n" ^ "Username: " ^ name ^ "\n" ^ "Password: " ^ password ^ "\n" ^ "\n" ^ "IP address of request: " ^ ip ^ "\n" in - let content_type = - "text/plain", ["charset", Mimestring.mk_param "UTF-8"] in - let to_addrs = [ "", email ] in + let content_type = + "text/plain", ["charset", Mimestring.mk_param "UTF-8"] in + let to_addrs = [ "", email ] in - let msg = Netsendmail.compose ~subject ~to_addrs ~content_type body in - Netsendmail.sendmail msg; + let msg = Netsendmail.compose ~subject ~to_addrs ~content_type body in + Netsendmail.sendmail msg; - let buttons = [ ok_button "/_login" ] in - ok ~buttons ~title:"Password sent by email" - dbh hostid q - ("Your password was sent by email. If you don't receive the password " ^ - "within an hour, please notify the site's administrator.") - with - Not_found -> - (* Artificially limit the rate at which people can search the database - * for usernames. - *) - Unix.sleep 10; - - error ~back_button:true ~title:"Nothing known" - dbh hostid q - "Sorry, don't know anyone with that name or email address." + let buttons = [ ok_button "/_login" ] in + ok ~buttons ~title:"Password sent by email" + dbh hostid q + ("Your password was sent by email. If you don't receive the password " ^ + "within an hour, please notify the site's administrator.") let () = register_script run -- 1.8.3.1