From f89070d5807832d6636118dbeb8d159254c3ace1 Mon Sep 17 00:00:00 2001 From: rich Date: Tue, 7 Sep 2004 17:16:46 +0000 Subject: [PATCH] Create account, forgotten password. --- scripts/Makefile | 4 ++- scripts/forgot_password.ml | 70 +++++++++++++++++++++++++++++++++++++ scripts/forgot_password_form.ml | 21 +++++++++++ scripts/signup.ml | 7 +++- templates/forgot_password_form.html | 53 ++++++++++++++++++++++++++++ 5 files changed, 153 insertions(+), 2 deletions(-) create mode 100644 scripts/forgot_password.ml create mode 100644 scripts/forgot_password_form.ml create mode 100644 templates/forgot_password_form.html diff --git a/scripts/Makefile b/scripts/Makefile index c7df219..33f24df 100644 --- a/scripts/Makefile +++ b/scripts/Makefile @@ -1,5 +1,5 @@ # Makefile for COCANWIKI. -# $Id: Makefile,v 1.5 2004/09/07 16:58:03 rich Exp $ +# $Id: Makefile,v 1.6 2004/09/07 17:16:46 rich Exp $ include ../Makefile.config @@ -33,6 +33,8 @@ OBJS := create.cmo \ edit_page_css_form.cmo \ file.cmo \ files.cmo \ + forgot_password.cmo \ + forgot_password_form.cmo \ history.cmo \ hoststyle.cmo \ image.cmo \ diff --git a/scripts/forgot_password.ml b/scripts/forgot_password.ml new file mode 100644 index 0000000..5a77907 --- /dev/null +++ b/scripts/forgot_password.ml @@ -0,0 +1,70 @@ +(* COCANWIKI scripts. + * Written by Richard W.M. Jones . + * Copyright (C) 2004 Merjis Ltd. + * $Id: forgot_password.ml,v 1.1 2004/09/07 17:16:46 rich Exp $ + *) + +open Apache +open Registry +open Cgi +open Printf + +open Cocanwiki +open Cocanwiki_ok +open Cocanwiki_strings + +let run r (q : cgi) (dbh : Dbi.connection) (hostid, hostname, _) _ = + let name = trim (q#param "name") in + + if name = "" then ( + error ~back_button:true ~title:"No username or email address" + q "You didn't give a username or email address"; + raise CgiExit + ); + + (* Look it up in the database. *) + let sth = dbh#prepare_cached "select email, name, password from users + where hostid = ? + and (lower (name) = lower (?) + or lower (email) = lower (?))" in + sth#execute [`Int hostid; `String name; `String name]; + + try + let email, name, password = match sth#fetch1 () with + [ `String email; `String name; `String password ] -> + email, name, password + | _ -> assert false in + + (* Get the IP address of the user, if available. *) + let ip = + try Connection.remote_ip (Request.connection r) with Not_found -> "" in + + let subject = "Password for " ^ hostname in + + let body = + "Someone, possibly you, requested your password for " ^ hostname ^ + ".\n" ^ + "Username: " ^ name ^ "\n" ^ + "Password: " ^ password ^ "\n" ^ + "\n" ^ + "IP address of request: " ^ ip ^ "\n" in + + Sendmail.send_mail ~subject ~to_addr:[ email ] ~body (); + + let buttons = [ ok_button "/_login" ] in + ok ~buttons ~title:"Password sent by email" + q + ("Your password was sent by email. If you don't receive the password " ^ + "within an hour, please notify the site's administrator.") + with + Not_found -> + (* Artificially limit the rate at which people can search the database + * for usernames. + *) + Unix.sleep 10; + + error ~back_button:true ~title:"Nothing known" + q "Sorry, don't know anyone with that name or email address." + +let () = + register_script run diff --git a/scripts/forgot_password_form.ml b/scripts/forgot_password_form.ml new file mode 100644 index 0000000..700f0b8 --- /dev/null +++ b/scripts/forgot_password_form.ml @@ -0,0 +1,21 @@ +(* COCANWIKI scripts. + * Written by Richard W.M. Jones . + * Copyright (C) 2004 Merjis Ltd. + * $Id: forgot_password_form.ml,v 1.1 2004/09/07 17:16:46 rich Exp $ + *) + +open Apache +open Registry +open Cgi +open Printf + +open Cocanwiki +open Cocanwiki_template + +let template = get_template "forgot_password_form.html" + +let run r (q : cgi) (dbh : Dbi.connection) (hostid, _, _) _ = + q#template template + +let () = + register_script run diff --git a/scripts/signup.ml b/scripts/signup.ml index ea90b34..84c560e 100644 --- a/scripts/signup.ml +++ b/scripts/signup.ml @@ -1,7 +1,7 @@ (* COCANWIKI scripts. * Written by Richard W.M. Jones . * Copyright (C) 2004 Merjis Ltd. - * $Id: signup.ml,v 1.1 2004/09/07 16:58:03 rich Exp $ + * $Id: signup.ml,v 1.2 2004/09/07 17:16:46 rich Exp $ *) open Apache @@ -44,6 +44,11 @@ let run r (q : cgi) (dbh : Dbi.connection) (hostid, _, _) _ = let password = password1 in + (* + Uh oh ... Not making UNICODE assumptions ... XXX + if String.length username > 32 || String.length password > 32 then + *) + let email = trim (q#param "email") in let email = if string_is_whitespace email then `Null else `String email in diff --git a/templates/forgot_password_form.html b/templates/forgot_password_form.html new file mode 100644 index 0000000..c077f1e --- /dev/null +++ b/templates/forgot_password_form.html @@ -0,0 +1,53 @@ + + + +Forgotten your password? + + + + + + +

Forgotten your password?

+ +

+Type in your username or your email address. If we have a matching +username or email address on record, we will email you your password. +

Username or email address:

+ + + + + + + +

+ + + + + \ No newline at end of file -- 1.8.3.1