# Bundle the functions in this file together into the "Token" package.
package Token;
+use Date::Format;
+
# This module requires that its caller have said "require CGI.pl" to import
# relevant functions from that script and its companion globals.pl.
+################################################################################
+# Constants
+################################################################################
+
+# The maximum number of days a token will remain valid.
+my $maxtokenage = 3;
+
################################################################################
# Functions
################################################################################
sub IssueEmailChangeToken {
my ($userid, $old_email, $new_email) = @_;
+ my $token_ts = time();
+ my $issuedate = time2str("%Y-%m-%d %H:%M", $token_ts);
+
# Generate a unique token and insert it into the tokens table.
# We have to lock the tokens table before generating the token,
# since the database must be queried for token uniqueness.
my $quoted_emails = &::SqlQuote($old_email . ":" . $new_email);
&::SendSQL("INSERT INTO tokens ( userid , issuedate , token ,
tokentype , eventdata )
- VALUES ( $userid , NOW() , $quotedtoken ,
+ VALUES ( $userid , '$issuedate' , $quotedtoken ,
'emailold' , $quoted_emails )");
my $newtoken = GenerateUniqueToken();
$quotedtoken = &::SqlQuote($newtoken);
&::SendSQL("INSERT INTO tokens ( userid , issuedate , token ,
tokentype , eventdata )
- VALUES ( $userid , NOW() , $quotedtoken ,
+ VALUES ( $userid , '$issuedate' , $quotedtoken ,
'emailnew' , $quoted_emails )");
&::SendSQL("UNLOCK TABLES");
$vars->{'oldemailaddress'} = $old_email . &::Param('emailsuffix');
$vars->{'newemailaddress'} = $new_email . &::Param('emailsuffix');
+
+ $vars->{'max_token_age'} = $maxtokenage;
+ $vars->{'token_ts'} = $token_ts;
$vars->{'token'} = $token;
$vars->{'emailaddress'} = $old_email . &::Param('emailsuffix');
&::SendSQL("SELECT userid FROM profiles WHERE login_name = $quotedloginname");
my ($userid) = &::FetchSQLData();
+ my $token_ts = time();
+ my $issuedate = time2str("%Y-%m-%d %H:%M", $token_ts);
+
# Generate a unique token and insert it into the tokens table.
# We have to lock the tokens table before generating the token,
# since the database must be queried for token uniqueness.
my $quotedtoken = &::SqlQuote($token);
my $quotedipaddr = &::SqlQuote($::ENV{'REMOTE_ADDR'});
&::SendSQL("INSERT INTO tokens ( userid , issuedate , token , tokentype , eventdata )
- VALUES ( $userid , NOW() , $quotedtoken , 'password' , $quotedipaddr )");
+ VALUES ( $userid , '$issuedate' , $quotedtoken , 'password' , $quotedipaddr )");
&::SendSQL("UNLOCK TABLES");
# Mail the user the token along with instructions for using it.
$vars->{'token'} = $token;
$vars->{'emailaddress'} = $loginname . &::Param('emailsuffix');
+ $vars->{'max_token_age'} = $maxtokenage;
+ $vars->{'token_ts'} = $token_ts;
+
my $message = "";
$template->process("account/password/forgotten-password.txt.tmpl",
$vars, \$message)
sub CleanTokenTable {
&::SendSQL("LOCK TABLES tokens WRITE");
&::SendSQL("DELETE FROM tokens
- WHERE TO_DAYS(NOW()) - TO_DAYS(issuedate) >= 3");
+ WHERE TO_DAYS(NOW()) - TO_DAYS(issuedate) >= " . $maxtokenage);
&::SendSQL("UNLOCK TABLES");
}
# Bundle the functions in this file together into the "Token" package.
package Token;
+use Date::Format;
+
# This module requires that its caller have said "require CGI.pl" to import
# relevant functions from that script and its companion globals.pl.
+################################################################################
+# Constants
+################################################################################
+
+# The maximum number of days a token will remain valid.
+my $maxtokenage = 3;
+
################################################################################
# Functions
################################################################################
sub IssueEmailChangeToken {
my ($userid, $old_email, $new_email) = @_;
+ my $token_ts = time();
+ my $issuedate = time2str("%Y-%m-%d %H:%M", $token_ts);
+
# Generate a unique token and insert it into the tokens table.
# We have to lock the tokens table before generating the token,
# since the database must be queried for token uniqueness.
my $quoted_emails = &::SqlQuote($old_email . ":" . $new_email);
&::SendSQL("INSERT INTO tokens ( userid , issuedate , token ,
tokentype , eventdata )
- VALUES ( $userid , NOW() , $quotedtoken ,
+ VALUES ( $userid , '$issuedate' , $quotedtoken ,
'emailold' , $quoted_emails )");
my $newtoken = GenerateUniqueToken();
$quotedtoken = &::SqlQuote($newtoken);
&::SendSQL("INSERT INTO tokens ( userid , issuedate , token ,
tokentype , eventdata )
- VALUES ( $userid , NOW() , $quotedtoken ,
+ VALUES ( $userid , '$issuedate' , $quotedtoken ,
'emailnew' , $quoted_emails )");
&::SendSQL("UNLOCK TABLES");
$vars->{'oldemailaddress'} = $old_email . &::Param('emailsuffix');
$vars->{'newemailaddress'} = $new_email . &::Param('emailsuffix');
+
+ $vars->{'max_token_age'} = $maxtokenage;
+ $vars->{'token_ts'} = $token_ts;
$vars->{'token'} = $token;
$vars->{'emailaddress'} = $old_email . &::Param('emailsuffix');
&::SendSQL("SELECT userid FROM profiles WHERE login_name = $quotedloginname");
my ($userid) = &::FetchSQLData();
+ my $token_ts = time();
+ my $issuedate = time2str("%Y-%m-%d %H:%M", $token_ts);
+
# Generate a unique token and insert it into the tokens table.
# We have to lock the tokens table before generating the token,
# since the database must be queried for token uniqueness.
my $quotedtoken = &::SqlQuote($token);
my $quotedipaddr = &::SqlQuote($::ENV{'REMOTE_ADDR'});
&::SendSQL("INSERT INTO tokens ( userid , issuedate , token , tokentype , eventdata )
- VALUES ( $userid , NOW() , $quotedtoken , 'password' , $quotedipaddr )");
+ VALUES ( $userid , '$issuedate' , $quotedtoken , 'password' , $quotedipaddr )");
&::SendSQL("UNLOCK TABLES");
# Mail the user the token along with instructions for using it.
$vars->{'token'} = $token;
$vars->{'emailaddress'} = $loginname . &::Param('emailsuffix');
+ $vars->{'max_token_age'} = $maxtokenage;
+ $vars->{'token_ts'} = $token_ts;
+
my $message = "";
$template->process("account/password/forgotten-password.txt.tmpl",
$vars, \$message)
sub CleanTokenTable {
&::SendSQL("LOCK TABLES tokens WRITE");
&::SendSQL("DELETE FROM tokens
- WHERE TO_DAYS(NOW()) - TO_DAYS(issuedate) >= 3");
+ WHERE TO_DAYS(NOW()) - TO_DAYS(issuedate) >= " . $maxtokenage);
&::SendSQL("UNLOCK TABLES");
}
#
# Contributor(s): John Vandenberg <zeroj@null.net>
#%]
+[% expiration_ts = token_ts + (max_token_age * 86400) %]
From: bugzilla-admin-daemon
To: [% emailaddress %]
Subject: Bugzilla Change Email Address Request
[% Param('urlbase') %]token.cgi?a=cxlem&t=[% token FILTER url_quote %]
+If you do nothing, the request will lapse after
+[%- max_token_age %] days ([% time2str("%H:%M on the %o of %B, %Y", expiration_ts) %]).
#
# Contributor(s): John Vandenberg <zeroj@null.net>
#%]
+[% expiration_ts = token_ts + (max_token_age * 86400) %]
From: bugzilla-admin-daemon
To: [% emailaddress %]
Subject: Bugzilla Change Email Address Request
[% Param('urlbase') %]token.cgi?a=cxlem&t=[% token FILTER url_quote %]
+If you do nothing, and [% newemailaddress %] confirms this request, the
+change will be made permanent after
+[%- max_token_age %] days ([% time2str("%H:%M on the %o of %B, %Y", expiration_ts) %]).
#
# Contributor(s): John Vandenberg <zeroj@null.net>
#%]
+[% expiration_ts = token_ts + (max_token_age * 86400) %]
From: bugzilla-admin-daemon
To: [% emailaddress %]
Subject: Bugzilla Change Password Request
[%+ Param('urlbase') %]token.cgi?a=cxlpw&t=[% token FILTER url_quote %]
+If you do nothing, the request will lapse after
+[%- max_token_age %] days
+([% time2str("%H:%M on the %o of %B, %Y", expiration_ts) -%]) or when you log in successfully.
projects / thirdparty / bugzilla.git / commitdiff
