use Bugzilla::Config;
use Bugzilla::Constants;
-use Bugzilla::User qw(insert_new_user);
+use Bugzilla::User;
use Net::LDAP;
use Bugzilla::Auth;
use base qw(Exporter);
-@Bugzilla::User::EXPORT_OK = qw(insert_new_user);
+@Bugzilla::User::EXPORT = qw(insert_new_user is_available_username);
################################################################################
# Functions
return $password;
}
+sub is_available_username ($;$) {
+ my ($username, $old_username) = @_;
+
+ if(&::DBname_to_id($username) != 0) {
+ return 0;
+ }
+
+ my $dbh = Bugzilla->dbh;
+ # $username is safe because it is only used in SELECT placeholders.
+ trick_taint($username);
+ # Reject if the new login is part of an email change which is
+ # still in progress
+ #
+ # substring/locate stuff: bug 165221; this used to use regexes, but that
+ # was unsafe and required weird escaping; using substring to pull out
+ # the new/old email addresses and locate() to find the delimeter (':')
+ # is cleaner/safer
+ my $sth = $dbh->prepare(
+ "SELECT eventdata FROM tokens WHERE tokentype = 'emailold'
+ AND SUBSTRING(eventdata, 1, (LOCATE(':', eventdata) - 1)) = ?
+ OR SUBSTRING(eventdata, (LOCATE(':', eventdata) + 1)) = ?");
+ $sth->execute($username, $username);
+
+ if (my ($eventdata) = $sth->fetchrow_array()) {
+ # Allow thru owner of token
+ if($old_username && ($eventdata eq "$old_username:$username")) {
+ return 1;
+ }
+ return 0;
+ }
+
+ return 1;
+}
+
1;
__END__
Returns: The password that we randomly generated for this user, in plain text.
+=item C<is_available_username>
+
+Returns a boolean indicating whether or not the supplied username is
+already taken in Bugzilla.
+
+Params: $username (scalar, string) - The full login name of the username
+ that you are checking.
+ $old_username (scalar, string) - If you are checking an email-change
+ token, insert the "old" username that the user is changing from,
+ here. Then, as long as it's the right user for that token, he
+ can change his username to $username. (That is, this function
+ will return a boolean true value).
+
=back
=head1 SEE ALSO
require "CGI.pl";
-use Bugzilla::User qw(insert_new_user);
+use Bugzilla::User;
# Shut up misguided -w warnings about "used only once":
use vars qw(
CheckEmailSyntax($login);
$vars->{'login'} = $login;
- if (!ValidateNewUser($login)) {
+ if (!is_available_username($login)) {
# Account already exists
$template->process("account/exists.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
PutTrailer($localtrailer);
exit;
}
- if (!ValidateNewUser($user)) {
+ if (!is_available_username($user)) {
print "The user '$user' does already exist. Please press\n";
print "<b>Back</b> and try again.\n";
PutTrailer($localtrailer);
$::VersionTableLoaded = 1;
}
-# Validates a given username as a new username
-# returns 1 if valid, 0 if invalid
-sub ValidateNewUser {
- my ($username, $old_username) = @_;
-
- if(DBname_to_id($username) != 0) {
- return 0;
- }
-
- my $sqluname = SqlQuote($username);
-
- # Reject if the new login is part of an email change which is
- # still in progress
- #
- # substring/locate stuff: bug 165221; this used to use regexes, but that
- # was unsafe and required weird escaping; using substring to pull out
- # the new/old email addresses and locate() to find the delimeter (':')
- # is cleaner/safer
- SendSQL("SELECT eventdata FROM tokens WHERE tokentype = 'emailold'
- AND SUBSTRING(eventdata, 1, (LOCATE(':', eventdata) - 1)) = $sqluname
- OR SUBSTRING(eventdata, (LOCATE(':', eventdata) + 1)) = $sqluname");
-
- if (my ($eventdata) = FetchSQLData()) {
- # Allow thru owner of token
- if($old_username && ($eventdata eq "$old_username:$username")) {
- return 1;
- }
- return 0;
- }
-
- return 1;
-}
-
sub GenerateRandomPassword {
my $size = (shift or 10); # default to 10 chars if nothing specified
return join("", map{ ('0'..'9','a'..'z','A'..'Z')[rand 62] } (1..$size));
}
# The new email address should be available as this was
# confirmed initially so cancel token if it is not still available
- if (! ValidateNewUser($new_email,$old_email)) {
+ if (! is_available_username($new_email,$old_email)) {
$vars->{'email'} = $new_email; # Needed for Bugzilla::Token::Cancel's mail
Bugzilla::Token::Cancel($::token,"account_exists");
ThrowUserError("account_exists", { email => $new_email } );
use Bugzilla::Constants;
use Bugzilla::Search;
use Bugzilla::Auth;
+use Bugzilla::User;
require "CGI.pl";
# Before changing an email address, confirm one does not exist.
CheckEmailSyntax($new_login_name);
trick_taint($new_login_name);
- ValidateNewUser($new_login_name)
+ is_available_username($new_login_name)
|| ThrowUserError("account_exists", {email => $new_login_name});
Bugzilla::Token::IssueEmailChangeToken($userid,$old_login_name,
projects / thirdparty / bugzilla.git / commitdiff
