gecko-dev/webtools/bugzilla/changepassword.cgi

#!/usr/bonsaitools/bin/perl -w
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public License
# Version 1.0 (the "License"); you may not use this file except in
# compliance with the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
# 
# Software distributed under the License is distributed on an "AS IS"
# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
# License for the specific language governing rights and limitations
# under the License.
# 
# The Original Code is the Bugzilla Bug Tracking System.
# 
# The Initial Developer of the Original Code is Netscape Communications
# Corporation. Portions created by Netscape are Copyright (C) 1998
# Netscape Communications Corporation. All Rights Reserved.
# 
# Contributor(s): Terry Weissman <terry@mozilla.org>

require "CGI.pl";

confirm_login();

print "Content-type: text/html\n\n";

if (! defined $::FORM{'pwd1'}) {
    PutHeader("Preferences", "Change your password and<br>other preferences",
              $::COOKIE{'Bugzilla_login'});

    my $qacontactpart = "";
    if (Param('useqacontact')) {
        $qacontactpart = ", the current QA Contact";
    }
    my $loginname = SqlQuote($::COOKIE{'Bugzilla_login'});
    SendSQL("select emailnotification,realname from profiles where login_name = " .
            $loginname);
    my ($emailnotification, $realname) = (FetchSQLData());
    $realname = value_quote($realname);
    print qq{
<form method=post>
<hr>
<table>
<tr>
<td align=right>Please enter the new password for <b>$::COOKIE{'Bugzilla_login'}</b>:</td>
<td><input type=password name="pwd1"></td>
</tr>
<tr>
<td align=right>Re-enter your new password:</td>
<td><input type=password name="pwd2"></td>
</tr>
<tr>
<td align=right>Your real name (optional):</td>
<td><input size=35 name=realname value="$realname"></td>
</tr>
</table>
<hr>
<table>
<tr>
<td align=right>Bugzilla will send out email notification of changed bugs to 
the current owner, the submitter of the bug$qacontactpart, and anyone on the
CC list.  However, you can suppress some of those email notifications.
On which of these bugs would you like email notification of changes?</td>
<td><SELECT NAME="emailnotification">
};
    foreach my $i (["ExcludeSelfChanges", "All qualifying bugs except those which I change"],
                   ["CConly", "Only those bugs which I am listed on the CC line"],
                   ["All", "All qualifying bugs"]) {
        my ($tag, $desc) = (@$i);
        my $selectpart = "";
        if ($tag eq $emailnotification) {
            $selectpart = " SELECTED";
        }
        print qq{<OPTION$selectpart VALUE="$tag">$desc\n};
    }
    print "
</SELECT>
</td>
</tr>
</table>
<hr>
<input type=submit value=Submit>
</form>
<hr>
<a href=\"showvotes.cgi\">Review your votes</a>
<hr>
";
    navigation_header();
    exit;
}

if ($::FORM{'pwd1'} ne $::FORM{'pwd2'}) {
    print "<H1>Try again.</H1>
The two passwords you entered did not match.  Please click <b>Back</b> and try again.\n";
    exit;
}


my $pwd = $::FORM{'pwd1'};


sub x {
    my $sc="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789./";
    return substr($sc, int (rand () * 100000) % (length ($sc) + 1), 1);
}

if ($pwd ne "") {
    if ($pwd !~ /^[a-zA-Z0-9-_]*$/ || length($pwd) < 3 || length($pwd) > 15) {
        print "<H1>Sorry; we're picky.</H1>
Please choose a password that is between 3 and 15 characters long, and that
contains only numbers, letters, hyphens, or underlines.
<p>
Please click <b>Back</b> and try again.\n";
        exit;
    }
    
    
# Generate a random salt.
    
    my $salt  = x() . x();
    
    my $encrypted = crypt($pwd, $salt);
    
    SendSQL("update profiles set password='$pwd',cryptpassword='$encrypted' where login_name=" .
            SqlQuote($::COOKIE{'Bugzilla_login'}));
    
    SendSQL("update logincookies set cryptpassword = '$encrypted' where cookie = $::COOKIE{'Bugzilla_logincookie'}");
}


SendSQL("update profiles set emailnotification='$::FORM{'emailnotification'}' where login_name = " .
        SqlQuote($::COOKIE{'Bugzilla_login'}));

my $newrealname = $::FORM{'realname'};

if ($newrealname ne "") {
    $newrealname = SqlQuote($newrealname);
    SendSQL("update profiles set realname=$newrealname where login_name = " .
            SqlQuote($::COOKIE{'Bugzilla_login'}));
}

PutHeader("Preferences updated.");
print "
Your preferences have been updated.
<p>";
navigation_header();
Everything has been ported to now run under Perl. 1998-09-15 21:49:26 +00:00			`#!/usr/bonsaitools/bin/perl -w`
			`# -- Mode: perl; indent-tabs-mode: nil --`
Bugzilla source. 1998-08-26 06:14:20 +00:00			`#`
			`# The contents of this file are subject to the Mozilla Public License`
			`# Version 1.0 (the "License"); you may not use this file except in`
			`# compliance with the License. You may obtain a copy of the License at`
			`# http://www.mozilla.org/MPL/`
			`#`
			`# Software distributed under the License is distributed on an "AS IS"`
			`# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the`
			`# License for the specific language governing rights and limitations`
			`# under the License.`
			`#`
			`# The Original Code is the Bugzilla Bug Tracking System.`
			`#`
			`# The Initial Developer of the Original Code is Netscape Communications`
			`# Corporation. Portions created by Netscape are Copyright (C) 1998`
			`# Netscape Communications Corporation. All Rights Reserved.`
			`#`
			`# Contributor(s): Terry Weissman <terry@mozilla.org>`

Everything has been ported to now run under Perl. 1998-09-15 21:49:26 +00:00			`require "CGI.pl";`
Bugzilla source. 1998-08-26 06:14:20 +00:00
Everything has been ported to now run under Perl. 1998-09-15 21:49:26 +00:00			`confirm_login();`

Added user preference controlling how much email they get. 1999-05-12 17:20:40 +00:00			`print "Content-type: text/html\n\n";`
Backed out Andrew's patch -- turns out it was doing quoting sublty wrong. 1998-11-20 19:18:37 +00:00
Added user preference controlling how much email they get. 1999-05-12 17:20:40 +00:00			`if (! defined $::FORM{'pwd1'}) {`
Minor formatting tweak. 1999-05-12 18:27:18 +00:00			`PutHeader("Preferences", "Change your password and<br>other preferences",`
Added user preference controlling how much email they get. 1999-05-12 17:20:40 +00:00			`$::COOKIE{'Bugzilla_login'});`

			`my $qacontactpart = "";`
			`if (Param('useqacontact')) {`
			`$qacontactpart = ", the current QA Contact";`
			`}`
Patch by Chris Baldwin <chris.baldwin@siara.com> -- allow optional entry of the user's realname. Note that nothing actually makes use of this info at present. 1999-08-19 00:06:01 +00:00			`my $loginname = SqlQuote($::COOKIE{'Bugzilla_login'});`
			`SendSQL("select emailnotification,realname from profiles where login_name = " .`
			`$loginname);`
			`my ($emailnotification, $realname) = (FetchSQLData());`
			`$realname = value_quote($realname);`
Added user preference controlling how much email they get. 1999-05-12 17:20:40 +00:00			`print qq{`
Backed out Andrew's patch -- turns out it was doing quoting sublty wrong. 1998-11-20 19:18:37 +00:00			`<form method=post>`
Added user preference controlling how much email they get. 1999-05-12 17:20:40 +00:00			`<hr>`
Bugzilla source. 1998-08-26 06:14:20 +00:00			`<table>`
			`<tr>`
Backed out Andrew's patch -- turns out it was doing quoting sublty wrong. 1998-11-20 19:18:37 +00:00			`<td align=right>Please enter the new password for <b>$::COOKIE{'Bugzilla_login'}</b>:</td>`
Added user preference controlling how much email they get. 1999-05-12 17:20:40 +00:00			`<td><input type=password name="pwd1"></td>`
Bugzilla source. 1998-08-26 06:14:20 +00:00			`</tr>`
			`<tr>`
Backed out Andrew's patch -- turns out it was doing quoting sublty wrong. 1998-11-20 19:18:37 +00:00			`<td align=right>Re-enter your new password:</td>`
Added user preference controlling how much email they get. 1999-05-12 17:20:40 +00:00			`<td><input type=password name="pwd2"></td>`
Patch by Chris Baldwin <chris.baldwin@siara.com> -- allow optional entry of the user's realname. Note that nothing actually makes use of this info at present. 1999-08-19 00:06:01 +00:00			`</tr>`
			`<tr>`
			`<td align=right>Your real name (optional):</td>`
			`<td><input size=35 name=realname value="$realname"></td>`
			`</tr>`
Added user preference controlling how much email they get. 1999-05-12 17:20:40 +00:00			`</table>`
			`<hr>`
			`<table>`
			`<tr>`
			`<td align=right>Bugzilla will send out email notification of changed bugs to`
			`the current owner, the submitter of the bug$qacontactpart, and anyone on the`
			`CC list. However, you can suppress some of those email notifications.`
			`On which of these bugs would you like email notification of changes?</td>`
			`<td><SELECT NAME="emailnotification">`
			`};`
			`foreach my $i (["ExcludeSelfChanges", "All qualifying bugs except those which I change"],`
			`["CConly", "Only those bugs which I am listed on the CC line"],`
			`["All", "All qualifying bugs"]) {`
			`my ($tag, $desc) = (@$i);`
			`my $selectpart = "";`
			`if ($tag eq $emailnotification) {`
			`$selectpart = " SELECTED";`
			`}`
			`print qq{<OPTION$selectpart VALUE="$tag">$desc\n};`
			`}`
			`print "`
			`</SELECT>`
			`</td>`
			`</tr>`
Bugzilla source. 1998-08-26 06:14:20 +00:00			`</table>`
Added user preference controlling how much email they get. 1999-05-12 17:20:40 +00:00			`<hr>`
			`<input type=submit value=Submit>`
Added a missing </form>. 1999-08-27 17:17:43 +00:00			`</form>`
Added user preference controlling how much email they get. 1999-05-12 17:20:40 +00:00			`<hr>`
Added the ability for users to "vote" on which bugs they think should be fixed. 1999-10-07 23:54:52 +00:00			`<a href=\"showvotes.cgi\">Review your votes</a>`
			`<hr>`
Added user preference controlling how much email they get. 1999-05-12 17:20:40 +00:00			`";`
			`navigation_header();`
Everything has been ported to now run under Perl. 1998-09-15 21:49:26 +00:00			`exit;`
Bugzilla source. 1998-08-26 06:14:20 +00:00			`}`

Everything has been ported to now run under Perl. 1998-09-15 21:49:26 +00:00			`if ($::FORM{'pwd1'} ne $::FORM{'pwd2'}) {`
Added user preference controlling how much email they get. 1999-05-12 17:20:40 +00:00			`print "<H1>Try again.</H1>`
Everything has been ported to now run under Perl. 1998-09-15 21:49:26 +00:00			`The two passwords you entered did not match. Please click <b>Back</b> and try again.\n";`
			`exit;`
Bugzilla source. 1998-08-26 06:14:20 +00:00			`}`


Everything has been ported to now run under Perl. 1998-09-15 21:49:26 +00:00			`my $pwd = $::FORM{'pwd1'};`
Bugzilla source. 1998-08-26 06:14:20 +00:00

Added user preference controlling how much email they get. 1999-05-12 17:20:40 +00:00			`sub x {`
			`my $sc="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789./";`
			`return substr($sc, int (rand () * 100000) % (length ($sc) + 1), 1);`
			`}`
Bugzilla source. 1998-08-26 06:14:20 +00:00
Added user preference controlling how much email they get. 1999-05-12 17:20:40 +00:00			`if ($pwd ne "") {`
			`if ($pwd !~ /^[a-zA-Z0-9-_]*$/ \|\| length($pwd) < 3 \|\| length($pwd) > 15) {`
			`print "<H1>Sorry; we're picky.</H1>`
Bugzilla source. 1998-08-26 06:14:20 +00:00			`Please choose a password that is between 3 and 15 characters long, and that`
			`contains only numbers, letters, hyphens, or underlines.`
			`<p>`
Everything has been ported to now run under Perl. 1998-09-15 21:49:26 +00:00			`Please click <b>Back</b> and try again.\n";`
Added user preference controlling how much email they get. 1999-05-12 17:20:40 +00:00			`exit;`
			`}`


Everything has been ported to now run under Perl. 1998-09-15 21:49:26 +00:00			`# Generate a random salt.`
Added user preference controlling how much email they get. 1999-05-12 17:20:40 +00:00
			`my $salt = x() . x();`

			`my $encrypted = crypt($pwd, $salt);`

			`SendSQL("update profiles set password='$pwd',cryptpassword='$encrypted' where login_name=" .`
			`SqlQuote($::COOKIE{'Bugzilla_login'}));`

			`SendSQL("update logincookies set cryptpassword = '$encrypted' where cookie = $::COOKIE{'Bugzilla_logincookie'}");`
Everything has been ported to now run under Perl. 1998-09-15 21:49:26 +00:00			`}`

Bugzilla source. 1998-08-26 06:14:20 +00:00
Added user preference controlling how much email they get. 1999-05-12 17:20:40 +00:00			`SendSQL("update profiles set emailnotification='$::FORM{'emailnotification'}' where login_name = " .`
Everything has been ported to now run under Perl. 1998-09-15 21:49:26 +00:00			`SqlQuote($::COOKIE{'Bugzilla_login'}));`
Changed the way password validation works. We now keep a crypt'd version of the password in the database, and check against that. (This is silly, because we're also keeping the plaintext version there, but I have plans...) Stop passing the plaintext password around as a cookie; instead, we have a cookie that references a record in a new database table, logincookies. IMPORTANT: if updating from an older version of Bugzilla, you must run the following commands to keep things working: ./makelogincookiestable.sh echo "alter table profiles add column cryptpassword varchar(64);" \| mysql bugs echo "update profiles set cryptpassword = encrypt(password,substring(rand(),3, 4));" \| mysql bugs 1998-09-02 18:54:54 +00:00
Patch by Chris Baldwin <chris.baldwin@siara.com> -- allow optional entry of the user's realname. Note that nothing actually makes use of this info at present. 1999-08-19 00:06:01 +00:00			`my $newrealname = $::FORM{'realname'};`

			`if ($newrealname ne "") {`
			`$newrealname = SqlQuote($newrealname);`
			`SendSQL("update profiles set realname=$newrealname where login_name = " .`
			`SqlQuote($::COOKIE{'Bugzilla_login'}));`
			`}`
Bugzilla source. 1998-08-26 06:14:20 +00:00
Added user preference controlling how much email they get. 1999-05-12 17:20:40 +00:00			`PutHeader("Preferences updated.");`
			`print "`
			`Your preferences have been updated.`
Assorted minor UI cleanups (mostly putting navigation headers in, and rewording "return to query page" for pages where that is not always true. Also add two options to the main index.html 1999-06-15 04:29:05 +00:00			`<p>";`
			`navigation_header();`