Commit c7d7872d authored by Leigh Stoller's avatar Leigh Stoller

Add check for existing email address in use, when creating a new

account, and direct user to Forgot Username/Password page.

Changed the Forgot page to allow user to *either* reset password, or
just find out their username if that is what they forgot.
parent 7e50b223
......@@ -845,6 +845,21 @@ function TBCurrentUser($uid)
return mysql_num_rows($query_result);
}
#
# Check to see if an email is being used twice.
#
# usage TBCurrentEmail($email)
# returns 1 if a valid email for someone.
# returns 0 if no such email address used by anyone.
#
function TBCurrentEmail($email)
{
$query_result =
DBQueryFatal("SELECT uid FROM users WHERE usr_email='$email'");
return mysql_num_rows($query_result);
}
#
# Get user status,
#
......
......@@ -444,6 +444,16 @@ if (! $returning) {
elseif (! TBvalid_email($formfields[usr_email])) {
$errors["Email Address"] = TBFieldErrorString();
}
elseif (TBCurrentEmail($formfields[usr_email])) {
#
# Treat this error separate. Not allowed.
#
PAGEHEADER("Apply for Project Membership");
USERERROR("The email address '$formfields[usr_email]' is already in ".
"use by another user.<br>Perhaps you have ".
"<a href='password.php3?email=$formfields[usr_email]'>".
"forgotten your username.</a>", 1);
}
if (isset($formfields[usr_URL]) &&
strcmp($formfields[usr_URL], "") &&
strcmp($formfields[usr_URL], $HTTPTAG) &&
......
......@@ -599,6 +599,16 @@ if (! $returning) {
elseif (! TBvalid_email($formfields[usr_email])) {
$errors["Email Address"] = TBFieldErrorString();
}
elseif (TBCurrentEmail($formfields[usr_email])) {
#
# Treat this error separate. Not allowed.
#
PAGEHEADER("Start a New Testbed Project");
USERERROR("The email address '$formfields[usr_email]' is already in ".
"use by another user.<br>Perhaps you have ".
"<a href='password.php3?email=$formfields[usr_email]'>".
"forgotten your username.</a>", 1);
}
if (isset($formfields[usr_URL]) &&
strcmp($formfields[usr_URL], "") &&
strcmp($formfields[usr_URL], $HTTPTAG) &&
......
......@@ -14,8 +14,10 @@ if (isset($_REQUEST['simple'])) {
# Form arguments.
$reset = $_POST['reset'];
$email = $_POST['email'];
$phone = $_POST['phone'];
# Might come from URL
$email = $_REQUEST['email'];
$phone = $_REQUEST['phone'];
#
# Turn off some of the decorations and menus for the simple view
......@@ -29,7 +31,7 @@ if ($simple) {
# Must use https!
if (!isset($SSL_PROTOCOL)) {
PAGEHEADER("Forgot Your Password?", $view);
PAGEHEADER("Forgot Your Username or Password?", $view);
USERERROR("Must use https:// to access this page!", 1);
}
......@@ -38,7 +40,7 @@ if (!isset($SSL_PROTOCOL)) {
#
if (($known_uid = GETUID()) != FALSE) {
if (CHECKLOGIN($known_uid) & CHECKLOGIN_LOGGEDIN) {
PAGEHEADER("Forgot Your Password?", $view);
PAGEHEADER("Forgot Your Username or Password?", $view);
echo "<h3>
You are logged in. You must already know your password!
......@@ -56,12 +58,13 @@ function SPITFORM($email, $phone, $failed, $simple, $view)
{
global $TBBASE;
PAGEHEADER("Forgot Your Password?", $view);
PAGEHEADER("Forgot Your Username or Password?", $view);
if ($failed) {
echo "<center>
<font size=+1 color=red>
The email/phone ($failed) you provided does not match. Please try again.
The email/phone you provided does not match.
Please try again.
</font>
</center><br>\n";
}
......@@ -90,7 +93,10 @@ function SPITFORM($email, $phone, $failed, $simple, $view)
<tr>
<td align=center colspan=2>
<b><input type=submit value=\"Reset Password\"
name=reset></b></td>
name=reset></b>
<b><input type=submit value=\"Mail my Username\"
name=tellme></b>
</td>
</tr>\n";
if ($simple) {
......@@ -114,8 +120,13 @@ function SPITFORM($email, $phone, $failed, $simple, $view)
#
# If not clicked, then put up a form.
#
if (! isset($reset)) {
SPITFORM("", "", 0, $simple, $view);
if (!isset($reset) && !isset($tellme)) {
if (!isset($email))
$email = "";
if (!isset($phone))
$phone = "";
SPITFORM($email, $phone, 0, $simple, $view);
return;
}
......@@ -150,6 +161,36 @@ if (preg_replace("/[^0-9]/", "", $phone) !=
return;
}
TBUserInfo($uid, $uid_name, $uid_email);
#
# If just telling the user his account uid, send it and be done.
#
if (isset($tellme)) {
PAGEHEADER("Forgot Your Username?", $view);
TBMAIL("$uid_name <$uid_email>",
"Login ID requested by '$uid'",
"\n".
"Your Emulab login ID is '$uid'. Please use this ID when logging\n".
"in at ${TBBASE}.\n".
"\n".
"The request originated from IP: " . $_SERVER['REMOTE_ADDR'] . "\n".
"\n".
"Thanks,\n".
"Testbed Operations\n",
"From: $TBMAIL_OPS\n".
"Bcc: $TBMAIL_AUDIT\n".
"Errors-To: $TBMAIL_WWW");
echo "<br>
An email message has been sent to your account. In it you will find
your login ID.\n";
PAGEFOOTER();
exit(0);
}
#
# Yep. Generate a random key and send the user an email message with a URL
# that will allow them to change their password.
......@@ -163,15 +204,13 @@ setcookie($TBAUTHCOOKIE, $keyA, 0, "/",
$TBAUTHDOMAIN, $TBSECURECOOKIES);
# It is okay to spit this now that we have sent the cookie.
PAGEHEADER("Forgot Your Password?", $view);
PAGEHEADER("Forgot Your Username or Password?", $view);
DBQueryFatal("update users set ".
" chpasswd_key='$key', ".
" chpasswd_expires=UNIX_TIMESTAMP(now())+(60*30) ".
"where uid='$uid'");
TBUserInfo($uid, $uid_name, $uid_email);
TBMAIL("$uid_name <$uid_email>",
"Password Reset requested by '$uid'",
"\n".
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment