diff options
author | Yorhel <git@yorhel.nl> | 2019-10-03 17:33:33 +0200 |
---|---|---|
committer | Yorhel <git@yorhel.nl> | 2019-10-03 17:33:35 +0200 |
commit | 3f7769d2ba4047e8766e511b7a42c7aa4721f6f8 (patch) | |
tree | fb3263931645793e280f30e1bce0271281b496b6 /lib/VNWeb/Auth.pm | |
parent | 0965af5fd74cf53503bb7ae0262d31c25f894385 (diff) |
Require email confirmation when changing email address
This ensures that the email address linked to a user is always valid and
actually belong(s|ed) to that user.
Diffstat (limited to 'lib/VNWeb/Auth.pm')
-rw-r--r-- | lib/VNWeb/Auth.pm | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/lib/VNWeb/Auth.pm b/lib/VNWeb/Auth.pm index 0b43074a..7143f203 100644 --- a/lib/VNWeb/Auth.pm +++ b/lib/VNWeb/Auth.pm @@ -238,13 +238,17 @@ sub setpass { } -# Change a users' password, requires that the current logged in user is an admin. -sub admin_setpass { - my($self, $uid, $pass) = @_; - my $encpass = $self->_preparepass($pass); - tuwf->dbVali(select => - sql_func user_admin_setpass => \$uid, \$self->{uid}, sql_fromhex($self->{token}), sql_fromhex($encpass) - ) +sub setmail_token { + my($self, $mail) = @_; + my $token = unpack 'H*', urandom(20); + tuwf->dbExeci(select => sql_func user_setmail_token => \$self->uid, sql_fromhex($self->token), sql_fromhex(sha1_hex lc $token), \$mail); + $token; +} + + +sub setmail_confirm { + my(undef, $uid, $token) = @_; + tuwf->dbVali(select => sql_func user_setmail_confirm => \$uid, sql_fromhex sha1_hex lc $token); } |