X-Git-Url: https://git.plutz.net/?p=cgilite;a=blobdiff_plain;f=users.sh;h=1959e9de4b757084fad3d850b1b7b771517cb3c3;hp=20a58abf0f7e3da1da69602af9ec192ffa76c82d;hb=HEAD;hpb=8fd595c09a5a2984ab43789cc03a0173330c5443

diff --git a/users.sh b/users.sh
index 20a58ab..32299ff 100755
--- a/users.sh
+++ b/users.sh
@@ -1,10 +1,24 @@
 #!/bin/sh
 
+# Copyright 2021 - 2024 Paul Hänsch
+# 
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+# 
+# THE SOFTWARE IS PROVIDED “AS IS” AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+# SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
+# IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
 [ -n "$include_users" ] && return 0
 include_users="$0"
 
-. "${_EXEC}/cgilite/session.sh"
-. "${_EXEC}/cgilite/storage.sh"
+. "${_EXEC:-.}/cgilite/session.sh"
+. "${_EXEC:-.}/cgilite/storage.sh"
 
 SENDMAIL=${SENDMAIL-sendmail}
 
@@ -15,9 +29,8 @@ USER_ACCOUNTPAGE="${USER_ACCOUNTPAGE}"
 USER_ACCOUNTEXPIRE="${USER_ACCOUNTEXPIRE:-$((86400 * 730))}"
 USER_CONFIRMEXPIRE="${USER_CONFIRMEXPIRE:-86400}"
 
-MAILFROM="${MAILDOMAIN-noreply@${HTTP_HOST%:*}}"
-
 HTTP_HOST="$(HEADER Host)"
+MAILFROM="noreply@${HTTP_HOST%:*}"
 
 [ "$HTTPS" ] && SCHEMA=https || SCHEMA=http
 
@@ -260,7 +273,7 @@ user_register(){
   fi
 
   if   [ "$USER_REQUIREEMAIL" = true ]; then
-    if [ ! "email" ]; then
+    if [ ! "$email" ]; then
       REDIRECT "${_BASE}${PATH_INFO}#ERROR_EMAIL_INVALID"
     elif user_emailexist "$email"; then
       REDIRECT "${_BASE}${PATH_INFO}#ERROR_EMAIL_EXISTS"
@@ -328,7 +341,7 @@ user_invite(){
   local email="$(POST email |user_checkemail)"
   local message="$(POST message)"
 
-  if [ ! "email" ]; then
+  if [ ! "$email" ]; then
     REDIRECT "${_BASE}${PATH_INFO}#ERROR_EMAIL_INVALID"
   elif user_emailexist "$email"; then
     REDIRECT "${_BASE}${PATH_INFO}#ERROR_EMAIL_EXISTS"
@@ -415,7 +428,7 @@ user_update(){
 
         uid="$(POST uid)"
       oldpw="$(POST oldpw)"
-         pw="$(POST pw |grep -xE '.{6}')"
+         pw="$(POST pw |grep -m1 -xE '.{6,}')"
   pwconfirm="$(POST pwconfirm)"
 
 
@@ -428,7 +441,7 @@ user_update(){
       update_user "${uid}" password="$pw"
       REDIRECT "${_BASE}${PATH_INFO}#UPDATE_SUCCESS"
     else
-      REDIRECT "${_BASE}${PATH_INFO}#ERROR_PWMISMATCH"
+      REDIRECT "${_BASE}${PATH_INFO}#ERROR_PW_MISMATCH"
     fi
   elif [ "$UID_" = "$USER_ID" ]; then
     REDIRECT "${_BASE}${PATH_INFO}#ERROR_INVALID_AUTH_PASSWORD"
@@ -608,7 +621,7 @@ w_user_invite(){
 
   if [ "$(GET user_confirm)" ]; then
     w_user_confirm
-  elif [ "$USER_ID" -a "$SENDMAIL" ]; then
+  elif [ "$USER_ID" -a "$USER_REQUIREEMAIL" = true ]; then
     w_user_invite_email
   elif [ "$USER_ID" ]; then
     uid="$(timeid)"
@@ -624,7 +637,7 @@ w_user_invite(){
 w_user_login_logon(){  # TRANSLATION
   cat <<-EOF
 	[form #user_login .login method=POST
-	  [input name=uname placeholder="Username or Email" autocomplete=off]
+	  [input name=uname placeholder="Username or Email"]
 	  [input type=password name=pw placeholder="Passphrase"]
 	  [submit "action" "user_login" Login]
 	]