From 7b26438a583b5d9559bd67e22511ff67812feadb Mon Sep 17 00:00:00 2001
From: Jeff Zaroyko <jeffzaroyko@gmail.com>
Date: Mon, 16 Jun 2008 12:57:55 +1000
Subject: [PATCH] change the registration process to email a random password
 due to recent abuse

---
 account.php          | 20 ++++----------------
 include/form_new.php |  8 --------
 include/user.php     |  1 +
 3 files changed, 5 insertions(+), 24 deletions(-)

diff --git a/account.php b/account.php
index 3538b75..1ecff46 100644
--- a/account.php
+++ b/account.php
@@ -96,16 +96,6 @@ function cmd_do_new()
         retry("new", "Invalid email address");
         return;
     }
-    if(strlen($aClean['sUserPassword']) < 5)
-    {
-        retry("new", "Password must be at least 5 characters");
-        return;
-    }
-    if($aClean['sUserPassword'] != $aClean['sUserPassword2'])
-    {
-        retry("new", "Passwords don't match");
-        return;
-    }
     if(empty($aClean['sUserRealname']))
     {
         retry("new", "You don't have a Real name?");
@@ -113,16 +103,14 @@ function cmd_do_new()
     }
    
     $oUser = new User();
-
-    $iResult = $oUser->create($aClean['sUserEmail'], $aClean['sUserPassword'],
+    $sPassword =  substr(base_convert(rand(0, PHP_INT_MAX),10, 36), 0, 9);
+    $iResult = $oUser->create($aClean['sUserEmail'], $sPassword,
                               $aClean['sUserRealname'], $aClean['sWineRelease'] );
 
     if($iResult == SUCCESS)
     {
-        /* if we can log the user in, log them in automatically */
-        $oUser->login($aClean['sUserEmail'], $aClean['sUserPassword']);
-
-        addmsg("Account created! (".$aClean['sUserEmail'].")", "green");
+        mail_appdb($oUser->sEmail, "New account", "Your password is ".$sPassword);
+        addmsg("Account created! Check your email for your password. (".$aClean['sUserEmail'].")", "green");
         util_redirect_and_exit(apidb_fullurl());
     }
     else if($iResult == USER_CREATE_EXISTS)
diff --git a/include/form_new.php b/include/form_new.php
index 62c3e8d..560b4bd 100644
--- a/include/form_new.php
+++ b/include/form_new.php
@@ -16,14 +16,6 @@ echo html_frame_start("Create New Application DB Account","400","",0)
         <td class=color1> E-mail </td>
         <td class=color0> <input type="text" name="sUserEmail" value='<?php if(!empty($aClean['sUserEmail'])) echo $aClean['sUserEmail']?>'> </td>
     </tr>
-    <tr>
-        <td class=color1> Password </td>
-        <td class=color0> <input type="password" name="sUserPassword"> </td>
-    </tr>
-    <tr>
-        <td class=color1> Password (again) </td>
-        <td class=color0> <input type="password" name="sUserPassword2"> </td>
-    </tr>
     <tr>
         <td class=color1> Real Name </td>
         <td class=color0> <input type="text" name="sUserRealname" value='<?php if(!empty($aClean['sUserRealname'])) echo $aClean['sUserRealname']?>'> </td>
diff --git a/include/user.php b/include/user.php
index af15196..20c6b1b 100644
--- a/include/user.php
+++ b/include/user.php
@@ -173,6 +173,7 @@ class User {
             $retval = $this->login($sEmail, $sPassword);
             if($retval == SUCCESS)
                 $this->setPref("comments:mode", "threaded"); /* set the users default comments:mode to threaded */
+            $this->logout();
 
             return $retval;
         }