# Figure out who this link should belong too.
The problem with this, is that it's trying to do this after the fact, then if no USER is logged in, use the Contact_Email as the Username and Contact_Name as the name, with a random password.
I don't want to go into the problems with that, but let's say a user has not logged in, but has a user ID? IF they try to reuse it, I haven't traced out the logic, but it doesn't seem to trap that properly, because it doesn't do an "auth" to ask for the password.
It would be much, much better if you checked for log-on BEFORE any of this process, rather than try to autocreate it afterwards.
At the top of the file:
Code:
if ($CFG->{user_required} and ! $USER) { print $IN->redirect( Links::redirect_login_url ('add') );
return;
}
If the user is logged in, $input->{'LinkOwner'} = $USER->{'Username'}
If the user is not logged in, the program tries to create some values, then insert them into a user record:
$user_db->insert ( { Username => $email, Name => $name, Email => $email, Status => 'Registered', Password => $pass })
or return { error => "Unable to create a new user: $GT::SQL::error" };
I don't like this behaviour, since not only do you have bogus links, but if you delete the link, you now have all sorts of bogus users.
Alex will hopefully address this next week :)
See what happens if:
Code:
# Figure out who this link should belong too. my ($username);
if (! defined $USER) {
my $name = $input->{'Contact_Name'} || $input->{'Contact Name'};
my $email = $input->{'Contact_Email'} || $input->{'Contact Email'};
my $user_db = $DB->table ('Users');
my $sth = $user_db->select ( { Email => $email }, ['Username'] );
if ($sth->rows) {
$username = $sth->fetchrow_array;
}
else {
my $pass = $user_db->random_pass;
$user_db->insert ( { Username => $email, Name => $name, Email => $email, Status => 'Registered', Password => $pass })
or return { error => "Unable to create a new user: $GT::SQL::error" };
$username = $email;
}
}
else {
$username = $USER->{Username};
}
$input->{LinkOwner} = $username;
($USER->{'Username'}) ? ($input->{'LinkOwner'} = $USER->{'Username'}) : $input->{'LinkOwner'} = 'Anon';
PUGDOGŪ
PUGDOGŪ Enterprises, Inc.
FAQ: http://pugdog.com/FAQ