Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

- Patch #481794 by mr.baileys: made the one-time link be active immediately so we can remove a hack from the tests.

merge-requests/26/head
Dries Buytaert 2009-06-05 09:26:06 +00:00
parent a892004663
commit 5feda4e2a8
2 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
modules/user/user.pages.inc
View File

@ -89,13 +89,13 @@ function user_pass_reset(&$form_state, $uid, $timestamp, $hashed_pass, $action =
$current = REQUEST_TIME; $current = REQUEST_TIME;
// Some redundant checks for extra security ? // Some redundant checks for extra security ?
$users = user_load_multiple(array($uid), array('status' => '1')); $users = user_load_multiple(array($uid), array('status' => '1'));
if ($timestamp < $current && $account = reset($users)) { if ($timestamp <= $current && $account = reset($users)) {
// No time out for first time login. // No time out for first time login.
if ($account->login && $current - $timestamp > $timeout) { if ($account->login && $current - $timestamp > $timeout) {
drupal_set_message(t('You have tried to use a one-time login link that has expired. Please request a new one using the form below.')); drupal_set_message(t('You have tried to use a one-time login link that has expired. Please request a new one using the form below.'));
drupal_goto('user/password'); drupal_goto('user/password');
} }
elseif ($account->uid && $timestamp > $account->login && $timestamp < $current && $hashed_pass == user_pass_rehash($account->pass, $timestamp, $account->login)) { elseif ($account->uid && $timestamp >= $account->login && $timestamp <= $current && $hashed_pass == user_pass_rehash($account->pass, $timestamp, $account->login)) {
// First stage is a confirmation form, then login // First stage is a confirmation form, then login
if ($action == 'login') { if ($action == 'login') {
watchdog('user', 'User %name used one-time login link at time %timestamp.', array('%name' => $account->name, '%timestamp' => $timestamp)); watchdog('user', 'User %name used one-time login link at time %timestamp.', array('%name' => $account->name, '%timestamp' => $timestamp));

1
modules/user/user.test
View File

@ -57,7 +57,6 @@ class UserRegistrationTestCase extends DrupalWebTestCase {
// Login using password reset page. // Login using password reset page.
$url = user_pass_reset_url($user); $url = user_pass_reset_url($user);
sleep(1); // TODO Find better way.
$this->drupalGet($url); $this->drupalGet($url);
$this->assertText(t('This login can be used only once.'), t('Login can be used only once.')); $this->assertText(t('This login can be used only once.'), t('Login can be used only once.'));