show better errors on bad codes

darcs-hash:20080624225556-34904-2f31fbe0944374892005ea88977736bda59729fa.gz
This commit is contained in:
Evan Prodromou 2008-06-24 18:55:56 -04:00
parent 77d9a12ef6
commit 9fe45d4158

View File

@ -19,6 +19,10 @@
if (!defined('LACONICA')) { exit(1); }
# You have 24 hours to claim your password
define(MAX_RECOVERY_TIME, 24 * 60 * 60);
class RecoverpasswordAction extends Action {
function handle($args) {
@ -44,22 +48,52 @@ class RecoverpasswordAction extends Action {
}
function check_code() {
$code = $this->trimmed('code');
$confirm = Confirm_address::staticGet($code);
if ($confirm && $confirm->address_type == 'recover') {
if (!$confirm) {
$this->client_error(_t('No such recovery code.'));
return;
}
if ($confirm->address_type != 'recover') {
$this->client_error(_t('Not a recovery code.'));
return;
}
$user = User::staticGet($confirm->user_id);
if ($user) {
if (!$user) {
$this->server_error(_t('Recovery code for unknown user.'));
return;
}
$touched = strtotime($confirm->modified);
# Burn this code
$result = $confirm->delete();
if (!$result) {
common_log_db_error($confirm, 'DELETE', __FILE__);
common_server_error(_t('Error with confirmation code.'));
return;
}
# These should be reaped, but for now we just check mod time
# Note: it's still deleted; let's avoid a second attempt!
if ((time() - $touched) > MAX_RECOVERY_TIME) {
$this->client_error(_t('This confirmation code is too old. ' .
'Please start again.'));
return;
}
# Success!
$this->set_temp_user($user);
$this->show_password_form();
}
}
}
function set_temp_user(&$user) {
common_ensure_session();
@ -97,7 +131,7 @@ class RecoverpasswordAction extends Action {
common_element('div', 'error', $msg);
} else {
common_element('div', 'instructions',
_t('You\ve been identified . Enter a ' .
_t('You\'ve been identified. Enter a ' .
' new password below. '));
}
}