wamo/gnu-social
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixes for password recovery; lookups for unconfirmed addresses were failing or inconsistent (using staticGet with unindexed fields, which would not get decached correctly and could get confused if multiple pending confirmations of different types are around).

Browse Source 
Also uses updated email functions to include extra headers and ensure the proper address is used.
This commit is contained in:
Brion Vibber 2010-03-11 18:01:50 -08:00
parent a715271f84
commit b9e9030201
1 changed files with 20 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
actions/recoverpassword.php
View File

@ -262,10 +262,20 @@ class RecoverpasswordAction extends Action
# See if it's an unconfirmed email address # See if it's an unconfirmed email address
if (!$user) { if (!$user) {
$confirm_email = Confirm_address::staticGet('address', common_canonical_email($nore)); // Warning: it may actually be legit to have multiple folks
if ($confirm_email && $confirm_email->address_type == 'email') { // who have claimed, but not yet confirmed, the same address.
// We'll only send to the first one that comes up.
$confirm_email = new Confirm_address();
$confirm_email->address = common_canonical_email($nore);
$confirm_email->address_type = 'email';
$confirm_email->find();
if ($confirm_email->fetch()) {
$user = User::staticGet($confirm_email->user_id); $user = User::staticGet($confirm_email->user_id);
} else {
$confirm_email = null;
} }
} else {
$confirm_email = null;
} }
if (!$user) { if (!$user) {
@ -276,9 +286,11 @@ class RecoverpasswordAction extends Action
# Try to get an unconfirmed email address if they used a user name # Try to get an unconfirmed email address if they used a user name
if (!$user->email && !$confirm_email) { if (!$user->email && !$confirm_email) {
$confirm_email = Confirm_address::staticGet('user_id', $user->id); $confirm_email = new Confirm_address();
if ($confirm_email && $confirm_email->address_type != 'email') { $confirm_email->user_id = $user->id;
# Skip non-email confirmations $confirm_email->address_type = 'email';
$confirm_email->find();
if (!$confirm_email->fetch()) {
$confirm_email = null; $confirm_email = null;
} }
} }
@ -294,7 +306,7 @@ class RecoverpasswordAction extends Action
$confirm->code = common_confirmation_code(128); $confirm->code = common_confirmation_code(128);
$confirm->address_type = 'recover'; $confirm->address_type = 'recover';
$confirm->user_id = $user->id; $confirm->user_id = $user->id;
$confirm->address = (isset($user->email)) ? $user->email : $confirm_email->address; $confirm->address = (!empty($user->email)) ? $user->email : $confirm_email->address;
if (!$confirm->insert()) { if (!$confirm->insert()) {
common_log_db_error($confirm, 'INSERT', __FILE__); common_log_db_error($confirm, 'INSERT', __FILE__);
@ -319,7 +331,8 @@ class RecoverpasswordAction extends Action
$body .= common_config('site', 'name'); $body .= common_config('site', 'name');
$body .= "\n"; $body .= "\n";
mail_to_user($user, _('Password recovery requested'), $body, $confirm->address); $headers = _mail_prepare_headers('recoverpassword', $user->nickname, $user->nickname);
mail_to_user($user, _('Password recovery requested'), $body, $headers, $confirm->address);
$this->mode = 'sent'; $this->mode = 'sent';
$this->msg = _('Instructions for recovering your password ' . $this->msg = _('Instructions for recovering your password ' .