From 52be41186f7d76ceab42b077af5d23a30064edd6 Mon Sep 17 00:00:00 2001 From: Loic d'Anterroches Date: Mon, 15 Feb 2010 22:40:34 +0100 Subject: [PATCH] Correctly request an account confirmation when trying to recover the password of a not yet activated account. --- src/IDF/Form/Password.php | 62 +++++++++++++++++++++++++++------------ src/IDF/Form/Register.php | 9 ++++-- src/IDF/Views.php | 5 ++-- 3 files changed, 53 insertions(+), 23 deletions(-) diff --git a/src/IDF/Form/Password.php b/src/IDF/Form/Password.php index 7792ab5..795a539 100644 --- a/src/IDF/Form/Password.php +++ b/src/IDF/Form/Password.php @@ -42,14 +42,27 @@ class IDF_Form_Password extends Pluf_Form public function clean_account() { $account = mb_strtolower(trim($this->cleaned_data['account'])); - $db =& Pluf::db(); - $true = Pluf_DB_BooleanToDb(true, $db); - $sql = new Pluf_SQL('(email=%s OR login=%s) AND active='.$true, + $sql = new Pluf_SQL('email=%s OR login=%s', array($account, $account)); $users = Pluf::factory('Pluf_User')->getList(array('filter'=>$sql->gen())); if ($users->count() == 0) { throw new Pluf_Form_Invalid(__('Sorry, we cannot find a user with this email address or login. Feel free to try again.')); } + $ok = false; + foreach ($users as $user) { + if ($user->active) { + $ok = true; + continue; + } + if (!$user->active and $user->first_name == '---') { + $ok = true; + continue; + } + $ok = false; // This ensures an all or nothing ok. + } + if (!$ok) { + throw new Pluf_Form_Invalid(__('Sorry, we cannot find a user with this email address or login. Feel free to try again.')); + } return $account; } @@ -66,23 +79,34 @@ class IDF_Form_Password extends Pluf_Form $sql = new Pluf_SQL('email=%s OR login=%s', array($account, $account)); $users = Pluf::factory('Pluf_User')->getList(array('filter'=>$sql->gen())); + + $return_url = ''; foreach ($users as $user) { - $tmpl = new Pluf_Template('idf/user/passrecovery-email.txt'); - $cr = new Pluf_Crypt(md5(Pluf::f('secret_key'))); - $code = trim($cr->encrypt($user->email.':'.$user->id.':'.time()), - '~'); - $code = substr(md5(Pluf::f('secret_key').$code), 0, 2).$code; - $url = Pluf::f('url_base').Pluf_HTTP_URL_urlForView('IDF_Views::passwordRecovery', array($code), array(), false); - $urlic = Pluf::f('url_base').Pluf_HTTP_URL_urlForView('IDF_Views::passwordRecoveryInputCode', array(), array(), false); - $context = new Pluf_Template_Context(array('url' => Pluf_Template::markSafe($url), - 'urlik' => Pluf_Template::markSafe($urlic), - 'user' => Pluf_Template::markSafe($user), - 'key' => Pluf_Template::markSafe($code))); - $email = new Pluf_Mail(Pluf::f('from_email'), $user->email, - __('Password Recovery - InDefero')); - $email->setReturnPath(Pluf::f('bounce_email', Pluf::f('from_email'))); - $email->addTextMessage($tmpl->render($context)); - $email->sendMail(); + if ($user->active) { + $return_url = Pluf_HTTP_URL_urlForView('IDF_Views::passwordRecoveryInputCode'); + $tmpl = new Pluf_Template('idf/user/passrecovery-email.txt'); + $cr = new Pluf_Crypt(md5(Pluf::f('secret_key'))); + $code = trim($cr->encrypt($user->email.':'.$user->id.':'.time()), + '~'); + $code = substr(md5(Pluf::f('secret_key').$code), 0, 2).$code; + $url = Pluf::f('url_base').Pluf_HTTP_URL_urlForView('IDF_Views::passwordRecovery', array($code), array(), false); + $urlic = Pluf::f('url_base').Pluf_HTTP_URL_urlForView('IDF_Views::passwordRecoveryInputCode', array(), array(), false); + $context = new Pluf_Template_Context( + array('url' => Pluf_Template::markSafe($url), + 'urlik' => Pluf_Template::markSafe($urlic), + 'user' => Pluf_Template::markSafe($user), + 'key' => Pluf_Template::markSafe($code))); + $email = new Pluf_Mail(Pluf::f('from_email'), $user->email, + __('Password Recovery - InDefero')); + $email->setReturnPath(Pluf::f('bounce_email', Pluf::f('from_email'))); + $email->addTextMessage($tmpl->render($context)); + $email->sendMail(); + } + if (!$user->active and $user->first_name == '---') { + $return_url = Pluf_HTTP_URL_urlForView('IDF_Views::registerInputKey'); + IDF_Form_Register::sendVerificationEmail($user); + } } + return $return_url; } } diff --git a/src/IDF/Form/Register.php b/src/IDF/Form/Register.php index b02f689..752deb4 100644 --- a/src/IDF/Form/Register.php +++ b/src/IDF/Form/Register.php @@ -124,8 +124,14 @@ class IDF_Form_Register extends Pluf_Form $user->language = $this->request->language_code; $user->active = false; $user->create(); - $from_email = Pluf::f('from_email'); + self::sendVerificationEmail($user); + return $user; + } + + public static function sendVerificationEmail($user) + { Pluf::loadFunction('Pluf_HTTP_URL_urlForView'); + $from_email = Pluf::f('from_email'); $cr = new Pluf_Crypt(md5(Pluf::f('secret_key'))); $encrypted = trim($cr->encrypt($user->email.':'.$user->id), '~'); $key = substr(md5(Pluf::f('secret_key').$encrypted), 0, 2).$encrypted; @@ -144,6 +150,5 @@ class IDF_Form_Register extends Pluf_Form __('Confirm the creation of your account.')); $email->addTextMessage($text_email); $email->sendMail(); - return $user; } } diff --git a/src/IDF/Views.php b/src/IDF/Views.php index 03d8680..03ae86a 100644 --- a/src/IDF/Views.php +++ b/src/IDF/Views.php @@ -183,6 +183,8 @@ class IDF_Views * email is available in the database, send an email with a key to * reset the password. * + * If the user is not yet confirmed, send the confirmation key one + * more time. */ function passwordRecoveryAsk($request, $match) { @@ -190,8 +192,7 @@ class IDF_Views if ($request->method == 'POST') { $form = new IDF_Form_Password($request->POST); if ($form->isValid()) { - $form->save(); - $url = Pluf_HTTP_URL_urlForView('IDF_Views::passwordRecoveryInputCode'); + $url = $form->save(); return new Pluf_HTTP_Response_Redirect($url); } } else {