Correctly request an account confirmation when trying to recover the password of a not yet activated account.
This commit is contained in:
Loic d'Anterroches
parent
96e8f4ae3c
commit
52be41186f
@ -42,14 +42,27 @@ class IDF_Form_Password extends Pluf_Form
|
|||||||
public function clean_account()
|
public function clean_account()
|
||||||
{
|
{
|
||||||
$account = mb_strtolower(trim($this->cleaned_data['account']));
|
$account = mb_strtolower(trim($this->cleaned_data['account']));
|
||||||
$db =& Pluf::db();
|
$sql = new Pluf_SQL('email=%s OR login=%s',
|
||||||
$true = Pluf_DB_BooleanToDb(true, $db);
|
|
||||||
$sql = new Pluf_SQL('(email=%s OR login=%s) AND active='.$true,
|
|
||||||
array($account, $account));
|
array($account, $account));
|
||||||
$users = Pluf::factory('Pluf_User')->getList(array('filter'=>$sql->gen()));
|
$users = Pluf::factory('Pluf_User')->getList(array('filter'=>$sql->gen()));
|
||||||
if ($users->count() == 0) {
|
if ($users->count() == 0) {
|
||||||
throw new Pluf_Form_Invalid(__('Sorry, we cannot find a user with this email address or login. Feel free to try again.'));
|
throw new Pluf_Form_Invalid(__('Sorry, we cannot find a user with this email address or login. Feel free to try again.'));
|
||||||
}
|
}
|
||||||
|
$ok = false;
|
||||||
|
foreach ($users as $user) {
|
||||||
|
if ($user->active) {
|
||||||
|
$ok = true;
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
if (!$user->active and $user->first_name == '---') {
|
||||||
|
$ok = true;
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
$ok = false; // This ensures an all or nothing ok.
|
||||||
|
}
|
||||||
|
if (!$ok) {
|
||||||
|
throw new Pluf_Form_Invalid(__('Sorry, we cannot find a user with this email address or login. Feel free to try again.'));
|
||||||
|
}
|
||||||
return $account;
|
return $account;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -66,7 +79,11 @@ class IDF_Form_Password extends Pluf_Form
|
|||||||
$sql = new Pluf_SQL('email=%s OR login=%s',
|
$sql = new Pluf_SQL('email=%s OR login=%s',
|
||||||
array($account, $account));
|
array($account, $account));
|
||||||
$users = Pluf::factory('Pluf_User')->getList(array('filter'=>$sql->gen()));
|
$users = Pluf::factory('Pluf_User')->getList(array('filter'=>$sql->gen()));
|
||||||
|
|
||||||
|
$return_url = '';
|
||||||
foreach ($users as $user) {
|
foreach ($users as $user) {
|
||||||
|
if ($user->active) {
|
||||||
|
$return_url = Pluf_HTTP_URL_urlForView('IDF_Views::passwordRecoveryInputCode');
|
||||||
$tmpl = new Pluf_Template('idf/user/passrecovery-email.txt');
|
$tmpl = new Pluf_Template('idf/user/passrecovery-email.txt');
|
||||||
$cr = new Pluf_Crypt(md5(Pluf::f('secret_key')));
|
$cr = new Pluf_Crypt(md5(Pluf::f('secret_key')));
|
||||||
$code = trim($cr->encrypt($user->email.':'.$user->id.':'.time()),
|
$code = trim($cr->encrypt($user->email.':'.$user->id.':'.time()),
|
||||||
@ -74,7 +91,8 @@ class IDF_Form_Password extends Pluf_Form
|
|||||||
$code = substr(md5(Pluf::f('secret_key').$code), 0, 2).$code;
|
$code = substr(md5(Pluf::f('secret_key').$code), 0, 2).$code;
|
||||||
$url = Pluf::f('url_base').Pluf_HTTP_URL_urlForView('IDF_Views::passwordRecovery', array($code), array(), false);
|
$url = Pluf::f('url_base').Pluf_HTTP_URL_urlForView('IDF_Views::passwordRecovery', array($code), array(), false);
|
||||||
$urlic = Pluf::f('url_base').Pluf_HTTP_URL_urlForView('IDF_Views::passwordRecoveryInputCode', array(), array(), false);
|
$urlic = Pluf::f('url_base').Pluf_HTTP_URL_urlForView('IDF_Views::passwordRecoveryInputCode', array(), array(), false);
|
||||||
$context = new Pluf_Template_Context(array('url' => Pluf_Template::markSafe($url),
|
$context = new Pluf_Template_Context(
|
||||||
|
array('url' => Pluf_Template::markSafe($url),
|
||||||
'urlik' => Pluf_Template::markSafe($urlic),
|
'urlik' => Pluf_Template::markSafe($urlic),
|
||||||
'user' => Pluf_Template::markSafe($user),
|
'user' => Pluf_Template::markSafe($user),
|
||||||
'key' => Pluf_Template::markSafe($code)));
|
'key' => Pluf_Template::markSafe($code)));
|
||||||
@ -84,5 +102,11 @@ class IDF_Form_Password extends Pluf_Form
|
|||||||
$email->addTextMessage($tmpl->render($context));
|
$email->addTextMessage($tmpl->render($context));
|
||||||
$email->sendMail();
|
$email->sendMail();
|
||||||
}
|
}
|
||||||
|
if (!$user->active and $user->first_name == '---') {
|
||||||
|
$return_url = Pluf_HTTP_URL_urlForView('IDF_Views::registerInputKey');
|
||||||
|
IDF_Form_Register::sendVerificationEmail($user);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return $return_url;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -124,8 +124,14 @@ class IDF_Form_Register extends Pluf_Form
|
|||||||
$user->language = $this->request->language_code;
|
$user->language = $this->request->language_code;
|
||||||
$user->active = false;
|
$user->active = false;
|
||||||
$user->create();
|
$user->create();
|
||||||
$from_email = Pluf::f('from_email');
|
self::sendVerificationEmail($user);
|
||||||
|
return $user;
|
||||||
|
}
|
||||||
|
|
||||||
|
public static function sendVerificationEmail($user)
|
||||||
|
{
|
||||||
Pluf::loadFunction('Pluf_HTTP_URL_urlForView');
|
Pluf::loadFunction('Pluf_HTTP_URL_urlForView');
|
||||||
|
$from_email = Pluf::f('from_email');
|
||||||
$cr = new Pluf_Crypt(md5(Pluf::f('secret_key')));
|
$cr = new Pluf_Crypt(md5(Pluf::f('secret_key')));
|
||||||
$encrypted = trim($cr->encrypt($user->email.':'.$user->id), '~');
|
$encrypted = trim($cr->encrypt($user->email.':'.$user->id), '~');
|
||||||
$key = substr(md5(Pluf::f('secret_key').$encrypted), 0, 2).$encrypted;
|
$key = substr(md5(Pluf::f('secret_key').$encrypted), 0, 2).$encrypted;
|
||||||
@ -144,6 +150,5 @@ class IDF_Form_Register extends Pluf_Form
|
|||||||
__('Confirm the creation of your account.'));
|
__('Confirm the creation of your account.'));
|
||||||
$email->addTextMessage($text_email);
|
$email->addTextMessage($text_email);
|
||||||
$email->sendMail();
|
$email->sendMail();
|
||||||
return $user;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -183,6 +183,8 @@ class IDF_Views
|
|||||||
* email is available in the database, send an email with a key to
|
* email is available in the database, send an email with a key to
|
||||||
* reset the password.
|
* reset the password.
|
||||||
*
|
*
|
||||||
|
* If the user is not yet confirmed, send the confirmation key one
|
||||||
|
* more time.
|
||||||
*/
|
*/
|
||||||
function passwordRecoveryAsk($request, $match)
|
function passwordRecoveryAsk($request, $match)
|
||||||
{
|
{
|
||||||
@ -190,8 +192,7 @@ class IDF_Views
|
|||||||
if ($request->method == 'POST') {
|
if ($request->method == 'POST') {
|
||||||
$form = new IDF_Form_Password($request->POST);
|
$form = new IDF_Form_Password($request->POST);
|
||||||
if ($form->isValid()) {
|
if ($form->isValid()) {
|
||||||
$form->save();
|
$url = $form->save();
|
||||||
$url = Pluf_HTTP_URL_urlForView('IDF_Views::passwordRecoveryInputCode');
|
|
||||||
return new Pluf_HTTP_Response_Redirect($url);
|
return new Pluf_HTTP_Response_Redirect($url);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user