Correctly request an account confirmation when trying to recover the password of a not yet activated account.

2010-02-15 22:40:34 +01:00 · 2010-02-15 22:40:34 +01:00 · 52be41186f
commit 52be41186f
parent 96e8f4ae3c
3 changed files with 53 additions and 23 deletions
--- a/src/IDF/Form/Password.php
+++ b/src/IDF/Form/Password.php
@ -42,14 +42,27 @@ class IDF_Form_Password extends Pluf_Form
    public function clean_account()
    {
        $account = mb_strtolower(trim($this->cleaned_data['account']));
-        $db =& Pluf::db();
-        $true = Pluf_DB_BooleanToDb(true, $db);
-        $sql = new Pluf_SQL('(email=%s OR login=%s) AND active='.$true,
+        $sql = new Pluf_SQL('email=%s OR login=%s',
                            array($account, $account));
        $users = Pluf::factory('Pluf_User')->getList(array('filter'=>$sql->gen()));
        if ($users->count() == 0) {
            throw new Pluf_Form_Invalid(__('Sorry, we cannot find a user with this email address or login. Feel free to try again.'));
        }
+        $ok = false;
+        foreach ($users as $user) {
+            if ($user->active) {
+                $ok = true;
+                continue;
+            }
+            if (!$user->active and $user->first_name == '---') {
+                $ok = true;
+                continue;
+            }
+            $ok = false; // This ensures an all or nothing ok.
+        }
+        if (!$ok) {
+            throw new Pluf_Form_Invalid(__('Sorry, we cannot find a user with this email address or login. Feel free to try again.'));
+        }
        return $account;
    }

@ -66,7 +79,11 @@ class IDF_Form_Password extends Pluf_Form
        $sql = new Pluf_SQL('email=%s OR login=%s',
                            array($account, $account));
        $users = Pluf::factory('Pluf_User')->getList(array('filter'=>$sql->gen()));
+
+        $return_url = '';
        foreach ($users as $user) {
+            if ($user->active) {
+                $return_url = Pluf_HTTP_URL_urlForView('IDF_Views::passwordRecoveryInputCode');
                $tmpl = new Pluf_Template('idf/user/passrecovery-email.txt');
                $cr = new Pluf_Crypt(md5(Pluf::f('secret_key')));
                $code = trim($cr->encrypt($user->email.':'.$user->id.':'.time()), 
@ -74,7 +91,8 @@ class IDF_Form_Password extends Pluf_Form
                $code = substr(md5(Pluf::f('secret_key').$code), 0, 2).$code;
                $url = Pluf::f('url_base').Pluf_HTTP_URL_urlForView('IDF_Views::passwordRecovery', array($code), array(), false);
                $urlic = Pluf::f('url_base').Pluf_HTTP_URL_urlForView('IDF_Views::passwordRecoveryInputCode', array(), array(), false);
-            $context = new Pluf_Template_Context(array('url' => Pluf_Template::markSafe($url),
+                $context = new Pluf_Template_Context(
+                         array('url' => Pluf_Template::markSafe($url),
                               'urlik' => Pluf_Template::markSafe($urlic),
                               'user' => Pluf_Template::markSafe($user),
                               'key' => Pluf_Template::markSafe($code)));
@ -84,5 +102,11 @@ class IDF_Form_Password extends Pluf_Form
                $email->addTextMessage($tmpl->render($context));
                $email->sendMail();
            }
+            if (!$user->active and $user->first_name == '---') {
+                $return_url = Pluf_HTTP_URL_urlForView('IDF_Views::registerInputKey');
+                IDF_Form_Register::sendVerificationEmail($user);
+            }
+        }
+        return $return_url;
    }
 }
--- a/src/IDF/Form/Register.php
+++ b/src/IDF/Form/Register.php
@ -124,8 +124,14 @@ class IDF_Form_Register extends Pluf_Form
        $user->language = $this->request->language_code;
        $user->active = false;
        $user->create();
-        $from_email = Pluf::f('from_email');
+        self::sendVerificationEmail($user);
+        return $user;
+    }
+
+    public static function sendVerificationEmail($user)
+    {
        Pluf::loadFunction('Pluf_HTTP_URL_urlForView');
+        $from_email = Pluf::f('from_email');
        $cr = new Pluf_Crypt(md5(Pluf::f('secret_key')));
        $encrypted = trim($cr->encrypt($user->email.':'.$user->id), '~');
        $key = substr(md5(Pluf::f('secret_key').$encrypted), 0, 2).$encrypted;
@ -144,6 +150,5 @@ class IDF_Form_Register extends Pluf_Form
                               __('Confirm the creation of your account.'));
        $email->addTextMessage($text_email);
        $email->sendMail();
-        return $user;
    }
 }
--- a/src/IDF/Views.php
+++ b/src/IDF/Views.php
@ -183,6 +183,8 @@ class IDF_Views
     * email is available in the database, send an email with a key to
     * reset the password.
     *
+     * If the user is not yet confirmed, send the confirmation key one
+     * more time.
     */
    function passwordRecoveryAsk($request, $match)
    {
@ -190,8 +192,7 @@ class IDF_Views
        if ($request->method == 'POST') {
            $form = new IDF_Form_Password($request->POST);
            if ($form->isValid()) {
-                $form->save();
-                $url = Pluf_HTTP_URL_urlForView('IDF_Views::passwordRecoveryInputCode');
+                $url = $form->save();
                return new Pluf_HTTP_Response_Redirect($url);
            }
        } else {