From 73f6430a6022966f9f1f7b5f45b501edd08a358d Mon Sep 17 00:00:00 2001
From: Loic d'Anterroches <titoo@users.sourceforge.net>
Date: Tue, 9 Feb 2010 14:47:13 +0100
Subject: [PATCH] Fixed to prevent a password reset to login an inactive user.

---
 src/IDF/Form/Password.php      | 4 +++-
 src/IDF/Form/PasswordReset.php | 3 +++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/IDF/Form/Password.php b/src/IDF/Form/Password.php
index d7eacbd..7792ab5 100644
--- a/src/IDF/Form/Password.php
+++ b/src/IDF/Form/Password.php
@@ -42,7 +42,9 @@ class IDF_Form_Password extends Pluf_Form
     public function clean_account()
     {
         $account = mb_strtolower(trim($this->cleaned_data['account']));
-        $sql = new Pluf_SQL('email=%s OR login=%s',
+        $db =& Pluf::db();
+        $true = Pluf_DB_BooleanToDb(true, $db);
+        $sql = new Pluf_SQL('(email=%s OR login=%s) AND active='.$true,
                             array($account, $account));
         $users = Pluf::factory('Pluf_User')->getList(array('filter'=>$sql->gen()));
         if ($users->count() == 0) {
diff --git a/src/IDF/Form/PasswordReset.php b/src/IDF/Form/PasswordReset.php
index bb33001..0cdff01 100644
--- a/src/IDF/Form/PasswordReset.php
+++ b/src/IDF/Form/PasswordReset.php
@@ -73,6 +73,9 @@ class IDF_Form_PasswordReset extends Pluf_Form
         if ($this->cleaned_data['password'] != $this->cleaned_data['password2']) {
             throw new Pluf_Form_Invalid(__('The two passwords must be the same.'));
         }
+        if (!$this->user->active) {
+            throw new Pluf_Form_Invalid(__('This account is not active. Please contact the forge administrator to activate it.'));
+        }
         return $this->cleaned_data;
     }