Fixed to prevent a password reset to login an inactive user.

This commit is contained in:
Loic d'Anterroches 2010-02-09 14:47:13 +01:00
parent 2b107c1610
commit 73f6430a60
2 changed files with 6 additions and 1 deletions

View File

@ -42,7 +42,9 @@ class IDF_Form_Password extends Pluf_Form
public function clean_account() public function clean_account()
{ {
$account = mb_strtolower(trim($this->cleaned_data['account'])); $account = mb_strtolower(trim($this->cleaned_data['account']));
$sql = new Pluf_SQL('email=%s OR login=%s', $db =& Pluf::db();
$true = Pluf_DB_BooleanToDb(true, $db);
$sql = new Pluf_SQL('(email=%s OR login=%s) AND active='.$true,
array($account, $account)); array($account, $account));
$users = Pluf::factory('Pluf_User')->getList(array('filter'=>$sql->gen())); $users = Pluf::factory('Pluf_User')->getList(array('filter'=>$sql->gen()));
if ($users->count() == 0) { if ($users->count() == 0) {

View File

@ -73,6 +73,9 @@ class IDF_Form_PasswordReset extends Pluf_Form
if ($this->cleaned_data['password'] != $this->cleaned_data['password2']) { if ($this->cleaned_data['password'] != $this->cleaned_data['password2']) {
throw new Pluf_Form_Invalid(__('The two passwords must be the same.')); throw new Pluf_Form_Invalid(__('The two passwords must be the same.'));
} }
if (!$this->user->active) {
throw new Pluf_Form_Invalid(__('This account is not active. Please contact the forge administrator to activate it.'));
}
return $this->cleaned_data; return $this->cleaned_data;
} }