natalie/indefero
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fixed to prevent a password reset to login an inactive user.

Browse Source
This commit is contained in:
Loic d'Anterroches 2010-02-09 14:47:13 +01:00
parent 2b107c1610
commit 73f6430a60
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/IDF/Form/Password.php
View File

@ -42,7 +42,9 @@ class IDF_Form_Password extends Pluf_Form
public function clean_account()
{
$account = mb_strtolower(trim($this->cleaned_data['account']));
$sql = new Pluf_SQL('email=%s OR login=%s',
$db =& Pluf::db();
$true = Pluf_DB_BooleanToDb(true, $db);
$sql = new Pluf_SQL('(email=%s OR login=%s) AND active='.$true,
array($account, $account));
$users = Pluf::factory('Pluf_User')->getList(array('filter'=>$sql->gen()));
if ($users->count() == 0) {

3
src/IDF/Form/PasswordReset.php
View File

@ -73,6 +73,9 @@ class IDF_Form_PasswordReset extends Pluf_Form
if ($this->cleaned_data['password'] != $this->cleaned_data['password2']) {
throw new Pluf_Form_Invalid(__('The two passwords must be the same.'));
}
if (!$this->user->active) {
throw new Pluf_Form_Invalid(__('This account is not active. Please contact the forge administrator to activate it.'));
}
return $this->cleaned_data;
}