Index: branches/5.2.x/core/units/users/users_event_handler.php
===================================================================
diff -u -N -r14468 -r14472
--- branches/5.2.x/core/units/users/users_event_handler.php	(.../users_event_handler.php)	(revision 14468)
+++ branches/5.2.x/core/units/users/users_event_handler.php	(.../users_event_handler.php)	(revision 14472)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: users_event_handler.php 14468 2011-07-12 12:43:52Z alex $
+* @version	$Id: users_event_handler.php 14472 2011-07-13 11:42:22Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -35,8 +35,6 @@
 				'OnRefreshForm'				=>	Array('self' => true),
 
 				'OnForgotPassword'			=>	Array('self' => true),
-				'OnResetPassword'			=>	Array('self' => true),
-				'OnResetPasswordConfirmed'	=>	Array('self' => true),
 
 				'OnSubscribeQuery'			=>	Array('self' => true),
 				'OnSubscribeUser'			=>	Array('self' => true),
@@ -52,6 +50,23 @@
 		}
 
 		/**
+		 * Builds item (loads if needed)
+		 *
+		 * Pattern: Prototype Manager
+		 *
+		 * @param kEvent $event
+		 * @access protected
+		 */
+		function OnItemBuild(&$event)
+		{
+			parent::OnItemBuild($event);
+
+			if ($event->Special == 'forgot') {
+				$this->_makePasswordRequired($event);
+			}
+		}
+
+		/**
 		 * Shows only admins when required
 		 *
 		 * @param kEvent $event
@@ -117,6 +132,7 @@
 
 				if ($event->Name == 'OnUpdate' && $user_id > 0) {
 					$user_dummy =& $this->Application->recallObject($event->Prefix.'.-item', null, Array('skip_autoload' => true));
+
 					foreach ($items_info as $id => $field_values) {
 						if ($id != $user_id) {
 							// registered users can update their record only
@@ -136,9 +152,15 @@
 							return false;
 						}
 					}
+
 					return true;
 				}
 
+				if ( $event->Name == 'OnResetLostPassword' && $event->Special == 'forgot' && $user_id == USER_GUEST ) {
+					// non-logged in users can reset their password, when reset code is valid
+					return is_numeric( $this->getPassedID($event) );
+				}
+
 				if ($event->Name == 'OnUpdate' && $user_id <= 0) {
 					// guests are not allowed to update their record, because they don't have it :)
 					return false;
@@ -814,152 +836,65 @@
 			$user_current_object =& $this->Application->recallObject('u', null, Array('skip_autoload' => true)); // TODO: change theme too
 			/* @var $user_current_object UsersItem */
 
-			$username = $this->Application->GetVar('username');
+			$found = $allow_reset = false;
 			$email = $this->Application->GetVar('email');
-			$found = false;
-			$allow_reset = true;
+			$username = $this->Application->GetVar('username');
 
-			if (strlen($username)) {
+			if ( strlen($username) ) {
 				$user_object->Load($username, 'Login');
-				if ($user_object->isLoaded()) {
-					$found = ($user_object->GetDBField("Login")==$username && $user_object->GetDBField("Status")==1) && strlen($user_object->GetDBField("Password"));
-				}
 			}
-			else if(strlen($email)) {
+			elseif( strlen($email) ) {
 				$user_object->Load($email, 'Email');
-				if ($user_object->isLoaded()) {
-					$found = ($user_object->GetDBField("Email")==$email && $user_object->GetDBField("Status")==1) && strlen($user_object->GetDBField("Password"));
-				}
 			}
 
-			if ($user_object->isLoaded()) {
-				$PwResetConfirm 	= $user_object->GetDBField('PwResetConfirm');
-				$PwRequestTime 		= $user_object->GetDBField('PwRequestTime');
-				$PassResetTime 		= $user_object->GetDBField('PassResetTime');
-				//$MinPwResetDelay 	= $user_object->GetDBField('MinPwResetDelay');
-				$MinPwResetDelay 	= $this->Application->ConfigValue('Users_AllowReset');
+			if ( $user_object->isLoaded() ) {
+				$min_pwd_reset_delay = $this->Application->ConfigValue('Users_AllowReset');
+				$found = ($user_object->GetDBField('Status') == STATUS_ACTIVE) && strlen( $user_object->GetDBField('Password') );
 
-				$allow_reset = (strlen($PwResetConfirm) ?
-				adodb_mktime() > $PwRequestTime + $MinPwResetDelay :
-				adodb_mktime() > $PassResetTime + $MinPwResetDelay);
+				if ( !$user_object->GetDBField('PwResetConfirm') ) {
+					// no reset made -> allow
+					$allow_reset = true;
+				}
+				else {
+					// reset made -> wait N minutes, then allow
+					$allow_reset = adodb_mktime() > $user_object->GetDBField('PwRequestTime') + $min_pwd_reset_delay;
+				}
 			}
 
 			if ($found && $allow_reset) {
-				$this->Application->StoreVar('tmp_user_id', $user_object->GetDBField("PortalUserId"));
-				$this->Application->StoreVar('tmp_email', $user_object->GetDBField("Email"));
+				$this->Application->EmailEventUser('USER.PSWDC', $user_object->GetID());
 
-				$confirm_template = $this->Application->GetVar('reset_confirm_template');
-				if (!$confirm_template) {
-					$this->Application->SetVar('reset_confirm_template', 'platform/login/forgotpass_reset');
-				}
-				$this->Application->EmailEventUser('USER.PSWDC', $user_object->GetDBField('PortalUserId'));
-
 				$event->redirect = $this->Application->GetVar('template_success');
+
+				return ;
 			}
-			else {
-				if (!strlen($username) && !strlen($email)) {
-					$user_current_object->SetError('Login', 'forgotpw_nodata', 'lu_ferror_forgotpw_nodata');
-					$user_current_object->SetError('Email', 'forgotpw_nodata', 'lu_ferror_forgotpw_nodata');
-				}
-				else {
-					if ($allow_reset) {
-						if (strlen($username)) {
-							$user_current_object->SetError('Login', 'unknown_username', 'lu_ferror_unknown_username');
-						}
-						if (strlen($email)) {
-							$user_current_object->SetError('Email', 'unknown_email', 'lu_ferror_unknown_email');
-						}
-					}
-					else {
-						if (strlen($username)) {
-							$user_current_object->SetError('Login', 'reset_denied', 'lu_ferror_reset_denied');
-						}
 
-						if (strlen($email)) {
-							$user_current_object->SetError('Email', 'reset_denied', 'lu_ferror_reset_denied');
-						}
-					}
+			if ( !strlen($username) && !strlen($email) ) {
+				$user_current_object->SetError('Login', 'forgotpw_nodata', 'lu_ferror_forgotpw_nodata');
+				$user_current_object->SetError('Email', 'forgotpw_nodata', 'lu_ferror_forgotpw_nodata');
+			}
+			elseif ( !$found ) {
+				if ( strlen($username) ) {
+					$user_current_object->SetError('Login', 'unknown_username', 'lu_ferror_unknown_username');
 				}
 
-				if ( $user_current_object->HasErrors() ) {
-					$event->redirect = false;
+				if ( strlen($email) ) {
+					$user_current_object->SetError('Email', 'unknown_email', 'lu_ferror_unknown_email');
 				}
 			}
-		}
+			elseif ( !$allow_reset ) {
+				if ( strlen($username) ) {
+					$user_current_object->SetError('Login', 'reset_denied', 'lu_ferror_reset_denied');
+				}
 
-		/**
-		 * Enter description here...
-		 *
-		 * @param kEvent $event
-		 */
-		function OnResetPassword(&$event)
-		{
-			$user_object =& $this->Application->recallObject('u.forgot');
-
-			if($user_object->Load($this->Application->RecallVar('tmp_user_id'))){
-
-				$this->Application->EmailEventUser('USER.PSWDC', $user_object->GetDBField("PortalUserId"));
-				$event->redirect = $this->Application->GetVar('template_success');
-
-				$m_cat_id = $this->Application->findModule('Name', 'In-Commerce', 'RootCat');
-				$this->Application->SetVar('m_cat_id', $m_cat_id);
-				$event->SetRedirectParam('pass', 'm');
+				if ( strlen($email) ) {
+					$user_current_object->SetError('Email', 'reset_denied', 'lu_ferror_reset_denied');
+				}
 			}
-		}
 
-		function OnResetPasswordConfirmed(&$event)
-		{
-	     	// used for error reporting only -> rewrite code + theme (by Alex)
-	     	$user_current_object =& $this->Application->recallObject('u', null, Array('skip_autoload' => true));// TODO: change theme too
-			/* @var $user_current_object UsersItem */
-
-			$passed_key = trim($this->Application->GetVar('user_key'));
-
-		    if (!$passed_key) {
-				$event->setRedirectParams(Array('opener' => 's', 'pass' => 'all'), true);
+			if ( $user_current_object->HasErrors() ) {
 				$event->redirect = false;
-
-				$user_current_object->SetError('PwResetConfirm', 'code_is_not_valid', 'lu_code_is_not_valid');
-		    }
-
-		    $user_object =& $this->Application->recallObject('u.forgot', null, Array('skip_autoload' => true));
-			/* @var $user_object UsersItem */
-
-			$user_object->Load($passed_key, 'PwResetConfirm');
-
-		    if ($user_object->isLoaded()) {
-		    	$exp_time = $user_object->GetDBField('PwRequestTime') + 3600;
-		    	$user_object->SetDBField('PwResetConfirm', '');
-		      	$user_object->SetDBField('PwRequestTime', 0);
-
-		      	if ($exp_time > adodb_mktime()) {
-			    	$newpw = $user_object->generatePassword();
-			    	$this->Application->StoreVar('password', $newpw);
-
-			      	$user_object->SetDBField('PassResetTime', adodb_mktime());
-			      	$user_object->SetDBField('PwResetConfirm', '');
-			      	$user_object->SetDBField('PwRequestTime', 0);
-			      	$user_object->Update();
-
-			      	$this->Application->SetVar('ForgottenPassword', $newpw);
-
-			     	$email_event_user 	=& $this->Application->EmailEventUser('USER.PSWD', $user_object->GetDBField('PortalUserId'));
-			     	$email_event_admin 	=& $this->Application->EmailEventAdmin('USER.PSWD');
-
-			     	$this->Application->DeleteVar('ForgottenPassword');
-
-			      	if ($email_event_user->status == kEvent::erSUCCESS) {
-						$event->setRedirectParams(array('opener' => 's', 'pass' => 'all'), true);
-						$event->redirect = $this->Application->GetVar('template_success');
-					}
-		      	} else {
-		      		$user_current_object->SetError('PwResetConfirm', 'code_expired', 'lu_code_expired');
-		      		$event->redirect = false;
-		      	}
-		    } else {
-		    	$user_current_object->SetError('PwResetConfirm', 'code_is_not_valid', 'lu_code_is_not_valid');
-		    	$event->redirect = false;
-		    }
+			}
 		}
 
 		function OnUpdate(&$event)
@@ -983,6 +918,15 @@
 
 			$cs_helper->CheckStateField($event, 'State', 'Country');
 			$cs_helper->PopulateStates($event, 'State', 'Country');
+
+			if ($event->Special == 'forgot') {
+				$object =& $event->getObject();
+				/* @var $object kDBItem */
+
+				$object->SetDBField('PwResetConfirm', '');
+				$object->SetDBField('PwRequestTime_date', NULL);
+				$object->SetDBField('PwRequestTime_time', NULL);
+			}
 		}
 
 		/**
@@ -1104,23 +1048,33 @@
 					$order =& $this->Application->recallObject('ord');
 					/* @var $order OrdersItem */
 
-					$id = $order->GetDBField('PortalUserId');
+					return $order->GetDBField('PortalUserId');
 					break;
 
 				case 'profile':
 					$id = $this->Application->GetVar('user_id');
+
 					if (!$id) {
 						// if none user_id given use current user id
 						$id = $this->Application->RecallVar('user_id');
 					}
+
+					return $id;
 					break;
 
-				default:
-					$id = parent::getPassedID($event);
+				case 'forgot':
+					$user_helper =& $this->Application->recallObject('UserHelper');
+					/* @var $user_helper UserHelper */
+
+					$id = $user_helper->validateUserCode( $this->Application->GetVar('user_key'), 'forgot_password' );
+
+					if ( is_numeric($id) ) {
+						return $id;
+					}
 					break;
 			}
 
-			return $id;
+			return parent::getPassedID($event);
 		}
 
 		/**
@@ -1731,4 +1685,29 @@
 				echo kUtil::generatePassword();
 			}
 		}
+
+		/**
+		 * Changes user's password and logges him in
+		 *
+		 * @param kEvent $event
+		 */
+		function OnResetLostPassword(&$event)
+		{
+			$object =& $event->getObject();
+			/* @var $object kDBItem */
+
+			$event->CallSubEvent('OnUpdate');
+
+			if ( $event->status == kEvent::erSUCCESS ) {
+				$user_helper =& $this->Application->recallObject('UserHelper');
+		    	/* @var $user_helper UserHelper */
+
+			    $user =& $user_helper->getUserObject();
+				$user->Load( $object->GetID() );
+
+				if ( $user_helper->checkLoginPermission() ) {
+		    		$user_helper->loginUserById( $user->GetID() );
+				}
+			}
+		}
 	}