Index: branches/5.2.x/core/units/users/users_tag_processor.php =================================================================== diff -u -N -r14469 -r14472 --- branches/5.2.x/core/units/users/users_tag_processor.php (.../users_tag_processor.php) (revision 14469) +++ branches/5.2.x/core/units/users/users_tag_processor.php (.../users_tag_processor.php) (revision 14472) @@ -1,6 +1,6 @@ Application->recallObject($this->Prefix . '.email-to'); + /* @var $user UsersItem */ + $code = $this->getCachedCode(); + $user->SetDBField('PwResetConfirm', $code); + $user->SetDBField('PwRequestTime_date', adodb_mktime()); + $user->SetDBField('PwRequestTime_time', adodb_mktime()); - $fields_hash = Array ( - 'PwResetConfirm' => $code, - 'PwRequestTime' => adodb_mktime(), - ); + if ( $user->GetChangedFields() ) { + // tag is called 2 times within USER.PWDC email event, so don't update user record twice + $user->Update(); + } - $user_id = $this->Application->RecallVar('tmp_user_id'); - $this->Conn->doUpdate($fields_hash, TABLE_PREFIX.'PortalUser', 'PortalUserId = '.$user_id); - $params['user_key'] = $code; - if (!$this->SelectParam($params, 'template,t')) { + + if ( !$this->SelectParam($params, 'template,t') ) { $params['template'] = $this->Application->GetVar('reset_confirm_template'); } @@ -68,7 +72,7 @@ { static $code = null; - if (!isset($code)) { + if ( !isset($code) ) { $code = md5($this->GenerateCode()); } @@ -77,35 +81,53 @@ function GenerateCode() { - list($usec, $sec) = explode(" ",microtime()); + list($usec, $sec) = explode(" ",microtime()); - $id_part_1 = substr($usec, 4, 4); - $id_part_2 = mt_rand(1,9); - $id_part_3 = substr($sec, 6, 4); - $digit_one = substr($id_part_1, 0, 1); - if ($digit_one == 0) { - $digit_one = mt_rand(1,9); - $id_part_1 = preg_replace('/^0/', '', $id_part_1); - $id_part_1=$digit_one.$id_part_1; - } - return $id_part_1.$id_part_2.$id_part_3; - } + $id_part_1 = substr($usec, 4, 4); + $id_part_2 = mt_rand(1,9); + $id_part_3 = substr($sec, 6, 4); + $digit_one = substr($id_part_1, 0, 1); - function ForgottenPassword($params) - { - return $this->Application->GetVar('ForgottenPassword'); + if ($digit_one == 0) { + $digit_one = mt_rand(1,9); + $id_part_1 = preg_replace('/^0/', '', $id_part_1); + $id_part_1=$digit_one.$id_part_1; + } + + return $id_part_1.$id_part_2.$id_part_3; } function TestCodeIsValid($params) { - $passed_key = trim($this->Application->GetVar('user_key')); + $user_helper =& $this->Application->recallObject('UserHelper'); + /* @var $user_helper UserHelper */ - // used for error reporting only -> rewrite code + theme (by Alex) - $user_current_object =& $this->Application->recallObject('u', null, Array('skip_autoload' => true)); // TODO: change theme too - /* @var $user_current_object UsersItem */ - $code_type = isset($params['code_type']) ? $params['code_type'] : 'forgot_password'; + $expiration_timeout = isset($params['expiration_timeout']) ? $params['expiration_timeout'] : null; + $user_id = $user_helper->validateUserCode($this->Application->GetVar('user_key'), $code_type, $expiration_timeout); + if ( !is_numeric($user_id) ) { + // used for error reporting only -> rewrite code + theme (by Alex) + $object =& $this->getObject( Array('skip_autoload' => true) ); // TODO: change theme too + /* @var $object UsersItem */ + + $object->SetError('PwResetConfirm', $user_id, $this->_getUserCodeErrorMsg($user_id, $code_type, $params)); + + return false; + } + + return true; + } + + /** + * Returns error message set by given code type + * + * @param string $error_code + * @param Array $params + * @return string + */ + function _getUserCodeErrorMsg($error_code, $code_type, $params) + { $error_messages = Array ( 'forgot_password' => Array ( 'code_is_not_valid' => 'lu_code_is_not_valid', @@ -126,45 +148,7 @@ ); } - $expiration_timeouts = Array ( - 'forgot_password' => 'config:Users_AllowReset', - 'activation' => 'config:UserEmailActivationTimeout', - 'custom' => '', - ); - - if (!$passed_key) { - $user_current_object->SetError('PwResetConfirm', 'code_is_not_valid', $error_messages[$code_type]['code_is_not_valid']); - - return false; - } - - $user_object =& $this->Application->recallObject('u.forgot', null, Array('skip_autoload' => true)); - /* @var $user_object UsersItems */ - - $user_object->Load($passed_key, 'PwResetConfirm'); - - if ( !$user_object->isLoaded() ) { - $user_current_object->SetError('PwResetConfirm', 'code_is_not_valid', $error_messages[$code_type]['code_is_not_valid']); - - return false; - } - else { - $expiration_timeout = isset($params['expiration_timeout']) ? $params['expiration_timeout'] : $expiration_timeouts[$code_type]; - - if ( preg_match('/^config:(.*)$/', $expiration_timeout, $regs) ) { - $expiration_timeout = $this->Application->ConfigValue( $regs[1] ); - } - - if ( $expiration_timeout ) { - if ( $user_object->GetDBField('PwRequestTime') < strtotime('-' . $expiration_timeout . ' minutes') ) { - $user_current_object->SetError('PwResetConfirm', 'code_expired', $error_messages[$code_type]['code_expired']); - - return false; - } - } - } - - return true; + return $error_messages[$code_type][$error_code]; } /** @@ -303,17 +287,14 @@ */ function ActivationLink($params) { - $code = $this->getCachedCode(); - - $fields_hash = Array ( - 'PwResetConfirm' => $code, - 'PwRequestTime' => adodb_mktime(), - ); - $object =& $this->getObject($params); /* @var $object kDBItem */ - $this->Conn->doUpdate($fields_hash, $object->TableName, $object->IDField . ' = ' . $object->GetID()); + $code = $this->getCachedCode(); + $object->SetDBField('PwResetConfirm', $code); + $object->SetDBField('PwRequestTime_date', adodb_mktime()); + $object->SetDBField('PwRequestTime_time', adodb_mktime()); + $object->Update(); $params['user_key'] = $code; @@ -339,7 +320,8 @@ $user->SetDBField('Status', STATUS_ACTIVE); $user->SetDBField('PwResetConfirm', ''); - $user->SetDBField('PwRequestTime', 0); + $user->SetDBField('PwRequestTime_date', NULL); + $user->SetDBField('PwRequestTime_time', NULL); $user->Update(); $user_helper =& $this->Application->recallObject('UserHelper');