Mercurial > defr > drupal > core
comparison modules/user/user.pages.inc @ 11:589fb7c02327 6.5
Drupal 6.5
| author | Franck Deroche <webmaster@defr.org> |
|---|---|
| date | Tue, 23 Dec 2008 14:32:19 +0100 |
| parents | c1f4ac30525a |
| children |
comparison
equal
deleted
inserted
replaced
| 10:6f15c9d74937 | 11:589fb7c02327 |
|---|---|
| 1 <?php | 1 <?php |
| 2 // $Id: user.pages.inc,v 1.11 2008/01/08 10:35:43 goba Exp $ | 2 // $Id: user.pages.inc,v 1.11.2.1 2008/10/08 20:12:18 goba Exp $ |
| 3 | 3 |
| 4 /** | 4 /** |
| 5 * @file | 5 * @file |
| 6 * User page callback file for the user module. | 6 * User page callback file for the user module. |
| 7 */ | 7 */ |
| 41 return $form; | 41 return $form; |
| 42 } | 42 } |
| 43 | 43 |
| 44 function user_pass_validate($form, &$form_state) { | 44 function user_pass_validate($form, &$form_state) { |
| 45 $name = trim($form_state['values']['name']); | 45 $name = trim($form_state['values']['name']); |
| 46 | |
| 47 // Blocked accounts cannot request a new password, | |
| 48 // check provided username and email against access rules. | |
| 49 if (drupal_is_denied('user', $name) || drupal_is_denied('mail', $name)) { | |
| 50 form_set_error('name', t('%name is not allowed to request a new password.', array('%name' => $name))); | |
| 51 } | |
| 52 | |
| 46 // Try to load by email. | 53 // Try to load by email. |
| 47 $account = user_load(array('mail' => $name, 'status' => 1)); | 54 $account = user_load(array('mail' => $name, 'status' => 1)); |
| 48 if (!$account) { | 55 if (!$account) { |
| 49 // No success, try to load by name. | 56 // No success, try to load by name. |
| 50 $account = user_load(array('name' => $name, 'status' => 1)); | 57 $account = user_load(array('name' => $name, 'status' => 1)); |
| 85 // Time out, in seconds, until login URL expires. 24 hours = 86400 seconds. | 92 // Time out, in seconds, until login URL expires. 24 hours = 86400 seconds. |
| 86 $timeout = 86400; | 93 $timeout = 86400; |
| 87 $current = time(); | 94 $current = time(); |
| 88 // Some redundant checks for extra security ? | 95 // Some redundant checks for extra security ? |
| 89 if ($timestamp < $current && $account = user_load(array('uid' => $uid, 'status' => 1)) ) { | 96 if ($timestamp < $current && $account = user_load(array('uid' => $uid, 'status' => 1)) ) { |
| 97 // Deny one-time login to blocked accounts. | |
| 98 if (drupal_is_denied('user', $account->name) || drupal_is_denied('mail', $account->mail)) { | |
| 99 drupal_set_message(t('You have tried to use a one-time login for an account which has been blocked.'), 'error'); | |
| 100 drupal_goto(); | |
| 101 } | |
| 102 | |
| 90 // No time out for first time login. | 103 // No time out for first time login. |
| 91 if ($account->login && $current - $timestamp > $timeout) { | 104 if ($account->login && $current - $timestamp > $timeout) { |
| 92 drupal_set_message(t('You have tried to use a one-time login link that has expired. Please request a new one using the form below.')); | 105 drupal_set_message(t('You have tried to use a one-time login link that has expired. Please request a new one using the form below.')); |
| 93 drupal_goto('user/password'); | 106 drupal_goto('user/password'); |
| 94 } | 107 } |