Mercurial > defr > drupal > core
diff modules/user/user.module @ 7:fff6d4c8c043 6.3
Drupal 6.3
| author | Franck Deroche <webmaster@defr.org> |
|---|---|
| date | Tue, 23 Dec 2008 14:30:28 +0100 |
| parents | 2427550111ae |
| children | acef7ccb09b5 |
line wrap: on
line diff
--- a/modules/user/user.module Tue Dec 23 14:30:08 2008 +0100 +++ b/modules/user/user.module Tue Dec 23 14:30:28 2008 +0100 @@ -1,5 +1,5 @@ <?php -// $Id: user.module,v 1.892.2.2 2008/04/09 21:11:51 goba Exp $ +// $Id: user.module,v 1.892.2.5 2008/07/09 21:48:28 goba Exp $ /** * @file @@ -664,9 +664,9 @@ ); $items = array(); if (variable_get('user_register', 1)) { - $items[] = l(t('Create new account'), 'user/register', array('title' => t('Create a new user account.'))); + $items[] = l(t('Create new account'), 'user/register', array('attributes' => array('title' => t('Create a new user account.')))); } - $items[] = l(t('Request new password'), 'user/password', array('title' => t('Request new password via e-mail.'))); + $items[] = l(t('Request new password'), 'user/password', array('attributes' => array('title' => t('Request new password via e-mail.')))); $form['links'] = array('#value' => theme('item_list', $items)); return $form; } @@ -1266,9 +1266,9 @@ /** * Set up a series for validators which check for blocked/denied users, * then authenticate against local database, then return an error if - * authentication fails. Distributed authentication modules are welcome - * to use hook_form_alter() to change this series in order to - * authenticate against their user database instead of the local users + * authentication fails. Distributed authentication modules are welcome + * to use hook_form_alter() to change this series in order to + * authenticate against their user database instead of the local users * table. * * We use three validators instead of one since external authentication @@ -1359,8 +1359,10 @@ // This is also used to invalidate one-time login links. $user->login = time(); db_query("UPDATE {users} SET login = %d WHERE uid = %d", $user->login, $user->uid); + + // Regenerate the session ID to prevent against session fixation attacks. + sess_regenerate(); user_module_invoke('login', $edit, $user); - sess_regenerate(); } /** @@ -1636,7 +1638,7 @@ case 'register_admin_created_body': return t("!username,\n\nA site administrator at !site has created an account for you. You may now log in to !login_uri using the following username and password:\n\nusername: !username\npassword: !password\n\nYou may also log in by clicking on this link or copying and pasting it in your browser:\n\n!login_url\n\nThis is a one-time login, so it can be used only once.\n\nAfter logging in, you will be redirected to !edit_uri so you can change your password.\n\n\n-- !site team", $variables, $langcode); case 'register_pending_approval_subject': - case 'pending_approval_admin_subject': + case 'register_pending_approval_admin_subject': return t('Account details for !username at !site (pending admin approval)', $variables, $langcode); case 'register_pending_approval_body': return t("!username,\n\nThank you for registering at !site. Your application for an account is currently pending approval. Once it has been approved, you will receive another e-mail containing information about how to log in, set your password, and other details.\n\n\n-- !site team", $variables, $langcode);