if (!$user->email) {
$orig = clone($user);
$user->email = $email;
- $result = $user->updateKeys($orig);
- if (!$result) {
- common_log_db_error($user, 'UPDATE', __FILE__);
- // TRANS: Server error displayed when updating a user's e-mail address in the database fails while recovering a password.
- $this->serverError(_('Could not update user with confirmed email address.'));
- }
+ // Throws exception on failure.
+ $user->updateWithKeys($orig);
}
// Success!
try {
User::recoverPassword($nore);
$this->mode = 'sent';
- // TRANS: User notification after an e-mail with instructions was sent from the password recovery form.
- $this->msg = _('Instructions for recovering your password ' .
- 'have been sent to the email address registered to your ' .
- 'account.');
+ if (common_is_email($nore) && common_config('site', 'fakeaddressrecovery')) {
+ // TRANS: User notification when recovering password by giving email address,
+ // regardless if the mail was sent or not (to hide registered email status).
+ $this->msg = _('If the email address you provided was found in the database, a recovery mail with instructions has been sent there.');
+ } else {
+ // TRANS: User notification after an e-mail with instructions was sent from the password recovery form.
+ $this->msg = _('Instructions for recovering your password ' .
+ 'have been sent to the email address registered to your ' .
+ 'account.');
+ }
$this->success = true;
} catch (Exception $e) {
$this->success = false;
}
// OK, we're ready to go
-
- $original = clone($user);
-
- $user->password = common_munge_password($newpassword, $user->id);
-
- if (!$user->update($original)) {
- common_log_db_error($user, 'UPDATE', __FILE__);
- // TRANS: Reset password form validation error message.
- $this->serverError(_('Cannot save new password.'));
- }
+ $user->setPassword($newpassword);
$this->clearTempUser();