if (common_logged_in()) {
// TRANS: Client error displayed trying to recover password while already logged in.
$this->clientError(_('You are already logged in!'));
- return;
} else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if ($this->arg('recover')) {
$this->recoverPassword();
if (!$confirm) {
// TRANS: Client error displayed when password recovery code is not correct.
$this->clientError(_('No such recovery code.'));
- return;
}
if ($confirm->address_type != 'recover') {
// TRANS: Client error displayed when no proper password recovery code was submitted.
$this->clientError(_('Not a recovery code.'));
- return;
}
$user = User::getKV($confirm->user_id);
if (!$user) {
// TRANS: Server error displayed trying to recover password without providing a user.
$this->serverError(_('Recovery code for unknown user.'));
- return;
}
$touched = strtotime($confirm->modified);
common_log_db_error($confirm, 'DELETE', __FILE__);
// TRANS: Server error displayed removing a password recovery code from the database.
$this->serverError(_('Error with confirmation code.'));
- return;
}
// These should be reaped, but for now we just check mod time
// TRANS: Client error displayed trying to recover password with too old a recovery code.
$this->clientError(_('This confirmation code is too old. ' .
'Please start again.'));
- return;
}
// If we used an outstanding confirmation to send the email,
if (!$user->email) {
$orig = clone($user);
$user->email = $email;
- $result = $user->updateKeys($orig);
- if (!$result) {
- common_log_db_error($user, 'UPDATE', __FILE__);
- // TRANS: Server error displayed when updating a user's e-mail address in the database fails while recovering a password.
- $this->serverError(_('Could not update user with confirmed email address.'));
- return;
- }
+ // Throws exception on failure.
+ $user->updateWithKeys($orig);
}
// Success!
try {
User::recoverPassword($nore);
$this->mode = 'sent';
- // TRANS: User notification after an e-mail with instructions was sent from the password recovery form.
- $this->msg = _('Instructions for recovering your password ' .
- 'have been sent to the email address registered to your ' .
- 'account.');
+ if (common_is_email($nore) && common_config('site', 'fakeaddressrecovery')) {
+ // TRANS: User notification when recovering password by giving email address,
+ // regardless if the mail was sent or not (to hide registered email status).
+ $this->msg = _('If the email address you provided was found in the database, a recovery mail with instructions has been sent there.');
+ } else {
+ // TRANS: User notification after an e-mail with instructions was sent from the password recovery form.
+ $this->msg = _('Instructions for recovering your password ' .
+ 'have been sent to the email address registered to your ' .
+ 'account.');
+ }
$this->success = true;
} catch (Exception $e) {
$this->success = false;
if (!$user) {
// TRANS: Client error displayed when trying to reset as password without providing a user.
$this->clientError(_('Unexpected password reset.'));
- return;
}
$newpassword = $this->trimmed('newpassword');
}
// OK, we're ready to go
-
- $original = clone($user);
-
- $user->password = common_munge_password($newpassword, $user->id);
-
- if (!$user->update($original)) {
- common_log_db_error($user, 'UPDATE', __FILE__);
- // TRANS: Reset password form validation error message.
- $this->serverError(_('Cannot save new password.'));
- return;
- }
+ $user->setPassword($newpassword);
$this->clearTempUser();
if (!common_set_user($user->nickname)) {
// TRANS: Server error displayed when something does wrong with the user object during password reset.
$this->serverError(_('Error setting user.'));
- return;
}
common_real_login(true);