X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Frecoverpassword.php;h=f3192b5dd3929b8ea99e1536708cf61ed61fd806;hb=dd8e17a3874aa99063b62b51e9a637a5abb0b923;hp=d81c13b0059456e39df36c4312102381a00f4494;hpb=d594c83a5a9a9d42fce917b544c28591fcadb1aa;p=quix0rs-gnu-social.git diff --git a/actions/recoverpassword.php b/actions/recoverpassword.php index d81c13b005..f3192b5dd3 100644 --- a/actions/recoverpassword.php +++ b/actions/recoverpassword.php @@ -29,13 +29,12 @@ class RecoverpasswordAction extends Action var $msg = null; var $success = null; - function handle($args) + function handle() { - parent::handle($args); + parent::handle(); if (common_logged_in()) { // TRANS: Client error displayed trying to recover password while already logged in. $this->clientError(_('You are already logged in!')); - return; } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { if ($this->arg('recover')) { $this->recoverPassword(); @@ -57,25 +56,22 @@ class RecoverpasswordAction extends Action function checkCode() { $code = $this->trimmed('code'); - $confirm = Confirm_address::staticGet('code', $code); + $confirm = Confirm_address::getKV('code', $code); if (!$confirm) { // TRANS: Client error displayed when password recovery code is not correct. $this->clientError(_('No such recovery code.')); - return; } if ($confirm->address_type != 'recover') { // TRANS: Client error displayed when no proper password recovery code was submitted. $this->clientError(_('Not a recovery code.')); - return; } - $user = User::staticGet($confirm->user_id); + $user = User::getKV($confirm->user_id); if (!$user) { // TRANS: Server error displayed trying to recover password without providing a user. $this->serverError(_('Recovery code for unknown user.')); - return; } $touched = strtotime($confirm->modified); @@ -83,14 +79,7 @@ class RecoverpasswordAction extends Action // Burn this code - $result = $confirm->delete(); - - if (!$result) { - common_log_db_error($confirm, 'DELETE', __FILE__); - // TRANS: Server error displayed removing a password recovery code from the database. - $this->serverError(_('Error with confirmation code.')); - return; - } + $confirm->delete(); // These should be reaped, but for now we just check mod time // Note: it's still deleted; let's avoid a second attempt! @@ -102,7 +91,6 @@ class RecoverpasswordAction extends Action // TRANS: Client error displayed trying to recover password with too old a recovery code. $this->clientError(_('This confirmation code is too old. ' . 'Please start again.')); - return; } // If we used an outstanding confirmation to send the email, @@ -111,13 +99,8 @@ class RecoverpasswordAction extends Action if (!$user->email) { $orig = clone($user); $user->email = $email; - $result = $user->updateKeys($orig); - if (!$result) { - common_log_db_error($user, 'UPDATE', __FILE__); - // TRANS: Server error displayed when updating a user's e-mail address in the database fails while recovering a password. - $this->serverError(_('Could not update user with confirmed email address.')); - return; - } + // Throws exception on failure. + $user->updateWithKeys($orig); } // Success! @@ -137,7 +120,7 @@ class RecoverpasswordAction extends Action common_ensure_session(); $user_id = $_SESSION['tempuser']; if ($user_id) { - $user = User::staticGet($user_id); + $user = User::getKV($user_id); } return $user; } @@ -283,15 +266,22 @@ class RecoverpasswordAction extends Action try { User::recoverPassword($nore); $this->mode = 'sent'; - // TRANS: User notification after an e-mail with instructions was sent from the password recovery form. - $this->msg = _('Instructions for recovering your password ' . - 'have been sent to the email address registered to your ' . - 'account.'); + if (common_is_email($nore) && common_config('site', 'fakeaddressrecovery')) { + // TRANS: User notification when recovering password by giving email address, + // regardless if the mail was sent or not (to hide registered email status). + $this->msg = _('If the email address you provided was found in the database, a recovery mail with instructions has been sent there.'); + } else { + // TRANS: User notification after an e-mail with instructions was sent from the password recovery form. + $this->msg = _('Instructions for recovering your password ' . + 'have been sent to the email address registered to your ' . + 'account.'); + } $this->success = true; - $this->showPage(); } catch (Exception $e) { $this->success = false; + $this->msg = $e->getMessage(); } + $this->showPage(); } function resetPassword() @@ -309,7 +299,6 @@ class RecoverpasswordAction extends Action if (!$user) { // TRANS: Client error displayed when trying to reset as password without providing a user. $this->clientError(_('Unexpected password reset.')); - return; } $newpassword = $this->trimmed('newpassword'); @@ -327,24 +316,13 @@ class RecoverpasswordAction extends Action } // OK, we're ready to go - - $original = clone($user); - - $user->password = common_munge_password($newpassword, $user->id); - - if (!$user->update($original)) { - common_log_db_error($user, 'UPDATE', __FILE__); - // TRANS: Reset password form validation error message. - $this->serverError(_('Cannot save new password.')); - return; - } + $user->setPassword($newpassword); $this->clearTempUser(); if (!common_set_user($user->nickname)) { // TRANS: Server error displayed when something does wrong with the user object during password reset. $this->serverError(_('Error setting user.')); - return; } common_real_login(true);