summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBrion Vibber <brion@pobox.com>2010-03-11 18:01:50 -0800
committerBrion Vibber <brion@pobox.com>2010-03-11 18:01:50 -0800
commitb9e903020137540ec629abb1089de276ba41cfc4 (patch)
treee18e399152dca38041d5cbcab31f33654ea48a39
parenta715271f847fed7d7c725c5b752ea7a00800520a (diff)
Fixes for password recovery; lookups for unconfirmed addresses were failing or inconsistent (using staticGet with unindexed fields, which would not get decached correctly and could get confused if multiple pending confirmations of different types are around).
Also uses updated email functions to include extra headers and ensure the proper address is used.
-rw-r--r--actions/recoverpassword.php27
1 files changed, 20 insertions, 7 deletions
diff --git a/actions/recoverpassword.php b/actions/recoverpassword.php
index 1e2775e7a..f9956897f 100644
--- a/actions/recoverpassword.php
+++ b/actions/recoverpassword.php
@@ -262,10 +262,20 @@ class RecoverpasswordAction extends Action
# See if it's an unconfirmed email address
if (!$user) {
- $confirm_email = Confirm_address::staticGet('address', common_canonical_email($nore));
- if ($confirm_email && $confirm_email->address_type == 'email') {
+ // Warning: it may actually be legit to have multiple folks
+ // who have claimed, but not yet confirmed, the same address.
+ // We'll only send to the first one that comes up.
+ $confirm_email = new Confirm_address();
+ $confirm_email->address = common_canonical_email($nore);
+ $confirm_email->address_type = 'email';
+ $confirm_email->find();
+ if ($confirm_email->fetch()) {
$user = User::staticGet($confirm_email->user_id);
+ } else {
+ $confirm_email = null;
}
+ } else {
+ $confirm_email = null;
}
if (!$user) {
@@ -276,9 +286,11 @@ class RecoverpasswordAction extends Action
# Try to get an unconfirmed email address if they used a user name
if (!$user->email && !$confirm_email) {
- $confirm_email = Confirm_address::staticGet('user_id', $user->id);
- if ($confirm_email && $confirm_email->address_type != 'email') {
- # Skip non-email confirmations
+ $confirm_email = new Confirm_address();
+ $confirm_email->user_id = $user->id;
+ $confirm_email->address_type = 'email';
+ $confirm_email->find();
+ if (!$confirm_email->fetch()) {
$confirm_email = null;
}
}
@@ -294,7 +306,7 @@ class RecoverpasswordAction extends Action
$confirm->code = common_confirmation_code(128);
$confirm->address_type = 'recover';
$confirm->user_id = $user->id;
- $confirm->address = (isset($user->email)) ? $user->email : $confirm_email->address;
+ $confirm->address = (!empty($user->email)) ? $user->email : $confirm_email->address;
if (!$confirm->insert()) {
common_log_db_error($confirm, 'INSERT', __FILE__);
@@ -319,7 +331,8 @@ class RecoverpasswordAction extends Action
$body .= common_config('site', 'name');
$body .= "\n";
- mail_to_user($user, _('Password recovery requested'), $body, $confirm->address);
+ $headers = _mail_prepare_headers('recoverpassword', $user->nickname, $user->nickname);
+ mail_to_user($user, _('Password recovery requested'), $body, $headers, $confirm->address);
$this->mode = 'sent';
$this->msg = _('Instructions for recovering your password ' .