diff options
author | Evan Prodromou <evan@status.net> | 2010-03-13 06:36:25 -0600 |
---|---|---|
committer | Evan Prodromou <evan@status.net> | 2010-03-13 06:36:25 -0600 |
commit | c1e96cbdefa66e66815c421378b9452d7c8d5548 (patch) | |
tree | a08e80d705d08ffb33233991bf80e7c19867552a /actions/recoverpassword.php | |
parent | a2cc26ba8a21aa3614ebfc4a77c0bec9ffb2655d (diff) | |
parent | 9e9ab23e1f936eb62014d8f7b0051f0314ae482c (diff) |
Merge branch 'testing' of git@gitorious.org:statusnet/mainline into testing
Diffstat (limited to 'actions/recoverpassword.php')
-rw-r--r-- | actions/recoverpassword.php | 29 |
1 files changed, 21 insertions, 8 deletions
diff --git a/actions/recoverpassword.php b/actions/recoverpassword.php index dcff35f6e..f9956897f 100644 --- a/actions/recoverpassword.php +++ b/actions/recoverpassword.php @@ -21,7 +21,7 @@ if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); } # You have 24 hours to claim your password -define(MAX_RECOVERY_TIME, 24 * 60 * 60); +define('MAX_RECOVERY_TIME', 24 * 60 * 60); class RecoverpasswordAction extends Action { @@ -262,10 +262,20 @@ class RecoverpasswordAction extends Action # See if it's an unconfirmed email address if (!$user) { - $confirm_email = Confirm_address::staticGet('address', common_canonical_email($nore)); - if ($confirm_email && $confirm_email->address_type == 'email') { + // Warning: it may actually be legit to have multiple folks + // who have claimed, but not yet confirmed, the same address. + // We'll only send to the first one that comes up. + $confirm_email = new Confirm_address(); + $confirm_email->address = common_canonical_email($nore); + $confirm_email->address_type = 'email'; + $confirm_email->find(); + if ($confirm_email->fetch()) { $user = User::staticGet($confirm_email->user_id); + } else { + $confirm_email = null; } + } else { + $confirm_email = null; } if (!$user) { @@ -276,9 +286,11 @@ class RecoverpasswordAction extends Action # Try to get an unconfirmed email address if they used a user name if (!$user->email && !$confirm_email) { - $confirm_email = Confirm_address::staticGet('user_id', $user->id); - if ($confirm_email && $confirm_email->address_type != 'email') { - # Skip non-email confirmations + $confirm_email = new Confirm_address(); + $confirm_email->user_id = $user->id; + $confirm_email->address_type = 'email'; + $confirm_email->find(); + if (!$confirm_email->fetch()) { $confirm_email = null; } } @@ -294,7 +306,7 @@ class RecoverpasswordAction extends Action $confirm->code = common_confirmation_code(128); $confirm->address_type = 'recover'; $confirm->user_id = $user->id; - $confirm->address = (isset($user->email)) ? $user->email : $confirm_email->address; + $confirm->address = (!empty($user->email)) ? $user->email : $confirm_email->address; if (!$confirm->insert()) { common_log_db_error($confirm, 'INSERT', __FILE__); @@ -319,7 +331,8 @@ class RecoverpasswordAction extends Action $body .= common_config('site', 'name'); $body .= "\n"; - mail_to_user($user, _('Password recovery requested'), $body, $confirm->address); + $headers = _mail_prepare_headers('recoverpassword', $user->nickname, $user->nickname); + mail_to_user($user, _('Password recovery requested'), $body, $headers, $confirm->address); $this->mode = 'sent'; $this->msg = _('Instructions for recovering your password ' . |