diff --git a/modules/user/user.admin.inc b/modules/user/user.admin.inc index 7df93f2..67f76ed 100644 --- a/modules/user/user.admin.inc +++ b/modules/user/user.admin.inc @@ -449,6 +449,18 @@ function user_admin_settings() { '#description' => t("This text is displayed at the picture upload form in addition to the default guidelines. It's useful for helping or instructing your users."), ); + $form['privacy'] = array( + '#type' => 'fieldset', + '#title' => t('Privacy'), + ); + $form['privacy']['user_password_reset_text'] = array( + '#type' => 'textarea', + '#title' => t('Password reset text'), + '#default_value' => variable_get('user_password_reset_text', t('If an account exists with these credentials, password reset instructions will be sent to the email associated with the account.')), + '#description' => t('The text that appears when a user successfully submits the password reset form. Due to privacy concerns, it should not contain any information about previously registered users.'), + '#required' => TRUE, + ); + $form['email_title'] = array( '#type' => 'item', '#title' => t('E-mails'), diff --git a/modules/user/user.pages.inc b/modules/user/user.pages.inc index 3287d4b..5dc2087 100644 --- a/modules/user/user.pages.inc +++ b/modules/user/user.pages.inc @@ -107,9 +107,6 @@ function user_pass_validate($form, &$form_state) { flood_register_event('pass_reset_user', $user_pass_reset_user_window, $identifier); form_set_value(array('#parents' => array('account')), $account, $form_state); } - else { - form_set_error('name', t('Sorry, %name is not recognized as a user name or an e-mail address.', array('%name' => $name))); - } } /** @@ -120,14 +117,21 @@ function user_pass_validate($form, &$form_state) { function user_pass_submit($form, &$form_state) { global $language; - $account = $form_state['values']['account']; - // Mail one time login URL and instructions using current language. - $mail = _user_mail_notify('password_reset', $account, $language); - if (!empty($mail)) { - watchdog('user', 'Password reset instructions mailed to %name at %email.', array('%name' => $account->name, '%email' => $account->mail)); - drupal_set_message(t('Further instructions have been sent to your e-mail address.')); + $name = $form_state['values']['name']; + if (isset($form_state['values']['account'])) { + $account = $form_state['values']['account']; + // Mail one time login URL and instructions using current language. + $mail = _user_mail_notify('password_reset', $account, $language); + if (!empty($mail)) { + watchdog('user', 'Password reset instructions mailed to %name at %email.', array('%name' => $account->name, '%email' => $account->mail)); + } } - + else { + watchdog('user', 'Password reset form was submitted with an unknown or inactive account: %name.', array('%name' => $name)); + } + + $message = variable_get('user_password_reset_text', t('If an account exists with these credentials, password reset instructions will be sent to the email associated with the account.')); + drupal_set_message($message); $form_state['redirect'] = 'user'; return; } diff --git a/modules/user/user.test b/modules/user/user.test index b1bb789..c34f53e 100644 --- a/modules/user/user.test +++ b/modules/user/user.test @@ -547,7 +547,9 @@ class UserPasswordResetTestCase extends DrupalWebTestCase { $edit = array('name' => $account->name); $this->drupalPost('user/password', $edit, t('E-mail new password')); // Confirm the password reset. - $this->assertText(t('Further instructions have been sent to your e-mail address.'), 'Password reset instructions mailed message displayed.'); + $password_reset_text = variable_get('user_password_reset_text', t('If an account exists with these credentials, password reset instructions will be sent to the email associated with the account.')); + $this->assertText($password_reset_text, 'Password reset instructions mailed message displayed.'); + // Ensure that flood control was not triggered. $this->assertNoText(t('is temporarily blocked. Try again later'), 'Flood control was not triggered by single password reset.');