diff --git a/sites/all/modules/contrib/prlp/prlp.module b/sites/all/modules/contrib/prlp/prlp.module index 83ba96be..b67f0b32 100644 --- a/sites/all/modules/contrib/prlp/prlp.module +++ b/sites/all/modules/contrib/prlp/prlp.module @@ -22,6 +22,20 @@ function prlp_menu() { return $items; } +/** + * Implements hook_drupal_goto_alter(). + */ +function prlp_drupal_goto_alter(&$path, &$options, &$http_response_code) { + if (isset($_SESSION['pass_reset_hash'])) { + // This is likely Drupal 7.79+ redirecting the password reset confirm form + // back to itself, after which it immediately unsets the session value. + $parts = explode('/', $path); + if (isset($parts[4]) && $parts[4] === 'confirm' && $parts[0] === 'user' && $parts[1] === 'reset') { + $_SESSION['prlp_reset_hash'] = $_SESSION['pass_reset_hash']; + } + } +} + /** * Alters the user password reset landing page. * @@ -50,9 +64,13 @@ function prlp_form_user_pass_reset_alter(&$form, &$form_state) { $element['#access'] = FALSE; } } - // Unset $form['#action'] so that the form doesn't get submitted to the - // user profile edit page. Instead it gets submitted to self. + // The form does not properly rebuild itself if #action is set (which + // makes it redirect in the middle of form rebuild), or on D7.79+ if the + // session value isn't set (which makes it error out). unset($form['#action']); + if (isset($_SESSION['prlp_reset_hash']) && empty($form_state['input'])) { + $_SESSION['pass_reset_hash'] = $_SESSION['prlp_reset_hash']; + } // Remove the part of the message that talks about changing password // later, since they are changing it right here. if (!empty($form['message']['#markup'])) { @@ -81,6 +99,17 @@ define('PRLP_DESTINATION_DEFAULT', 'user/%uid/edit'); function prlp_user_pass_reset_submit($form, &$form_state) { global $user; @list($uid, $timestamp, $hashed_pass, $action) = $form_state['build_info']['args']; + if ($hashed_pass === 'confirm') { + // Drupal 7.79+: the form redirected to a 'confirm' URL so the hash is not + // in the URL anymore. + if (isset($_SESSION['prlp_reset_hash'])) { + $hashed_pass = $_SESSION['prlp_reset_hash']; + unset($_SESSION['prlp_reset_hash']); + } + else { + drupal_set_message(t('Could not find password hash; login will likely fail.'), 'warning'); + } + } // When processing the one-time login link, we have to make sure that a user // isn't already logged in.