diff --git a/sites/all/modules/contrib/prlp/prlp.module b/sites/all/modules/contrib/prlp/prlp.module index 0f28c13b..b67f0b32 100644 --- a/sites/all/modules/contrib/prlp/prlp.module +++ b/sites/all/modules/contrib/prlp/prlp.module @@ -19,18 +19,23 @@ function prlp_menu() { 'file' => 'prlp.admin.inc', 'type' => MENU_LOCAL_TASK, ); - $items['prlp/user/reset/%uid/%timestamp/confirm'] = array( - 'title' => 'PRLP settings', - 'description' => 'Configure - Password Reset Landing Page - what happens when users use their one-time login links for resetting password.', - 'page callback' => 'drupal_get_form', - 'page arguments' => array('prlp_admin_settings'), - 'access arguments' => array('administer users'), - 'file' => 'prlp.admin.inc', - 'type' => MENU_LOCAL_TASK, - ); return $items; } +/** + * Implements hook_drupal_goto_alter(). + */ +function prlp_drupal_goto_alter(&$path, &$options, &$http_response_code) { + if (isset($_SESSION['pass_reset_hash'])) { + // This is likely Drupal 7.79+ redirecting the password reset confirm form + // back to itself, after which it immediately unsets the session value. + $parts = explode('/', $path); + if (isset($parts[4]) && $parts[4] === 'confirm' && $parts[0] === 'user' && $parts[1] === 'reset') { + $_SESSION['prlp_reset_hash'] = $_SESSION['pass_reset_hash']; + } + } +} + /** * Alters the user password reset landing page. * @@ -59,13 +64,13 @@ function prlp_form_user_pass_reset_alter(&$form, &$form_state) { $element['#access'] = FALSE; } } - // Preserve the original Drupal action. - if (!isset($_SESSION['drupal_action'])) { - $_SESSION['drupal_action'] = $form['#action']; - } - // Unset $form['#action'] so that the form doesn't get submitted to the - // user profile edit page. Instead it gets submitted to self. + // The form does not properly rebuild itself if #action is set (which + // makes it redirect in the middle of form rebuild), or on D7.79+ if the + // session value isn't set (which makes it error out). unset($form['#action']); + if (isset($_SESSION['prlp_reset_hash']) && empty($form_state['input'])) { + $_SESSION['pass_reset_hash'] = $_SESSION['prlp_reset_hash']; + } // Remove the part of the message that talks about changing password // later, since they are changing it right here. if (!empty($form['message']['#markup'])) { @@ -93,11 +98,17 @@ define('PRLP_DESTINATION_DEFAULT', 'user/%uid/edit'); */ function prlp_user_pass_reset_submit($form, &$form_state) { global $user; - @list($uid, $timestamp, $action) = $form_state['build_info']['args']; - - if (isset($_SESSION) && isset($_SESSION['drupal_action'])) { - $hashed_pass = arg(5, $_SESSION['drupal_action']); - unset($_SESSION['drupal_action']); + @list($uid, $timestamp, $hashed_pass, $action) = $form_state['build_info']['args']; + if ($hashed_pass === 'confirm') { + // Drupal 7.79+: the form redirected to a 'confirm' URL so the hash is not + // in the URL anymore. + if (isset($_SESSION['prlp_reset_hash'])) { + $hashed_pass = $_SESSION['prlp_reset_hash']; + unset($_SESSION['prlp_reset_hash']); + } + else { + drupal_set_message(t('Could not find password hash; login will likely fail.'), 'warning'); + } } // When processing the one-time login link, we have to make sure that a user