=== modified file 'modules/user/user.pages.inc' --- modules/user/user.pages.inc 2009-05-25 18:22:30 +0000 +++ modules/user/user.pages.inc 2009-06-02 01:42:37 +0000 @@ -75,7 +75,7 @@ function user_pass_submit($form, &$form_ /** * Menu callback; process one time login link and redirects to the user page on success. */ -function user_pass_reset(&$form_state, $uid, $timestamp, $hashed_pass, $action = NULL) { +function user_pass_reset(&$form_state, $uid, $timestamp, $hashed_pass) { global $user; // Check if the user is already logged in. The back button is often the culprit here. @@ -96,24 +96,7 @@ function user_pass_reset(&$form_state, $ drupal_goto('user/password'); } elseif ($account->uid && $timestamp > $account->login && $timestamp < $current && $hashed_pass == user_pass_rehash($account->pass, $timestamp, $account->login)) { - // First stage is a confirmation form, then login - if ($action == 'login') { - watchdog('user', 'User %name used one-time login link at time %timestamp.', array('%name' => $account->name, '%timestamp' => $timestamp)); - // Set the new user. - $user = $account; - // user_authenticate_finalize() also updates the login timestamp of the - // user, which invalidates further use of the one-time login link. - user_authenticate_finalize($form_state['values']); - drupal_set_message(t('You have just used your one-time login link. It is no longer necessary to use this link to login. Please change your password.')); - drupal_goto('user/' . $user->uid . '/edit'); - } - else { - $form['message'] = array('#markup' => t('

This is a one-time login for %user_name and will expire on %expiration_date.

Click on this button to login to the site and change your password.

', array('%user_name' => $account->name, '%expiration_date' => format_date($timestamp + $timeout)))); - $form['help'] = array('#markup' => '

' . t('This login can be used only once.') . '

'); - $form['submit'] = array('#type' => 'submit', '#value' => t('Log in')); - $form['#action'] = url("user/reset/$uid/$timestamp/$hashed_pass/login"); - return $form; - } + return _user_pass_reset_form($account, $timestamp + $timeout); } else { drupal_set_message(t('You have tried to use a one-time login link which has either been used or is no longer valid. Please request a new one using the form below.')); @@ -129,6 +112,39 @@ function user_pass_reset(&$form_state, $ } /** + * Generate the form to change password and log in using a one-time login link. + * + * @param stdClass $account + * This account will be logged in after a password change. + * @param $expire + * The timestamp when the login link expires. Used only to display. + */ +function _user_pass_reset_form($account, $expire) { + $form['message'] = array('#markup' => t('

This is a one-time login for %user_name and will expire on %expiration_date.

', array('%user_name' => $account->name, '%expiration_date' => format_date($expire)))); + $form['help'] = array('#markup' => '

' . t('This login can be used only once.') . '

'); + $form['pass'] = array('#type' => 'password_confirm', '#required' => TRUE); + $form['submit'] = array('#type' => 'submit', '#value' => t('Change password and log in')); + $form['#account'] = $account; + $form['#redirect'] = "user/$account->uid"; + return $form; +} + +/** + * Change password and log in the user. + */ +function user_pass_reset_submit($form, $form_state) { + global $user; + watchdog('user', 'User %name used one-time login link at time %timestamp.', array('%name' => $form['#account']->name, '%timestamp' => REQUEST_TIME)); + // Set the new user. + $user = $form['#account']; + user_save($user, array('pass' => $form_state['values']['pass'])); + // user_authenticate_finalize() also updates the login timestamp of the + // user, which invalidates further use of the one-time login link. + user_authenticate_finalize($form_state['values']); + drupal_set_message(t('Password changed.')); +} + +/** * Menu callback; logs the current user out, and redirects to the home page. */ function user_logout() {