--- user.pages.inc.orig 2010-02-06 15:57:58.000000000 -0600 +++ user.pages.inc 2010-02-06 17:06:11.000000000 -0600 @@ -31,12 +31,13 @@ function user_pass() { $form['name'] = array( '#type' => 'textfield', - '#title' => t('Username or e-mail address'), + '#title' => t('e-mail address or Username'), '#size' => 60, '#maxlength' => max(USERNAME_MAX_LENGTH, EMAIL_MAX_LENGTH), '#required' => TRUE, + '#description' => t('Please enter either the e-mail address or the username you registered with @s.', array('@s' => variable_get('site_name', 'Drupal'))), ); - $form['submit'] = array('#type' => 'submit', '#value' => t('E-mail new password')); + $form['submit'] = array('#type' => 'submit', '#value' => t('Request password reset')); return $form; } @@ -71,21 +72,20 @@ // Mail one time login URL and instructions using current language. _user_mail_notify('password_reset', $account, $language); watchdog('user', 'Password reset instructions mailed to %name at %email.', array('%name' => $account->name, '%email' => $account->mail)); - drupal_set_message(t('Further instructions have been sent to your e-mail address.')); + drupal_set_message(t('A one-time login link and further instructions have been sent to your e-mail address.')); - $form_state['redirect'] = 'user'; return; } /** - * Menu callback; process one time login link and redirects to the user page on success. + * Form builder; process one-time login link and require a new password. */ function user_pass_reset(&$form_state, $uid, $timestamp, $hashed_pass, $action = NULL) { global $user; // Check if the user is already logged in. The back button is often the culprit here. if ($user->uid) { - drupal_set_message(t('You have already used this one-time login link. It is not necessary to use this link to login anymore. You are already logged in.')); + drupal_set_message(t('You have already used this one-time login link, therefore you need to login with your password. In this case this is not necessary because you are already logged in.')); drupal_goto(); } else { @@ -102,31 +102,27 @@ // No time out for first time login. if ($account->login && $current - $timestamp > $timeout) { - drupal_set_message(t('You have tried to use a one-time login link that has expired. Please request a new one using the form below.')); + drupal_set_message(t('You have tried to use a one-time login link which has expired. Please request a new one using the form below.')); drupal_goto('user/password'); } else if ($account->uid && $timestamp > $account->login && $timestamp < $current && $hashed_pass == user_pass_rehash($account->pass, $timestamp, $account->login)) { // First stage is a confirmation form, then login - if ($action == 'login') { - watchdog('user', 'User %name used one-time login link at time %timestamp.', array('%name' => $account->name, '%timestamp' => $timestamp)); - // Set the new user. - $user = $account; - // user_authenticate_finalize() also updates the login timestamp of the - // user, which invalidates further use of the one-time login link. - user_authenticate_finalize($form_state['values']); - drupal_set_message(t('You have just used your one-time login link. It is no longer necessary to use this link to login. Please change your password.')); - drupal_goto('user/'. $user->uid .'/edit'); - } - else { - $form['message'] = array('#value' => t('

This is a one-time login for %user_name and will expire on %expiration_date.

Click on this button to login to the site and change your password.

', array('%user_name' => $account->name, '%expiration_date' => format_date($timestamp + $timeout)))); - $form['help'] = array('#value' => '

'. t('This login can be used only once.') .'

'); - $form['submit'] = array('#type' => 'submit', '#value' => t('Log in')); - $form['#action'] = url("user/reset/$uid/$timestamp/$hashed_pass/login"); - return $form; - } + // Require the user to enter a new password before logging in. + _user_password_dynamic_validation(); + $form['message'] = array('#markup' => '

' . t('This is a one-time login for %user_name and will expire on %expiration_date.', array('%user_name' => $account->name, '%expiration_date' => format_date($timestamp + $timeout))) . '

'); + $form['help'] = array('#markup' => '

' . t('Please enter a new password and click on the button to login.') . '

'); + $form['pass'] = array('#type' => 'password_confirm', + '#description' => t('Please enter the new password in both fields.'), + '#required' => TRUE, + '#size' => 25, + ); + $form['uid'] = array('#type' => 'hidden', '#value' => $account->uid); + $form['submit'] = array('#type' => 'submit', '#value' => t('Log in')); + $form['#action'] = url("user/reset/$uid/$timestamp/$hashed_pass/login"); + return $form; } else { - drupal_set_message(t('You have tried to use a one-time login link which has either been used or is no longer valid. Please request a new one using the form below.')); + drupal_set_message(t('You have tried to use a one-time login link which has already been used. Please request a new one using the form below.')); drupal_goto('user/password'); } } @@ -137,7 +133,29 @@ } } } - +function user_pass_reset_submit($form, &$form_state) { + global $user; + + // Prepare saving new password. + $account = new stdClass(); + $account->uid = $form_state['values']['uid']; + $edit = array('pass' => $form_state['values']['pass']); + + // Save new password. + if ($user = user_save($account, $edit)) { + // Saving succeeded. Now authenticate user and password. + user_authenticate_finalize($edit); + watchdog('user', t('User %name used one-time login link at time %timestamp.', array('%name' => $user->name, '%timestamp' => $user->login))); + drupal_set_message(t('You have been successfully logged in using your one-time login link. ' . + 'From now on you can log in with your username %user_name and the new password you just entered.', array('%user_name' => $user->name))); + drupal_goto('user/'. $user->uid); + } + else { + // Saving failed. + drupal_goto(); + } +} + /** * Menu callback; logs the current user out, and redirects to the home page. */