Index: modules/user/user.module =================================================================== RCS file: /cvs/drupal/drupal/modules/user/user.module,v retrieving revision 1.892.2.9 diff -u -r1.892.2.9 user.module --- modules/user/user.module 5 Nov 2008 14:13:03 -0000 1.892.2.9 +++ modules/user/user.module 3 Dec 2008 11:58:45 -0000 @@ -1659,7 +1659,7 @@ case 'password_reset_subject': return t('Replacement login information for !username at !site', $variables, $langcode); case 'password_reset_body': - return t("!username,\n\nA request to reset the password for your account has been made at !site.\n\nYou may now log in to !uri_brief by clicking on this link or copying and pasting it in your browser:\n\n!login_url\n\nThis is a one-time login, so it can be used only once. It expires after one day and nothing will happen if it's not used.\n\nAfter logging in, you will be redirected to !edit_uri so you can change your password.", $variables, $langcode); + return t("!username,\n\nA request to reset the password for your account has been made at !site.\n\nYou may now log in to !uri_brief by clicking on this link or copying and pasting it in your browser:\n\n!login_url\n\nThis is a one-time login, so it can be used only once. It expires after one day and nothing will happen if it's not used.\n\nIf you do follow the link, you will be asked to change your password.", $variables, $langcode); case 'status_activated_subject': return t('Account details for !username at !site (approved)', $variables, $langcode); case 'status_activated_body': Index: modules/user/user.pages.inc =================================================================== RCS file: /cvs/drupal/drupal/modules/user/user.pages.inc,v retrieving revision 1.11.2.1 diff -u -r1.11.2.1 user.pages.inc --- modules/user/user.pages.inc 8 Oct 2008 20:12:18 -0000 1.11.2.1 +++ modules/user/user.pages.inc 3 Dec 2008 11:58:45 -0000 @@ -35,8 +35,9 @@ '#size' => 60, '#maxlength' => max(USERNAME_MAX_LENGTH, EMAIL_MAX_LENGTH), '#required' => TRUE, + '#description' => t('Please enter either your username or the e-mail address you registered with @s.', array('@s' => variable_get('site_name', 'Drupal'))), ); - $form['submit'] = array('#type' => 'submit', '#value' => t('E-mail new password')); + $form['submit'] = array('#type' => 'submit', '#value' => t('Request password reset')); return $form; } @@ -71,21 +72,20 @@ // Mail one time login URL and instructions using current language. _user_mail_notify('password_reset', $account, $language); watchdog('user', 'Password reset instructions mailed to %name at %email.', array('%name' => $account->name, '%email' => $account->mail)); - drupal_set_message(t('Further instructions have been sent to your e-mail address.')); + drupal_set_message(t('A one-time login link and further instructions have been sent to your e-mail address.')); - $form_state['redirect'] = 'user'; return; } /** - * Menu callback; process one time login link and redirects to the user page on success. + * Form builder; process one-time login link and require a new password. */ function user_pass_reset(&$form_state, $uid, $timestamp, $hashed_pass, $action = NULL) { global $user; // Check if the user is already logged in. The back button is often the culprit here. if ($user->uid) { - drupal_set_message(t('You have already used this one-time login link. It is not necessary to use this link to login anymore. You are already logged in.')); + drupal_set_message(t('You have already used this one-time login link, therefore you need to login with your password. In this case this is not necessary because you are already logged in.')); drupal_goto(); } else { @@ -102,31 +102,27 @@ // No time out for first time login. if ($account->login && $current - $timestamp > $timeout) { - drupal_set_message(t('You have tried to use a one-time login link that has expired. Please request a new one using the form below.')); + drupal_set_message(t('You have tried to use a one-time login link which has expired. Please request a new one using the form below.')); drupal_goto('user/password'); } else if ($account->uid && $timestamp > $account->login && $timestamp < $current && $hashed_pass == user_pass_rehash($account->pass, $timestamp, $account->login)) { // First stage is a confirmation form, then login - if ($action == 'login') { - watchdog('user', 'User %name used one-time login link at time %timestamp.', array('%name' => $account->name, '%timestamp' => $timestamp)); - // Set the new user. - $user = $account; - // user_authenticate_finalize() also updates the login timestamp of the - // user, which invalidates further use of the one-time login link. - user_authenticate_finalize($form_state['values']); - drupal_set_message(t('You have just used your one-time login link. It is no longer necessary to use this link to login. Please change your password.')); - drupal_goto('user/'. $user->uid .'/edit'); - } - else { - $form['message'] = array('#value' => t('

This is a one-time login for %user_name and will expire on %expiration_date.

Click on this button to login to the site and change your password.

', array('%user_name' => $account->name, '%expiration_date' => format_date($timestamp + $timeout)))); - $form['help'] = array('#value' => '

'. t('This login can be used only once.') .'

'); - $form['submit'] = array('#type' => 'submit', '#value' => t('Log in')); - $form['#action'] = url("user/reset/$uid/$timestamp/$hashed_pass/login"); - return $form; - } + // Require the user to enter a new password before logging in. + _user_password_dynamic_validation(); + $form['message'] = array('#markup' => '

' . t('This is a one-time login for %user_name and will expire on %expiration_date.', array('%user_name' => $account->name, '%expiration_date' => format_date($timestamp + $timeout))) . '

'); + $form['help'] = array('#markup' => '

' . t('Please enter a new password and click on the button to login.') . '

'); + $form['pass'] = array('#type' => 'password_confirm', + '#description' => t('Please enter the new password in both fields.'), + '#required' => TRUE, + '#size' => 25, + ); + $form['uid'] = array('#type' => 'hidden', '#value' => $account->uid); + $form['submit'] = array('#type' => 'submit', '#value' => t('Log in')); + $form['#action'] = url("user/reset/$uid/$timestamp/$hashed_pass/login"); + return $form; } else { - drupal_set_message(t('You have tried to use a one-time login link which has either been used or is no longer valid. Please request a new one using the form below.')); + drupal_set_message(t('You have tried to use a one-time login link which has already been used. Please request a new one using the form below.')); drupal_goto('user/password'); } } @@ -138,6 +134,29 @@ } } +function user_pass_reset_submit($form, &$form_state) { + global $user; + + // Prepare saving new password. + $account = new stdClass(); + $account->uid = $form_state['values']['uid']; + $edit = array('pass' => $form_state['values']['pass']); + + // Save new password. + if ($user = user_save($account, $edit)) { + // Saving succeeded. Now authenticate user and password. + user_authenticate_finalize($edit); + watchdog('user', t('User %name used one-time login link at time %timestamp.', array('%name' => $user->name, '%timestamp' => $user->login))); + drupal_set_message(t('You have been successfully logged in using your one-time login link. ' . + 'From now on you can log in with your username %user_name and the new password you just entered.', array('%user_name' => $user->name))); + drupal_goto('user/'. $user->uid); + } + else { + // Saving failed. + drupal_goto(); + } +} + /** * Menu callback; logs the current user out, and redirects to the home page. */