show better errors on bad codes
darcs-hash:20080624225556-34904-2f31fbe0944374892005ea88977736bda59729fa.gz
This commit is contained in:
parent
77d9a12ef6
commit
9fe45d4158
@ -19,6 +19,10 @@
|
|||||||
|
|
||||||
if (!defined('LACONICA')) { exit(1); }
|
if (!defined('LACONICA')) { exit(1); }
|
||||||
|
|
||||||
|
# You have 24 hours to claim your password
|
||||||
|
|
||||||
|
define(MAX_RECOVERY_TIME, 24 * 60 * 60);
|
||||||
|
|
||||||
class RecoverpasswordAction extends Action {
|
class RecoverpasswordAction extends Action {
|
||||||
|
|
||||||
function handle($args) {
|
function handle($args) {
|
||||||
@ -44,21 +48,51 @@ class RecoverpasswordAction extends Action {
|
|||||||
}
|
}
|
||||||
|
|
||||||
function check_code() {
|
function check_code() {
|
||||||
|
|
||||||
$code = $this->trimmed('code');
|
$code = $this->trimmed('code');
|
||||||
$confirm = Confirm_address::staticGet($code);
|
$confirm = Confirm_address::staticGet($code);
|
||||||
if ($confirm && $confirm->address_type == 'recover') {
|
|
||||||
$user = User::staticGet($confirm->user_id);
|
if (!$confirm) {
|
||||||
if ($user) {
|
$this->client_error(_t('No such recovery code.'));
|
||||||
$result = $confirm->delete();
|
return;
|
||||||
if (!$result) {
|
|
||||||
common_log_db_error($confirm, 'DELETE', __FILE__);
|
|
||||||
common_server_error(_t('Error with confirmation code.'));
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
$this->set_temp_user($user);
|
|
||||||
$this->show_password_form();
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
if ($confirm->address_type != 'recover') {
|
||||||
|
$this->client_error(_t('Not a recovery code.'));
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
$user = User::staticGet($confirm->user_id);
|
||||||
|
|
||||||
|
if (!$user) {
|
||||||
|
$this->server_error(_t('Recovery code for unknown user.'));
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
$touched = strtotime($confirm->modified);
|
||||||
|
|
||||||
|
# Burn this code
|
||||||
|
|
||||||
|
$result = $confirm->delete();
|
||||||
|
|
||||||
|
if (!$result) {
|
||||||
|
common_log_db_error($confirm, 'DELETE', __FILE__);
|
||||||
|
common_server_error(_t('Error with confirmation code.'));
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
# These should be reaped, but for now we just check mod time
|
||||||
|
# Note: it's still deleted; let's avoid a second attempt!
|
||||||
|
|
||||||
|
if ((time() - $touched) > MAX_RECOVERY_TIME) {
|
||||||
|
$this->client_error(_t('This confirmation code is too old. ' .
|
||||||
|
'Please start again.'));
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Success!
|
||||||
|
|
||||||
|
$this->set_temp_user($user);
|
||||||
|
$this->show_password_form();
|
||||||
}
|
}
|
||||||
|
|
||||||
function set_temp_user(&$user) {
|
function set_temp_user(&$user) {
|
||||||
@ -97,7 +131,7 @@ class RecoverpasswordAction extends Action {
|
|||||||
common_element('div', 'error', $msg);
|
common_element('div', 'error', $msg);
|
||||||
} else {
|
} else {
|
||||||
common_element('div', 'instructions',
|
common_element('div', 'instructions',
|
||||||
_t('You\ve been identified . Enter a ' .
|
_t('You\'ve been identified. Enter a ' .
|
||||||
' new password below. '));
|
' new password below. '));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user