diff options
| author | Dries Buytaert <dries@buytaert.net> | 2009-06-30 11:32:08 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2009-06-30 11:32:08 +0000 |
| commit | 00fc298163ec610c55177196ca9550ae38f4e2ea (patch) | |
| tree | 159dec1d0a2728bcb405c75cbc60aa5df4706271 /modules/user/user.pages.inc | |
| parent | e4857747ca016f14afd2cc002339bbad5149efb7 (diff) | |
| download | brdo-00fc298163ec610c55177196ca9550ae38f4e2ea.tar.gz brdo-00fc298163ec610c55177196ca9550ae38f4e2ea.tar.bz2 | |
- Patch #497612 by Moshe Weitzman et al: harden user login by correctly using the form API. Complete commit now. Thank you, thank you.
Diffstat (limited to 'modules/user/user.pages.inc')
| -rw-r--r-- | modules/user/user.pages.inc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/modules/user/user.pages.inc b/modules/user/user.pages.inc index d3b736c02..e9778e32e 100644 --- a/modules/user/user.pages.inc +++ b/modules/user/user.pages.inc @@ -101,9 +101,9 @@ function user_pass_reset(&$form_state, $uid, $timestamp, $hashed_pass, $action = watchdog('user', 'User %name used one-time login link at time %timestamp.', array('%name' => $account->name, '%timestamp' => $timestamp)); // Set the new user. $user = $account; - // user_authenticate_finalize() also updates the login timestamp of the + // user_login_finalize() also updates the login timestamp of the // user, which invalidates further use of the one-time login link. - user_authenticate_finalize($form_state['values']); + user_login_finalize(); drupal_set_message(t('You have just used your one-time login link. It is no longer necessary to use this link to login. Please change your password.')); drupal_goto('user/' . $user->uid . '/edit'); } |