diff options
| author | Dries Buytaert <dries@buytaert.net> | 2009-06-05 09:26:06 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2009-06-05 09:26:06 +0000 |
| commit | 5feda4e2a84a63353177629643393b8380f1fcb4 (patch) | |
| tree | a5316f622d4b6cf4aa897d388fe580c354373e1a /modules | |
| parent | a892004663a0c19c1f86e7357b47e6d2e5b8c640 (diff) | |
| download | brdo-5feda4e2a84a63353177629643393b8380f1fcb4.tar.gz brdo-5feda4e2a84a63353177629643393b8380f1fcb4.tar.bz2 | |
- Patch #481794 by mr.baileys: made the one-time link be active immediately so we can remove a hack from the tests.
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/user/user.pages.inc | 4 | ||||
| -rw-r--r-- | modules/user/user.test | 1 |
2 files changed, 2 insertions, 3 deletions
diff --git a/modules/user/user.pages.inc b/modules/user/user.pages.inc index 6cdc30c34..2547b7bc8 100644 --- a/modules/user/user.pages.inc +++ b/modules/user/user.pages.inc @@ -89,13 +89,13 @@ function user_pass_reset(&$form_state, $uid, $timestamp, $hashed_pass, $action = $current = REQUEST_TIME; // Some redundant checks for extra security ? $users = user_load_multiple(array($uid), array('status' => '1')); - if ($timestamp < $current && $account = reset($users)) { + if ($timestamp <= $current && $account = reset($users)) { // No time out for first time login. if ($account->login && $current - $timestamp > $timeout) { drupal_set_message(t('You have tried to use a one-time login link that has expired. Please request a new one using the form below.')); drupal_goto('user/password'); } - elseif ($account->uid && $timestamp > $account->login && $timestamp < $current && $hashed_pass == user_pass_rehash($account->pass, $timestamp, $account->login)) { + elseif ($account->uid && $timestamp >= $account->login && $timestamp <= $current && $hashed_pass == user_pass_rehash($account->pass, $timestamp, $account->login)) { // First stage is a confirmation form, then login if ($action == 'login') { watchdog('user', 'User %name used one-time login link at time %timestamp.', array('%name' => $account->name, '%timestamp' => $timestamp)); diff --git a/modules/user/user.test b/modules/user/user.test index e12294a3a..028d06e07 100644 --- a/modules/user/user.test +++ b/modules/user/user.test @@ -57,7 +57,6 @@ class UserRegistrationTestCase extends DrupalWebTestCase { // Login using password reset page. $url = user_pass_reset_url($user); - sleep(1); // TODO Find better way. $this->drupalGet($url); $this->assertText(t('This login can be used only once.'), t('Login can be used only once.')); |