diff options
Diffstat (limited to 'modules/user/user.pages.inc')
| -rw-r--r-- | modules/user/user.pages.inc | 11 |
1 files changed, 4 insertions, 7 deletions
diff --git a/modules/user/user.pages.inc b/modules/user/user.pages.inc index 88ce583ac..eb3e7db87 100644 --- a/modules/user/user.pages.inc +++ b/modules/user/user.pages.inc @@ -96,14 +96,11 @@ function user_pass_reset(&$form_state, $uid, $timestamp, $hashed_pass, $action = // First stage is a confirmation form, then login if ($action == 'login') { watchdog('user', 'User %name used one-time login link at time %timestamp.', array('%name' => $account->name, '%timestamp' => $timestamp)); - // Update the user table noting user has logged in. - // And this also makes this hashed password a one-time-only login. - db_query("UPDATE {users} SET login = %d WHERE uid = %d", time(), $account->uid); - // Now we can set the new user. + // Set the new user. $user = $account; - // And proceed with normal login, going to user page. - $edit = array(); - user_module_invoke('login', $edit, $user); + // user_authenticate_finalize() also updates the login timestamp of the + // user, which invalidates further use of the one-time login link. + user_authenticate_finalize($form_state['values']); drupal_set_message(t('You have just used your one-time login link. It is no longer necessary to use this link to login. Please change your password.')); drupal_goto('user/'. $user->uid .'/edit'); } |