mirror of
https://github.com/phpbb/phpbb.git
synced 2025-06-28 06:08:52 +00:00
[ticket/10432] Don't require username when user forgets password
PHPBB3-10432
This commit is contained in:
Jakub Senko
parent
7e003bf687
commit
101d3b7633
5 changed files with 132 additions and 86 deletions
|
|
@ -50,11 +50,16 @@ class ucp_remind
|
|||
trigger_error('FORM_INVALID');
|
||||
}
|
||||
|
||||
if (empty($email))
|
||||
{
|
||||
trigger_error('NO_EMAIL_USER');
|
||||
}
|
||||
|
||||
$sql_array = array(
|
||||
'SELECT' => 'user_id, username, user_permissions, user_email, user_jabber, user_notify_type, user_type, user_lang, user_inactive_reason',
|
||||
'FROM' => array(USERS_TABLE => 'u'),
|
||||
'WHERE' => "user_email_hash = '" . $db->sql_escape(phpbb_email_hash($email)) . "'
|
||||
AND username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"
|
||||
'WHERE' => "user_email_hash = '" . $db->sql_escape(phpbb_email_hash($email)) . "'" .
|
||||
(!empty($username) ? " AND username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'" : ''),
|
||||
);
|
||||
|
||||
/**
|
||||
|
|
@ -75,6 +80,18 @@ class ucp_remind
|
|||
|
||||
$sql = $db->sql_build_query('SELECT', $sql_array);
|
||||
$result = $db->sql_query($sql);
|
||||
|
||||
if ($db->sql_affectedrows() > 1)
|
||||
{
|
||||
$db->sql_freeresult($result);
|
||||
|
||||
$template->assign_vars(array(
|
||||
'USERNAME_REQUIRED' => true,
|
||||
'EMAIL' => $email,
|
||||
));
|
||||
}
|
||||
else
|
||||
{
|
||||
$user_row = $db->sql_fetchrow($result);
|
||||
$db->sql_freeresult($result);
|
||||
|
||||
|
|
@ -151,6 +168,7 @@ class ucp_remind
|
|||
$message = $user->lang['PASSWORD_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a>');
|
||||
trigger_error($message);
|
||||
}
|
||||
}
|
||||
|
||||
$template->assign_vars(array(
|
||||
'USERNAME' => $username,
|
||||
|
|
|
|||
|
|
@ -386,6 +386,7 @@ $lang = array_merge($lang, array(
|
|||
'NO_BOOKMARKS_SELECTED' => 'You have selected no bookmarks.',
|
||||
'NO_EDIT_READ_MESSAGE' => 'Private message cannot be edited because it has already been read.',
|
||||
'NO_EMAIL_USER' => 'The email/username information submitted could not be found.',
|
||||
'EMAIL_NOT_UNIQUE' => 'Email you specified is used by multiple users. You must specify username as well.',
|
||||
'NO_FOES' => 'No foes currently defined',
|
||||
'NO_FRIENDS' => 'No friends currently defined',
|
||||
'NO_FRIENDS_OFFLINE' => 'No friends offline',
|
||||
|
|
|
|||
|
|
@ -9,14 +9,19 @@
|
|||
<h2>{L_SEND_PASSWORD}</h2>
|
||||
|
||||
<fieldset>
|
||||
{% if USERNAME_REQUIRED %}
|
||||
<p class="error">{{ lang('EMAIL_NOT_UNIQUE') }}</p>
|
||||
{% endif %}
|
||||
<dl>
|
||||
<dt><label for="email">{L_EMAIL_ADDRESS}{L_COLON}</label><br /><span>{L_EMAIL_REMIND}</span></dt>
|
||||
<dd><input class="inputbox narrow" type="email" name="email" id="email" size="25" maxlength="100" value="{{ EMAIL }}" autofocus /></dd>
|
||||
</dl>
|
||||
{% if USERNAME_REQUIRED %}
|
||||
<dl>
|
||||
<dt><label for="username">{L_USERNAME}{L_COLON}</label></dt>
|
||||
<dd><input class="inputbox narrow" type="text" name="username" id="username" size="25" /></dd>
|
||||
</dl>
|
||||
<dl>
|
||||
<dt><label for="email">{L_EMAIL_ADDRESS}{L_COLON}</label><br /><span>{L_EMAIL_REMIND}</span></dt>
|
||||
<dd><input class="inputbox narrow" type="email" name="email" id="email" size="25" maxlength="100" /></dd>
|
||||
</dl>
|
||||
{% endif %}
|
||||
<dl>
|
||||
<dt> </dt>
|
||||
<dd>{S_HIDDEN_FIELDS}<input type="submit" name="submit" id="submit" class="button1" value="{L_SUBMIT}" tabindex="2" /> <input type="reset" value="{L_RESET}" name="reset" class="button2" /></dd>
|
||||
|
|
|
|||
|
|
@ -21,25 +21,46 @@ class phpbb_functional_user_password_reset_test extends phpbb_functional_test_ca
|
|||
public function test_password_reset()
|
||||
{
|
||||
$this->add_lang('ucp');
|
||||
$user_id = $this->create_user('reset-password-test-user');
|
||||
$user_id = $this->create_user('reset-password-test-user', 'reset-password-test-user@test.com');
|
||||
|
||||
$crawler = self::request('GET', "ucp.php?mode=sendpassword&sid={$this->sid}");
|
||||
$form = $crawler->selectButton('submit')->form(array(
|
||||
'username' => 'reset-password-test-user',
|
||||
));
|
||||
$form = $crawler->selectButton('submit')->form();
|
||||
$crawler = self::submit($form);
|
||||
$this->assertContainsLang('NO_EMAIL_USER', $crawler->text());
|
||||
|
||||
$crawler = self::request('GET', "ucp.php?mode=sendpassword&sid={$this->sid}");
|
||||
$form = $crawler->selectButton('submit')->form(array(
|
||||
'username' => 'reset-password-test-user',
|
||||
'email' => 'nobody@example.com',
|
||||
'email' => 'reset-password-test-user@test.com',
|
||||
));
|
||||
$crawler = self::submit($form);
|
||||
$this->assertContainsLang('PASSWORD_UPDATED', $crawler->text());
|
||||
|
||||
// Check if columns in database were updated for password reset
|
||||
$this->get_user_data();
|
||||
$this->get_user_data('reset-password-test-user');
|
||||
$this->assertNotNull($this->user_data['user_actkey']);
|
||||
$this->assertNotNull($this->user_data['user_newpasswd']);
|
||||
|
||||
// Create another user with the same email
|
||||
$this->create_user('reset-password-test-user1', 'reset-password-test-user@test.com');
|
||||
|
||||
// Test that username is now also required
|
||||
$crawler = self::request('GET', "ucp.php?mode=sendpassword&sid={$this->sid}");
|
||||
$form = $crawler->selectButton('submit')->form(array(
|
||||
'email' => 'reset-password-test-user@test.com',
|
||||
));
|
||||
$crawler = self::submit($form);
|
||||
$this->assertContainsLang('EMAIL_NOT_UNIQUE', $crawler->text());
|
||||
|
||||
// Provide both username and email
|
||||
$form = $crawler->selectButton('submit')->form(array(
|
||||
'email' => 'reset-password-test-user@test.com',
|
||||
'username' => 'reset-password-test-user1',
|
||||
));
|
||||
$crawler = self::submit($form);
|
||||
$this->assertContainsLang('PASSWORD_UPDATED', $crawler->text());
|
||||
|
||||
// Check if columns in database were updated for password reset
|
||||
$this->get_user_data('reset-password-test-user1');
|
||||
$this->assertNotNull($this->user_data['user_actkey']);
|
||||
$this->assertNotNull($this->user_data['user_newpasswd']);
|
||||
|
||||
|
|
@ -73,7 +94,7 @@ class phpbb_functional_user_password_reset_test extends phpbb_functional_test_ca
|
|||
public function test_activate_new_password($expected, $user_id, $act_key)
|
||||
{
|
||||
$this->add_lang('ucp');
|
||||
$this->get_user_data();
|
||||
$this->get_user_data('reset-password-test-user');
|
||||
$user_id = (!$user_id) ? $this->user_data['user_id'] : $user_id;
|
||||
$act_key = (!$act_key) ? $this->user_data['user_actkey'] : $act_key;
|
||||
|
||||
|
|
@ -119,7 +140,7 @@ class phpbb_functional_user_password_reset_test extends phpbb_functional_test_ca
|
|||
public function test_acivateAfterDeactivate()
|
||||
{
|
||||
// User is active, actkey should not exist
|
||||
$this->get_user_data();
|
||||
$this->get_user_data('reset-password-test-user');
|
||||
$this->assertEmpty($this->user_data['user_actkey']);
|
||||
|
||||
$this->login();
|
||||
|
|
@ -143,7 +164,7 @@ class phpbb_functional_user_password_reset_test extends phpbb_functional_test_ca
|
|||
$crawler = self::request('GET', preg_replace('#(.+)(adm/index.php.+)#', '$2', $link->getUri()));
|
||||
|
||||
// Ensure again that actkey is empty after deactivation
|
||||
$this->get_user_data();
|
||||
$this->get_user_data('reset-password-test-user');
|
||||
$this->assertEmpty($this->user_data['user_actkey']);
|
||||
|
||||
// Force reactivation of account and check that act key is not empty anymore
|
||||
|
|
@ -152,16 +173,16 @@ class phpbb_functional_user_password_reset_test extends phpbb_functional_test_ca
|
|||
$crawler = self::submit($form, array('action' => 'reactivate'));
|
||||
$this->assertContainsLang('FORCE_REACTIVATION_SUCCESS', $crawler->filter('html')->text());
|
||||
|
||||
$this->get_user_data();
|
||||
$this->get_user_data('reset-password-test-user');
|
||||
$this->assertNotEmpty($this->user_data['user_actkey']);
|
||||
}
|
||||
|
||||
protected function get_user_data()
|
||||
protected function get_user_data($username)
|
||||
{
|
||||
$db = $this->get_db();
|
||||
$sql = 'SELECT user_id, username, user_type, user_email, user_newpasswd, user_lang, user_notify_type, user_actkey, user_inactive_reason
|
||||
FROM ' . USERS_TABLE . "
|
||||
WHERE username = 'reset-password-test-user'";
|
||||
WHERE username = '$username'";
|
||||
$result = $db->sql_query($sql);
|
||||
$this->user_data = $db->sql_fetchrow($result);
|
||||
$db->sql_freeresult($result);
|
||||
|
|
|
|||
|
|
@ -550,9 +550,10 @@ class phpbb_functional_test_case extends phpbb_test_case
|
|||
* Creates a new user with limited permissions
|
||||
*
|
||||
* @param string $username Also doubles up as the user's password
|
||||
* @param string $email User email (defaults to nobody@example.com)
|
||||
* @return int ID of created user
|
||||
*/
|
||||
protected function create_user($username)
|
||||
protected function create_user($username, $email = 'nobody@example.com')
|
||||
{
|
||||
// Required by unique_id
|
||||
global $config;
|
||||
|
|
@ -604,7 +605,7 @@ class phpbb_functional_test_case extends phpbb_test_case
|
|||
$user_row = array(
|
||||
'username' => $username,
|
||||
'group_id' => 2,
|
||||
'user_email' => 'nobody@example.com',
|
||||
'user_email' => $email,
|
||||
'user_type' => 0,
|
||||
'user_lang' => 'en',
|
||||
'user_timezone' => 'UTC',
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue