mirror of
https://github.com/phpbb/phpbb.git
synced 2025-06-28 06:08:52 +00:00
[ticket/10432] Fix errors and address privacy concern
PHPBB3-10432
This commit is contained in:
Jakub Senko
parent
30d1048c8e
commit
1d2a654ad7
4 changed files with 26 additions and 27 deletions
|
|
@ -79,7 +79,7 @@ class ucp_remind
|
|||
extract($phpbb_dispatcher->trigger_event('core.ucp_remind_modify_select_sql', compact($vars)));
|
||||
|
||||
$sql = $db->sql_build_query('SELECT', $sql_array);
|
||||
$result = $db->sql_query($sql);
|
||||
$result = $db->sql_query_limit($sql, 2); // don't waste resources on more rows than we need
|
||||
$rowset = $db->sql_fetchrowset($result);
|
||||
|
||||
if (count($rowset) > 1)
|
||||
|
|
@ -93,29 +93,24 @@ class ucp_remind
|
|||
}
|
||||
else
|
||||
{
|
||||
$message = $user->lang['PASSWORD_UPDATED_IF_EXISTED'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a>');
|
||||
|
||||
if (empty($rowset))
|
||||
{
|
||||
trigger_error($message);
|
||||
}
|
||||
|
||||
$user_row = $rowset[0];
|
||||
$db->sql_freeresult($result);
|
||||
|
||||
if (!$user_row)
|
||||
{
|
||||
trigger_error('NO_EMAIL_USER');
|
||||
trigger_error($message);
|
||||
}
|
||||
|
||||
if ($user_row['user_type'] == USER_IGNORE)
|
||||
if ($user_row['user_type'] == USER_IGNORE || $user_row['user_type'] == USER_INACTIVE)
|
||||
{
|
||||
trigger_error('NO_USER');
|
||||
}
|
||||
|
||||
if ($user_row['user_type'] == USER_INACTIVE)
|
||||
{
|
||||
if ($user_row['user_inactive_reason'] == INACTIVE_MANUAL)
|
||||
{
|
||||
trigger_error('ACCOUNT_DEACTIVATED');
|
||||
}
|
||||
else
|
||||
{
|
||||
trigger_error('ACCOUNT_NOT_ACTIVATED');
|
||||
}
|
||||
trigger_error($message);
|
||||
}
|
||||
|
||||
// Check users permissions
|
||||
|
|
@ -124,8 +119,7 @@ class ucp_remind
|
|||
|
||||
if (!$auth2->acl_get('u_chgpasswd'))
|
||||
{
|
||||
send_status_line(403, 'Forbidden');
|
||||
trigger_error('NO_AUTH_PASSWORD_REMINDER');
|
||||
trigger_error($message);
|
||||
}
|
||||
|
||||
$server_url = generate_board_url();
|
||||
|
|
@ -164,9 +158,6 @@ class ucp_remind
|
|||
|
||||
$messenger->send($user_row['user_notify_type']);
|
||||
|
||||
meta_refresh(3, append_sid("{$phpbb_root_path}index.$phpEx"));
|
||||
|
||||
$message = $user->lang['PASSWORD_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a>');
|
||||
trigger_error($message);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -62,7 +62,6 @@ $lang = array_merge($lang, array(
|
|||
|
||||
'ACCOUNT_ALREADY_ACTIVATED' => 'Your account has already been activated.',
|
||||
'ACCOUNT_DEACTIVATED' => 'Your account has been manually deactivated and is only able to be reactivated by an administrator.',
|
||||
'ACCOUNT_NOT_ACTIVATED' => 'Your account has not been activated yet.',
|
||||
'ACP' => 'Administration Control Panel',
|
||||
'ACP_SHORT' => 'ACP',
|
||||
'ACTIVE' => 'active',
|
||||
|
|
|
|||
|
|
@ -373,7 +373,6 @@ $lang = array_merge($lang, array(
|
|||
'NO_AUTH_EDIT_MESSAGE' => 'You are not authorised to edit private messages.',
|
||||
'NO_AUTH_FORWARD_MESSAGE' => 'You are not authorised to forward private messages.',
|
||||
'NO_AUTH_GROUP_MESSAGE' => 'You are not authorised to send private messages to groups.',
|
||||
'NO_AUTH_PASSWORD_REMINDER' => 'You are not authorised to request a new password.',
|
||||
'NO_AUTH_PROFILEINFO' => 'You are not authorised to change your profile information.',
|
||||
'NO_AUTH_READ_HOLD_MESSAGE' => 'You are not authorised to read private messages that are on hold.',
|
||||
'NO_AUTH_READ_MESSAGE' => 'You are not authorised to read private messages.',
|
||||
|
|
@ -412,7 +411,7 @@ $lang = array_merge($lang, array(
|
|||
'PASS_TYPE_SYMBOL_EXPLAIN' => 'Password must be between %1$s and %2$s long, must contain letters in mixed case, must contain numbers and must contain symbols.',
|
||||
'PASSWORD' => 'Password',
|
||||
'PASSWORD_ACTIVATED' => 'Your new password has been activated.',
|
||||
'PASSWORD_UPDATED' => 'A new password was sent to your registered email address.',
|
||||
'PASSWORD_UPDATED_IF_EXISTED' => 'If your account exists a new password was sent to your registered email address. If it does not, it may be because you are banned, not activated your account yet or not allowed to change password. Contact admin if that is the case.',
|
||||
'PERMISSIONS_RESTORED' => 'Successfully restored original permissions.',
|
||||
'PERMISSIONS_TRANSFERRED' => 'Successfully transferred permissions from <strong>%s</strong>, you are now able to browse the board with this user’s permissions.<br />Please note that admin permissions were not transferred. You are able to revert to your permission set at any time.',
|
||||
'PM_DISABLED' => 'Private messaging has been disabled on this board.',
|
||||
|
|
|
|||
|
|
@ -23,17 +23,27 @@ class phpbb_functional_user_password_reset_test extends phpbb_functional_test_ca
|
|||
$this->add_lang('ucp');
|
||||
$user_id = $this->create_user('reset-password-test-user', 'reset-password-test-user@test.com');
|
||||
|
||||
// test without email
|
||||
$crawler = self::request('GET', "ucp.php?mode=sendpassword&sid={$this->sid}");
|
||||
$form = $crawler->selectButton('submit')->form();
|
||||
$crawler = self::submit($form);
|
||||
$this->assertContainsLang('NO_EMAIL_USER', $crawler->text());
|
||||
|
||||
// test with non-existent email
|
||||
$crawler = self::request('GET', "ucp.php?mode=sendpassword&sid={$this->sid}");
|
||||
$form = $crawler->selectButton('submit')->form(array(
|
||||
'email' => 'non-existent@email.com',
|
||||
));
|
||||
$crawler = self::submit($form);
|
||||
$this->assertContainsLang('PASSWORD_UPDATED_IF_EXISTED', $crawler->text());
|
||||
|
||||
// test with correct email
|
||||
$crawler = self::request('GET', "ucp.php?mode=sendpassword&sid={$this->sid}");
|
||||
$form = $crawler->selectButton('submit')->form(array(
|
||||
'email' => 'reset-password-test-user@test.com',
|
||||
));
|
||||
$crawler = self::submit($form);
|
||||
$this->assertContainsLang('PASSWORD_UPDATED', $crawler->text());
|
||||
$this->assertContainsLang('PASSWORD_UPDATED_IF_EXISTED', $crawler->text());
|
||||
|
||||
// Check if columns in database were updated for password reset
|
||||
$this->get_user_data('reset-password-test-user');
|
||||
|
|
@ -57,7 +67,7 @@ class phpbb_functional_user_password_reset_test extends phpbb_functional_test_ca
|
|||
'username' => 'reset-password-test-user1',
|
||||
));
|
||||
$crawler = self::submit($form);
|
||||
$this->assertContainsLang('PASSWORD_UPDATED', $crawler->text());
|
||||
$this->assertContainsLang('PASSWORD_UPDATED_IF_EXISTED', $crawler->text());
|
||||
|
||||
// Check if columns in database were updated for password reset
|
||||
$this->get_user_data('reset-password-test-user1');
|
||||
|
|
@ -182,7 +192,7 @@ class phpbb_functional_user_password_reset_test extends phpbb_functional_test_ca
|
|||
$db = $this->get_db();
|
||||
$sql = 'SELECT user_id, username, user_type, user_email, user_newpasswd, user_lang, user_notify_type, user_actkey, user_inactive_reason
|
||||
FROM ' . USERS_TABLE . "
|
||||
WHERE username = '$username'";
|
||||
WHERE username = '" . $db->sql_escape($username) . "'";
|
||||
$result = $db->sql_query($sql);
|
||||
$this->user_data = $db->sql_fetchrow($result);
|
||||
$db->sql_freeresult($result);
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue