View source
<?php
function prlp_menu() {
$items = array();
$items['admin/user/prlp'] = array(
'title' => 'PRLP settings',
'description' => 'Configure - Password Reset Landing Page - what happens when users use their one-time login links for resetting password.',
'page callback' => 'drupal_get_form',
'page arguments' => array(
'prlp_admin_settings',
),
'access arguments' => array(
'administer users',
),
'file' => 'prlp.admin.inc',
);
return $items;
}
function prlp_form_user_pass_reset_alter(&$form, &$form_state) {
@(list($formid, $form_form_state, $uid, $timestamp, $hashed_pass) = $form['#parameters']);
if ($uid) {
$form['#user'] = user_load($uid);
$edit = empty($form_state['values']) ? (array) $form['#user'] : $form_state['values'];
$form = array_merge($form, _user_forms($edit, $form['#user'], 'account'));
$form['#user_category'] = 'account';
foreach ($form as $key => &$element) {
if (in_array($key, prlp_get_hidden_fields())) {
$element['#access'] = FALSE;
}
}
foreach ($form['account'] as $key => &$element) {
if (in_array($key, prlp_get_hidden_account_fields())) {
$element['#access'] = FALSE;
}
}
unset($form['#action']);
if (!empty($form['message']['#value'])) {
$form['message']['#value'] = str_replace('<p>Click on this button to log in to the site and change your password.</p>', '', $form['message']['#value']);
}
if (is_array($form['account']['pass']) && variable_get('prlp_password_required', 1)) {
$form['account']['pass']['#required'] = TRUE;
}
$form['#submit'][] = 'prlp_user_pass_reset_submit';
}
}
define('PRLP_DESTINATION_DEFAULT', 'user/%uid/edit');
function prlp_user_pass_reset_submit($form, &$form_state) {
global $user;
@(list($formid, $form_form_state, $uid, $timestamp, $hashed_pass) = $form['#parameters']);
if ($user->uid) {
if ($user->uid == $uid) {
drupal_set_message(t('You are logged in as %user. <a href="!user_edit">Change your password.</a>', array(
'%user' => $user->name,
'!user_edit' => url("user/{$user->uid}/edit"),
)));
}
else {
$reset_link_account = user_load($uid);
if (!empty($reset_link_account)) {
drupal_set_message(t('Another user (%other_user) is already logged into the site on this computer, but you tried to use a one-time link for user %resetting_user. Please <a href="!logout">logout</a> and try using the link again.', array(
'%other_user' => $user->name,
'%resetting_user' => $reset_link_account->name,
'!logout' => url('user/logout'),
)));
}
else {
drupal_set_message(t('The one-time login link you clicked is invalid.'));
}
}
$form_state['redirect'] = '';
}
else {
$timeout = variable_get('user_password_reset_timeout', 86400);
$current = time();
if ($timestamp < $current && ($account = user_load(array(
'uid' => $uid,
'status' => 1,
)))) {
if (drupal_is_denied('user', $account->name) || drupal_is_denied('mail', $account->mail)) {
drupal_set_message(t('You have tried to use a one-time login for an account which has been blocked.'), 'error');
drupal_goto();
}
if ($account->login && $current - $timestamp > $timeout) {
drupal_set_message(t('You have tried to use a one-time login link that has expired. Please request a new one using the form below.'));
$form_state['redirect'] = 'user/password';
}
elseif ($account->uid && $timestamp >= $account->login && $timestamp <= $current && $hashed_pass == user_pass_rehash($account->pass, $timestamp, $account->login)) {
$form_state['values']['_account'] = $account;
$form_state['values']['_category'] = 'account';
if (!isset($_SESSION)) {
$_SESSION = array();
}
user_profile_form_submit($form, $form_state);
$message_index = array_search(t('The changes have been saved.'), $_SESSION['messages']['status']);
$_SESSION['messages']['status'][$message_index] = variable_get($account->access ? 'prlp_confirmation_message_existing_users' : 'prlp_confirmation_message_new_users');
$_SESSION['messages']['status'] = array_filter($_SESSION['messages']['status']);
if (empty($_SESSION['messages']['status'])) {
unset($_SESSION['messages']['status']);
}
watchdog('user', 'User %name used one-time login link at time %timestamp.', array(
'%name' => $account->name,
'%timestamp' => $timestamp,
));
$user = user_load($account->uid);
user_authenticate_finalize($form_state['values']);
drupal_goto('user/' . $user->uid . '/edit');
$token = drupal_hash_base64(drupal_random_bytes(55));
$_SESSION['pass_reset_' . $user->uid] = $token;
$destination = variable_get('prlp_destination', PRLP_DESTINATION_DEFAULT);
if (empty($destination) || $destination == PRLP_DESTINATION_DEFAULT) {
$form_state['redirect'] = array(
'user/' . $user->uid . '/edit',
array(
'query' => array(
'pass-reset-token' => $token,
),
),
);
}
else {
$destination = str_replace('%uid', $user->uid, $destination);
$destination = drupal_parse_url($destination);
$form_state['redirect'] = array(
$destination['path'],
$destination,
);
}
}
else {
drupal_set_message(t('You have tried to use a one-time login link that has either been used or is no longer valid. Please request a new one using the form below.'));
$form_state['redirect'] = 'user/password';
}
}
else {
drupal_access_denied();
}
}
}
define('PRLP_HIDDEN_FIELDS_DEFAULT', "timezone");
function prlp_get_hidden_fields() {
static $fields = array();
if (empty($fields)) {
$fields = explode("\n", variable_get('prlp_hidden_fields', PRLP_HIDDEN_FIELDS_DEFAULT));
foreach ($fields as &$field) {
$field = trim($field);
}
}
return $fields;
}
define('PRLP_HIDDEN_ACCOUNT_FIELDS_DEFAULT', "mail");
function prlp_get_hidden_account_fields() {
static $fields = array();
if (empty($fields)) {
$fields = explode("\n", variable_get('prlp_hidden_account_fields', PRLP_HIDDEN_ACCOUNT_FIELDS_DEFAULT));
}
return $fields;
}