Index: securesite.inc =================================================================== RCS file: /cvs/drupal-contrib/contributions/modules/securesite/Attic/securesite.inc,v retrieving revision 1.10.2.5 diff -u -F^f -r1.10.2.5 securesite.inc --- securesite.inc 3 Feb 2008 03:47:46 -0000 1.10.2.5 +++ securesite.inc 3 Feb 2008 04:10:01 -0000 @@ -17,7 +17,7 @@ function _securesite_login_form() { * Returns complete form for password reset request -if- securesite_request_form var exists */ function _securesite_request_form() { - if ($form_msg = variable_get('securesite_request_form', t('

Enter your username and your e-mail address.

'))) { + if ($form_msg = variable_get('securesite_request_form', t('

Enter your username or e-mail address.

'))) { return '

Password Reset

'. $form_msg .'
'. theme('status_messages') .'

Index: securesite.module =================================================================== RCS file: /cvs/drupal-contrib/contributions/modules/securesite/Attic/securesite.module,v retrieving revision 1.24.2.21 diff -u -F^f -r1.24.2.21 securesite.module --- securesite.module 3 Feb 2008 04:02:44 -0000 1.24.2.21 +++ securesite.module 3 Feb 2008 04:10:02 -0000 @@ -102,7 +102,7 @@ function securesite_admin_settings() { $form['login_form']['securesite_request_form'] = array( '#type' => 'textarea', '#title' => t('Message for request password reset form'), - '#default_value' => variable_get('securesite_request_form', t('

Enter your username or your e-mail address.

')), + '#default_value' => variable_get('securesite_request_form', t('

Enter your username or e-mail address.

')), '#length' => 60, '#height' => 3, '#description' => t('Leave empty to not process password resets through this module.'), @@ -277,52 +277,52 @@ function securesite_user_auth() { $account = ''; $content = ''; - // Log failed requests - if ((isset($_POST['securesite_login_form']) ? $_POST['securesite_login_form'] : '') && $edit['name'] && $edit['pass']) { + // Step #1: Check if the user attempted to submit the login form. If so, getting here means they didn't enter their + // info correctly + if ((isset($_POST['securesite_login_form']) ? $_POST['securesite_login_form'] : '') && ($edit['name'] || $edit['pass'])) { watchdog('user', t('Login attempt failed for %name.', array('%name' => $edit['name']))); - drupal_set_message(t('Sorry. Unrecognized username or password.'), 'error'); + drupal_set_message(t('Unrecognized username and/or password.'), 'error'); } - // Set user messages - if ((isset($_POST['securesite_request_form']) ? $_POST['securesite_request_form'] : '') && $edit['name'] && $edit['mail']) { - if (!$account = user_load(array('name' => $edit['name'], 'status' => 1))) { - drupal_set_message(t('Sorry. Unrecognized username or e-mail address.'), 'error'); + // Step #2: Check if the user attempted to submit the password request form. If so, check if we have information for + // the name/mail they entered and send it if we do + if ((isset($_POST['securesite_request_form']) ? $_POST['securesite_request_form'] : '') && ($edit['name'] || $edit['mail'])) { + if ($edit['name'] && (!$account = user_load(array('name' => $edit['name'], 'status' => 1)))) { + drupal_set_message(t('Unrecognized username or e-mail address.'), 'error'); } - elseif (!$account = user_load(array('mail' => $edit['mail'], 'status' => 1))) { - drupal_set_message(t('Sorry. Unrecognized username or e-mail address.'), 'error'); + elseif ($edit['mail'] && (!$account = user_load(array('mail' => $edit['mail'], 'status' => 1)))) { + drupal_set_message(t('Unrecognized username or e-mail address.'), 'error'); } - } - // E-mail a user a new password - if ($account->uid) { - $from = variable_get('site_mail', ini_get('sendmail_from')); - - // Generate a new password for this user - $pass = user_password(); - user_save($account, array('pass' => $pass)); - - // Mail new password - $variables = array( - '!username' => $account->name, - '!site' => variable_get('site_name', 'Drupal'), - '!login_url' => user_pass_reset_url($account), - '!uri' => $base_url, - '!uri_brief' => preg_replace('`^https?://`i', '', $base_url), - '!mailto' => $account->mail, '!date' => format_date(time()), '!login_uri' => url('user', NULL, NULL, TRUE), '!edit_uri' => url('user/'. $account->uid .'/edit', NULL, NULL, TRUE)); - - $subject = _user_mail_text('pass_subject', $variables); - $body = _user_mail_text('pass_body', $variables); - $mail_success = drupal_mail('securesite-password', $account->mail, $subject, $body); - - if ($mail_success) { - watchdog('user', t('Password mailed to %name at %email.', array('%name' => $account->name, '%email' => $account->mail))); - drupal_set_message(t('Your password and further instructions have been sent to your e-mail address.')); - } - else { - watchdog('user', t('Error mailing password to %name at %email.', array('%name' => $account->name, '%email' => $account->mail)), WATCHDOG_ERROR); - drupal_set_message(t('Unable to send mail. Please contact the site admin.', 'error')); + // E-mail a user a new password + if ($account->uid) { + // Generate a new password for this user + $pass = user_password(); + user_save($account, array('pass' => $pass)); + + // Mail new password + $variables = array( + '!username' => $account->name, + '!site' => variable_get('site_name', 'Drupal'), + '!login_url' => user_pass_reset_url($account), + '!uri' => $base_url, + '!uri_brief' => preg_replace('`^https?://`i', '', $base_url), + '!mailto' => $account->mail, '!date' => format_date(time()), '!login_uri' => url('user', NULL, NULL, TRUE), '!edit_uri' => url('user/'. $account->uid .'/edit', NULL, NULL, TRUE) + ); + + $subject = _user_mail_text('pass_subject', $variables); + $body = _user_mail_text('pass_body', $variables); + $mail_success = drupal_mail('securesite-password', $account->mail, $subject, $body); + + if ($mail_success) { + watchdog('user', t('Password mailed to %name at %email.', array('%name' => $account->name, '%email' => $account->mail))); + drupal_set_message(t('Your password and further instructions have been sent to your e-mail address.')); + } + else { + watchdog('user', t('Error mailing password to %name at %email.', array('%name' => $account->name, '%email' => $account->mail)), WATCHDOG_ERROR); + drupal_set_message(t('Unable to send mail. Please contact the site admin.', 'error')); + } } - //nowhere to go!! //securesite_goto(); } // Get content for dialog @@ -331,11 +331,18 @@ function securesite_user_auth() { } $content .= _securesite_request_form(); - // HTTP Auth - if (($securesite_enabled == SECURESITE_AUTH || $securesite_enabled == SECURESITE_AUTH_ALT) && !$account->uid) { + // Step #3: If using HTTP Auth, send the appropriate headers, but only if the user isn't logged in and they haven't + // just submitted the password reset or login forms + if (($securesite_enabled == SECURESITE_AUTH || $securesite_enabled == SECURESITE_AUTH_ALT) && !$account->uid && empty($_POST['securesite_request_form']) && empty($_POST['securesite_login_form'])) { $realm = variable_get('securesite_realm', variable_get('site_name', 'Drupal')); if ($securesite_enabled == SECURESITE_AUTH_ALT) { + /********* + * If not on the home page of the site, Opera will not show the auth dialog the first time after logout. It will show + * the page displayed before logging out. Reloading will cause the dialog to display + * Safari doesn't seem show the login/password request form when cancelling the auth dialog + *********/ + // Fix logout on cancel in Opera and IE $browser_user_agent = strtolower($_SERVER['HTTP_USER_AGENT']); if (strpos($browser_user_agent, "gecko") === FALSE) { // Firefox @@ -351,7 +358,7 @@ function securesite_user_auth() { header('HTTP/1.0 401 Unauthorized'); } - // Display dialog + // Step #4: Show the login form or password request form _securesite_dialog_page($content); drupal_set_title(t('Login')); module_invoke_all('exit', request_uri());