This is a one-time login for %user_name and will expire on %expiration_date
Click on this button to login to the site and change your password.
', array('%user_name' => $account->name, '%expiration_date' => format_date($timestamp + $timeout)))); @@ -1310,6 +1319,35 @@ function user_pass_reset_url($account) { return url("user/reset/$account->uid/$timestamp/". user_pass_rehash($account->pass, $timestamp, $account->login), array('absolute' => TRUE)); } +function user_pass_reset_form(&$form_state, $account) { + _user_password_dynamic_validation(); + $form['reset-password'] = array('#type' => 'fieldset', + '#title' => t('Reset password'), + ); + $form['reset-password']['pass'] = array('#type' => 'password_confirm', + '#description' => t('Enter the new password in both fields.'), + '#size' => 25, + '#required' => TRUE, + ); + $form['submit'] = array('#value' => t('Submit'), + '#type' => 'submit', + ); + $form['_account'] = array('#type' => 'value', '#value' => $account); + return $form; +} + +function user_pass_reset_form_submit($form, &$form_state) { + $account = $form_state['values']['_account']; + unset($form_state['values']['_account'], $form_state['values']['op'], $form_state['values']['submit'], $form_state['values']['delete'], $form_state['values']['form_token'], $form_state['values']['form_id']); + user_save($account, $form_state['values']); + + // Clear the page cache because pages can contain usernames and/or profile information: + cache_clear_all(); + + drupal_set_message(t('The changes have been saved.')); + drupal_goto("user/$account->uid"); +} + function user_pass_rehash($password, $timestamp, $login) { return md5($timestamp . $password . $login); } @@ -1453,6 +1491,7 @@ function user_register_submit($form, &$f } function user_edit_form(&$form_state, $uid, $edit, $register = FALSE) { + global $user; _user_password_dynamic_validation(); $admin = user_access('administer users'); @@ -1481,6 +1520,15 @@ function user_edit_form(&$form_state, $u '#description' => t('To change the current user password, enter the new password in both fields.'), '#size' => 25, ); + // Display current password verification if the user is not an admin and if the user is editing his own account: + if (!$admin && $user->uid == $uid) { + $form['account']['currentpass'] = array('#type' => 'password', + '#title' => t('Current password'), + '#description' => t('To change the account information, enter the current password.'), + '#size' => 25, + '#required' => TRUE, + ); + } } elseif (!variable_get('user_email_verification', TRUE) || $admin) { $form['account']['pass'] = array( @@ -1537,9 +1585,15 @@ function user_edit_form(&$form_state, $u } function _user_edit_validate($uid, &$edit) { - $user = user_load(array('uid' => $uid)); + $account = user_load(array('uid' => $uid)); + + // Validate the current password: + if (!user_access('administer users') && $account->pass != md5($edit['currentpass'])) { + form_set_error('currentpass', t('Enter the correct current password.')); + } + // Validate the username: - if (user_access('change own username') || user_access('administer users') || !$user->uid) { + if (user_access('change own username') || user_access('administer users') || !$account->uid) { if ($error = user_validate_name($edit['name'])) { form_set_error('name', $error); } @@ -3288,4 +3342,4 @@ function user_block_user_action(&$object function user_block_ip_action() { db_query("INSERT INTO {access} (mask, type, status) VALUES ('%s', '%s', %d)", $_SERVER['REMOTE_ADDR'], 'host', 0); watchdog('action', 'Banned IP address %ip', array('%ip' => $_SERVER['REMOTE_ADDR'])); -} \ No newline at end of file +}