Attached patch:

  • Removes a now unnecessary #weight attribute.
  • Checks for e-mail address validity before performing a costly user_load.
  • Trims user input.
  • Removes a notice $account->uid when $account is not an object [no account found].
  • email should be e-mail.

-K

CommentFileSizeAuthor
#9 user_pass_fix.patch879 bytesGábor Hojtsy
#5 password-reset-correction_1.patch1.14 KBPasqualle
#2 password-reset-correction.patch1.12 KBZen
pass-reset-form.patch1.72 KBZen
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Dries’s picture

Dries CreditAttribution: Dries commented
Status: Needs review » Fixed

Works for me! Tested and committed.

Zen’s picture

Zen CreditAttribution: Zen commented
Category: task » bug
Status: Fixed » Needs review
FileSize
password-reset-correction.patch1.12 KB

Hi,

I just noticed that my earlier patch does not address usernames using an e-mail address format. The attached patch fixes that.

Thanks,
-K

Zen’s picture

Zen CreditAttribution: Zen commented

Patch still applies cleanly.

keith.smith’s picture

keith.smith CreditAttribution: keith.smith commented
Status: Needs review » Needs work

But no longer :(

# patch -p0 < password-reset-correction.patch
(Stripping trailing CRs from patch.)
patching file modules/user/user.module
Hunk #1 FAILED at 1169.
1 out of 1 hunk FAILED -- saving rejects to file modules/user/user.module.rej

Pasqualle’s picture

Pasqualle
Location 🇭🇺 Budapest
CreditAttribution: Pasqualle commented
Priority: Normal » Critical
Status: Needs work » Needs review
FileSize
password-reset-correction_1.patch1.14 KB

reroll

test:
1. admin/user/user/create - create user with name: name@name.com email: mail@mail.com
2. logout
3. user/password - enter name@name.com

Dries’s picture

Dries CreditAttribution: Dries commented

I might be better to roll back to the original version then? It's slightly more easier to read, IMO.

Gábor Hojtsy’s picture

Gábor Hojtsy
he/him
Primary language Hungarian
Location Hungary
CreditAttribution: Gábor Hojtsy commented

Dries, I assume you mean the original version of the patch. It is not exactly right, as it identifies "Dries@drupal.org" kind of usernames (as supported by drupal.module in previous Drupal versions, possible to install alongside Drupal 6 as a contrib) as an email address and will fail to load the user, not going to try this as a username too.

catch’s picture

catch
he/him
Primary language English
CreditAttribution: catch commented
Status: Needs review » Reviewed & tested by the community

Just to confirm I tested this on a clean install, and it works fine with name@name usernames. So I'm marking to RTBC.

Gábor Hojtsy’s picture

Gábor Hojtsy
he/him
Primary language Hungarian
Location Hungary
CreditAttribution: Gábor Hojtsy commented
Status: Reviewed & tested by the community » Fixed
FileSize
user_pass_fix.patch879 bytes

I looked at the patches, and reread Dries' concern. Indeed, we should not call something a cleanup, when it solves the same problem with over-commented, hard to follow code, when it does not solve any performance problems at the same time. The password request page is so seldom used, that I rolled back to the more cleaner version (but still added two lines of comments there to make it clear).

Committed the attached patch.

Anonymous’s picture

(not verified) CreditAttribution: commented
Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for two weeks with no activity.