When run on php 5 there seems to be bug when the user tries to request a new password and user_pass() is called. The code looks like this:

if ($edit['name'] && !($account = user_load(array('name' => $edit['name'], 'status' => 1)))) {
  form_set_error('name', t('Sorry. The username %name is not recognized.', array('%name' => theme('placeholder', $edit['name']))));
}
else if ($edit['mail'] && !($account = user_load(array('mail' => $edit['mail'], 'status' => 1)))) {
  form_set_error('mail', t('Sorry. The e-mail address %email is not recognized.', array('%email' => theme('placeholder', $edit['mail']))));
}

But the problem is that user_load() always returns a StdClass even if a user isn't found, so the two checks above never get triggered.

This is my fix to get around this issue. But there is probably a much better way to do it, I don't really understand PHP and my "instanceof" approach kept causing errors.

if ($edit['name'] && (!($account = user_load(array('name' => $edit['name'], 'status' => 1))) || !$account->name)) {
  form_set_error('name', t('Sorry. The username %name is not recognized.', array('%name' => theme('placeholder', $edit['name']))));
  $account = NULL;
}
else if ($edit['mail'] && (!($account = user_load(array('mail' => $edit['mail'], 'status' => 1))) || !$account->name)) {
  form_set_error('mail', t('Sorry. The e-mail address %email is not recognized.', array('%email' => theme('placeholder', $edit['mail']))));
  $account = NULL;
}
CommentFileSizeAuthor
#1 requestNewPasswordBug.patch2.47 KBskeen

Comments

skeen’s picture

skeen commented
Version: 4.6.0 »
Assigned: Unassigned » skeen
StatusFileSize
new requestNewPasswordBug.patch2.47 KB

I found this same issue running cvs on php 5.0.4

Since user->load() returns a new StdClass() when the user is not found the the two checks at the top of user_pass() fail to ever return true. (I think in php4 and empty class is probably treated as a empty array which i think resolves to false?)

my fix was to also check for an attribute of the returned user object which for any true user would always exist (uid).

to organize the function a bit more I moved the elseif block

elseif ($edit) {
      drupal_set_message(t('You must provide either a username or e-mail address.'), 'error');
  }

to the top of the function with the other two if blocks that are also validating user input.

added a few quick comments also.

This is the first time I have ever submitted a patch so I apologize if I screwed this up (constructive criticism is appreciated).
Hope I interpreted the existing code correctly and that you find this patch useful.

Sam Keen

skeen’s picture

skeen commented
Status: Active » Needs review

Sorry, forgot to set the status to patch

robin monks’s picture

robin monks commented
Status: Needs review » Needs work

elseif is else if....amung other things.

Look at the style rules in the handbook.

+1 for the function -1 for the style.

Robin

killes@www.drop.org’s picture

killes@www.drop.org commented
Status: Needs work » Fixed

This has been fixed in cvs, the 4.6 branch isn't fully working with php 5.0.5+ anyway.

Anonymous’s picture

(not verified) commented
Status: Fixed » Closed (fixed)