Request New Password in user.module fails in user_pass() [#74925]

When an anonymous user would request a new password for an account or email address that didn't exist, an unhandled error would occur. The problematic function in user.module is user_pass(). The password or account is loaded with user_load(). The check relies on there being a false value returned. user_load() loads the account information, and if it fails it returns a StdClass() object.

Attached is a patch to check whether or not the relevant information was loaded correctly. I also changed the error handling to not depend on a null or false value.

Please feel free to email me with questions.

Comment	File	Size	Author
#4	user.module.patch_4.txt	262 bytes	magico
	drupal-4.6.8-user.module.patch	1.49 KB	chamuco

Comments

Comment #1

stevenpatz

he/him

commented 27 July 2006 at 15:12

I just tested this using my install of 4.6.8 and what I get when I enter in a username and email that doesn't exist is this:

Sorry. The username dhsdhhsdhs is not recognized. 
You must provider either a username or e-mail address.

Comment #2

heine commented 27 July 2006 at 15:28

This is only an issue on PHP 5 where empty objects (new StdClass) are True.

Comment #3

magico commented 23 August 2006 at 18:45

Version:

4.6.8

» 4.6.9

I confirm this bug in 4.6.9 with PHP 5.0.4

Comment #4

magico commented 23 August 2006 at 18:52

Status:

Active

» Needs review

Status	File	Size
new	user.module.patch_4.txt	262 bytes

I checked the function user_load() in 4.7 and it returns a FALSE instead of a StdClass. Now the patch is very simple, but I request a comment from a senior developer to explain why in 4.6.9 was a StdClass returned instead of a FALSE?

Will this affect in anyway, other functions that rely on the result of user_load() ?