Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By Anonymous (not verified) on
Hi all.
I am trying to extend my one-time login tokens, however, it seems my changes are not working:
I googled and searched, but the only thing I could see changing this was modifying hook_user_password_reset() and its associated $timeout variable.
I set the value to 604800 (one week in seconds) and when I attempt to use it I see the expiry is only one day away (today is 05/17/2010):
This is a one-time login for rbrash and will expire on Tue, 05/18/2010 - 09:18.
Click on this button to login to the site and change your password.
This login can be used only once.
My code looks like:
<?php
/**
* Menu callback; process one time login link and redirects to the user page on success.
*/
function tokenextend_user_pass_reset(&$form_state, $uid, $timestamp, $hashed_pass, $action = NULL) {
global $user;
// Check if the user is already logged in. The back button is often the culprit here.
if ($user->uid) {
drupal_set_message(t('You have already used this one-time login link. It is not necessary to use this link to login anymore. You are already logged in.'));
drupal_goto();
}
else {
// Time out, in seconds, until login URL expires. 24 hours = 86400 seconds.
$timeout = 604800;
$current = time();
// Some redundant checks for extra security ?
if ($timestamp < $current && $account = user_load(array('uid' => $uid, 'status' => 1)) ) {
// Deny one-time login to blocked accounts.
if (drupal_is_denied('user', $account->name) || drupal_is_denied('mail', $account->mail)) {
drupal_set_message(t('You have tried to use a one-time login for an account which has been blocked.'), 'error');
drupal_goto();
}
// No time out for first time login.
if ($account->login && $current - $timestamp > $timeout) {
drupal_set_message(t('You have tried to use a one-time login link that has expired. Please request a new one using the form below.'));
drupal_goto('user/password');
}
else if ($account->uid && $timestamp > $account->login && $timestamp < $current && $hashed_pass == user_pass_rehash($account->pass, $timestamp, $account->login)) {
// First stage is a confirmation form, then login
if ($action == 'login') {
watchdog('user', 'User %name used one-time login link at time %timestamp.', array('%name' => $account->name, '%timestamp' => $timestamp));
// Set the new user.
$user = $account;
// user_authenticate_finalize() also updates the login timestamp of the
// user, which invalidates further use of the one-time login link.
user_authenticate_finalize($form_state['values']);
drupal_set_message(t('You have just used your one-time login link. It is no longer necessary to use this link to login. Please change your password.'));
drupal_goto('user/'. $user->uid .'/edit');
}
else {
$form['message'] = array('#value' => t('<p>This is a one-time login for %user_name and will expire on %expiration_date.</p><p>Click on this button to login to the site and change your password.</p>', array('%user_name' => $account->name, '%expiration_date' => format_date($timestamp + $timeout))));
$form['help'] = array('#value' => '<p>'. t('This login can be used only once.') .'</p>');
$form['submit'] = array('#type' => 'submit', '#value' => t('Log in'));
$form['#action'] = url("user/reset/$uid/$timestamp/$hashed_pass/login");
return $form;
}
}
else {
drupal_set_message(t('You have tried to use a one-time login link which has either been used or is no longer valid. Please request a new one using the form below.'));
drupal_goto('user/password');
}
}
else {
// Deny access, no more clues.
// Everything will be in the watchdog's URL for the administrator to check.
drupal_access_denied();
}
}
}
This must be surely a common problem, anyone have this working or did I miss a contrib module?
Comments
I'm also looking for
I'm also looking for information regarding this issue. Did you manage to successfully extend the expiration date on one-time-login links?
Me too.
Me too.
I had the same issue and
I had the same issue and ended up solving the problem with a hook_menu_alter() to override the user_pass_reset function that comes with core. You can then use whatever function you'd like to override the core function.
changing time to expiration?
+1. blisteringherb, could you post your code ?
Darrell Duane
d@duane.com
method blisteringherb suggests
don't forget to clear the cache
Here is a full module I wrote
Here is a full module I wrote for this for Drupal 7, I'll contribute it when complete:
In the module folder create the directory extend_login_links, which is where you'd create these files.
Create the file extend_login_links.info & fill it with these contents:
create the file extend_login_links.module & fill it with these contents:
create the file extend_login_links.pages.inc & fill it with these contents:
Enable the new module and visit /admin/config/people/extend-login-links, set your seconds and you're done.
Thank you patchshorts, the
Thank you patchshorts, the code above works nicely for me :)
http://www.fonant.com - Fonant Ltd - Quality websites
Close enough
Was looking for something close to this, thanks!
@noslokire
blank page
Thanks for the code.
Unfortunately for me, it displays a blank page only...
Works for me
This worked for me on current Drupal 7. I did initially have the dreaded White Screen of Death, but it came from my editor wrapping lines and/or including extra non program lines. I carefully recopied the text and it worked as advertised. Sweet.
Drupal 7.15 adds a variable
Drupal 7.15 adds a variable to do this, which should make a module to add this to the administration interface much simpler:
#246029: Use a variable for the timeout/expiration of user password reset links (followup)
The new core code does:
http://www.fonant.com - Fonant Ltd - Quality websites
Can user_password_reset_timeout be set in settings.php?
Seems too me that you should be able to update user_password_reset_timeout in settings.php
Good stuff...
ship it!