123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229 |
- <?php
- /**
- * Implements hook_menu_alter().
- */
- function simple_pass_reset_menu_alter(&$items) {
- // Drupal's default behavior is to show the user a log-in form before
- // their user profile. We replace this item to skip the uneccesary step.
- $items['user/reset/%/%/%'] = array(
- 'title' => 'Account settings',
- 'access callback' => 'simple_pass_reset_pass_reset_access',
- 'access arguments' => array(2, 3, 4),
- 'page callback' => 'simple_pass_reset_pass_reset_page',
- 'page arguments' => array(2, 3, 4),
- 'type' => MENU_CALLBACK,
- );
- }
- /**
- * Access callback for use with Drupal's menu API.
- */
- function simple_pass_reset_pass_reset_access($uid, $timestamp, $hashed_pass) {
- if (user_is_logged_in()) {
- return FALSE;
- }
- // This timeout check imitates core logic in user_pass_reset(). The timeout
- // number is expressed in seconds, with 86400 equal to one day. There is no
- // UI to adjust this number, but sites can customize it in their settings.php.
- $timeout = variable_get('user_password_reset_timeout', 86400);
- // Ensure the user is not blocked.
- $users = user_load_multiple(array($uid), array('status' => '1'));
- if ($timestamp <= REQUEST_TIME && $account = reset($users)) {
- // Bypass the timeout check if the user has not logged in before.
- if ($account->login && REQUEST_TIME - $timestamp > $timeout) {
- drupal_set_message(t('You have tried to use a one-time login link that has expired. Please request a new one using the form below.'), 'status', FALSE);
- drupal_goto('user/password');
- }
- elseif ($account->uid && $timestamp >= $account->login && $timestamp <= REQUEST_TIME && $hashed_pass == user_pass_rehash($account->pass, $timestamp, $account->login, $account->uid)) {
- return TRUE;
- }
- }
- return FALSE;
- }
- /**
- * Page callback for use with Drupal's menu API.
- *
- * This page replaces core one-time login form provided by user_pass_reset().
- */
- function simple_pass_reset_pass_reset_page($uid, $timestamp, $hashed_pass, $option = NULL) {
- // Never cache this page.
- drupal_page_is_cacheable(FALSE);
- module_load_include('inc', 'user', 'user.pages');
- // When $option is original or login, preserve original behavior.
- if ($option == 'original') {
- return drupal_get_form('user_pass_reset', $uid, $timestamp, $hashed_pass);
- }
- elseif ($option == 'login') {
- return drupal_get_form('user_pass_reset', $uid, $timestamp, $hashed_pass, $option);
- }
- else {
- // Show the user edit form instead of silly one-time login form.
- $account = user_load($uid);
- $form = drupal_get_form('user_profile_form', $account);
- return $form;
- }
- }
- /**
- * Implements hook_form_FORM_ID_alter().
- *
- * @see user_profile_form()
- */
- function simple_pass_reset_form_user_profile_form_alter(&$form, &$form_state) {
- // Don't alter the normal profile edit form, but only the password reset form.
- if (arg(0) == 'user' && arg(1) == 'reset' && !user_is_logged_in()) {
- // Our submit handler will log the user in after form submit.
- $form['#submit'][] = 'simple_pass_reset_pass_reset_submit';
- $form['actions']['submit']['#value'] = t('Save and log in as !username', array('!username' => format_username($form['#user'])));
- // Links provided by the Bakery module will not work because the user is not
- // logged in yet.
- if (!empty($form['bakery'])) {
- $form['bakery']['#access'] = FALSE;
- // Normally the Bakery module would make the following change to the
- // user_pass_reset form.
- if (!variable_get('bakery_is_master', FALSE)) {
- // Set a submit handler for the pseudo-reset form.
- $form['#submit'] = array('_bakery_reset_submit');
- }
- }
- // Some third-party modules (like Bakery) might hide account elements.
- if (!isset($form['account']['#access']) || $form['account']['#access']) {
- // Require a new password.
- $form['account']['pass']['#required'] = TRUE;
- if (arg(5) == 'brief') {
- drupal_set_title(t('Choose a new password')); // Instead of "Reset password".
- // Hide "To change the current user password..."
- unset($form['account']['pass']['#description']);
- // The user is most interested in getting a working password, don't show their picture, timezone, etc.
- foreach (element_children($form) as $key) {
- if (isset($form[$key]['#type']) && in_array($form[$key]['#type'], array('hidden', 'actions', 'captcha'))) {
- // Do not alter these elements.
- }
- else {
- // Hide other elements.
- $form[$key]['#access'] = FALSE;
- }
- }
- // Except don't hide these.
- $form['account']['#access'] = TRUE;
- $form['actions']['#access'] = TRUE;
- // But seriously do hide these.
- $form['account']['mail']['#access'] = FALSE;
- }
- }
- // This is to avoid a PHP Notice in user_profile_form_submit(). https://www.drupal.org/node/2111293#comment-9262499
- if (empty($_SESSION)) {
- $_SESSION = array('simple_pass_reset' => TRUE);
- }
- }
- }
- /**
- * Submit callback for Drupal form API.
- */
- function simple_pass_reset_pass_reset_submit($form, &$form_state) {
- if (!user_is_logged_in()) { // Sanity check.
- // Remove roles that were disabled in the form. Normally the User module
- // will array_filter() these out for us. But remember_me and possibly other
- // modules have bugs that might prevent it from doing so.
- if (!empty($form_state['user']->roles)) {
- $form_state['user']->roles = array_filter($form_state['user']->roles);
- }
- // Load the user account afresh and finalize the login.
- // @see user_login_submit()
- global $user;
- $user = user_load($form_state['user']->uid);
- user_login_finalize();
- watchdog('user', 'User %name used one-time login link.', array('%name' => $user->name));
- if(empty($form_state['redirect'])) {
- $form_state['redirect'] = 'user';
- }
- }
- }
- /**
- * Implements hook_module_implements_alter().
- *
- * Asks Drupal to run our form_alter hooks after other modules.
- */
- function simple_pass_reset_module_implements_alter(&$implementations, $hook) {
- // The hook we're interested in is hook_form_FORM_ID_alter(). Yet, in this function we have to manipulate 'form_alter'. Because Drupal is tricky like that.
- if ($hook == 'form_alter' && isset($implementations['simple_pass_reset'])) {
- // Make our form alters come last (so we act after other modules have already altered).
- $group = $implementations['simple_pass_reset'];
- unset($implementations['simple_pass_reset']);
- $implementations['simple_pass_reset'] = $group;
- }
- }
- /**
- * Implements hook_form_FORM_ID_alter().
- *
- * This is not about simplifying the text on the password reset form, but it's
- * behavior. If a logged in user resets her password, she's sent a link via
- * email. But will get access denied clicking that link, because she's already
- * logged in! This hook will log her out when resetting password. This makes
- * the password reset form behave more like the user edit form when a user
- * changes their own password. (See where user_save() calls
- * drupal_session_destroy_uid().)
- */
- function simple_pass_reset_form_user_pass_alter(&$form, &$form_state) {
- // If the user views the password reset form while logged in...
- if (user_is_logged_in()) {
- drupal_set_title(t('Reset my password'));
- // Update the help text and button text to indicate that submitting the form
- // will log them out.
- $form['mail']['#markup'] = t('We will e-mail a password reset link for your account to %email. You will be logged out when you submit this form and should use that link to log back in.', array('%email' => $form['name']['#value']));
- $form['actions']['submit']['#value'] = t('E-mail reset link and log out');
- // Add a form submit handler to log out upon submission.
- $form['#submit'][] = 'simple_pass_reset_form_user_pass_submit';
- }
- }
- /**
- * Submit callback: log out when an authenticated user submits the password
- * reset form.
- */
- function simple_pass_reset_form_user_pass_submit($form, &$form_state) {
- global $user;
- if (user_is_logged_in()) {
- drupal_session_destroy_uid($user->uid);
- // Some code copied from user_logout(), which we cannot call here because it
- // uses drupal_goto().
- watchdog('user', 'Session closed for %name.', array('%name' => $user->name));
- module_invoke_all('user_logout', $user);
- // Destroy the current session, and reset $user to the anonymous user.
- session_destroy();
- // Note call drupal_set_message() AFTER session_destroy().
- drupal_set_message(t('The password reset link has been sent to your e-mail address. You are now logged out.'));
- $form_state['redirect'] = '<front>';
- }
- }
|