Fix #5983 - issue with login

[Pman.Base] / Pman / Login.php

diff --git a/Pman/Login.php b/Pman/Login.php
index 20396a5..f7e1047 100644 (file)
--- a/Pman/Login.php
+++ b/Pman/Login.php
@@ -281,7 +281,7 @@ class Pman_Login extends Pman
                $this->jerr("Invalid request to reset password");
            }
            
-           $this->verifyCheckSum($_REQUEST['id'], $_REQUEST['ts'], $_REQUEST['key']);
+           $this->verifyResetPassword($_REQUEST['id'], $_REQUEST['ts'], $_REQUEST['key']);
            $this->jok("Checksum is ok");
        }
        
@@ -311,7 +311,9 @@ class Pman_Login extends Pman
             }
         }
         
-        //$u->active = 1;
+       // this was removed before - not quite sure why.
+       // when a duplicate login account is created, this stops the old one from interfering..
+        $u->active = 1;
         
         // empty username = not really a hacking attempt.
         
@@ -406,9 +408,11 @@ class Pman_Login extends Pman
         // sort out sender.
         $cm = DB_DataObject::factory('core_email');
         if (!$cm->get('name', 'ADMIN_PASSWORD_RESET')) {
-            $this->jerr("no template ADMIN_PASSWORD_RESET exists - please run importer ");
-            
+            $this->jerr("no template  Admin password reset (ADMIN_PASSWORD_RESET) exists - please run importer ");
         }
+       if (!$cm->active) {
+           $this->jerr("template for Admin password reset has been disabled");
+       }
         /*
         
         $g = DB_DAtaObject::factory('Groups');
@@ -452,7 +456,7 @@ class Pman_Login extends Pman
         $sent = $mailer->send();
        if (is_a($sent,'PEAR_Error') ) {
            $this->addEvent('SYSERR',false, $sent->getMessage());
-            $this->jerr($ret->getMessage());
+            $this->jerr($sent->getMessage());
         }
        
         $this->addEvent('PASSREQ',$u, $u->email);
@@ -466,6 +470,7 @@ class Pman_Login extends Pman
     function verifyResetPassword($id,$t, $key)
     {
        $au = $this->getAuthUser();
+       print_R($au);
         if ($au) {
             $this->jerr( "Already Logged in - no need to use Password Reset");
         }
@@ -479,7 +484,7 @@ class Pman_Login extends Pman
         
         // validate key.. 
         if ($key != $u->genPassKey($t)) {
-            $this->jerr("Password reset link is not valid ($key)");
+            $this->jerr("Password reset link is not valid (key)");
         }
        
        if ($t < strtotime("NOW - 1 DAY")) {
@@ -495,7 +500,7 @@ class Pman_Login extends Pman
     function resetPassword($id,$t, $key, $newpass )
     {
         
-        $u = $this->verifyResetPassword($id,$t,$k);
+        $u = $this->verifyResetPassword($id,$t,$key);
        
        
         $uu = clone($u);
@@ -504,7 +509,8 @@ class Pman_Login extends Pman
            $u->setPassword($newpass);
        }
         $u->update($uu);
-        $u->login();
+       $this->addEvent("CHANGEPASS", $u);
+
         $this->jok("Password has been Updated");
     }