Commit 237124c8 authored by Dries's avatar Dries

- Fixed bug #4416: added status checks to user_pass() to prevent mailing
  new passwords to blocked user accounts.
parent c91fff3d
......@@ -561,7 +561,8 @@ function user_login($edit = array(), $msg = "") {
}
/*
** When possible, determine corresponding external auth source. Invoke source, and login user if successful:
** When possible, determine corresponding external auth source. Invoke
** source, and login user if successful:
*/
if (!$user->uid && $server && $result = user_get_authmaps("$name@$server")) {
......@@ -574,8 +575,9 @@ function user_login($edit = array(), $msg = "") {
}
}
/*
** Try each external authentication source in series. Register user if successful.
/*
** Try each external authentication source in series. Register user if
** successful.
*/
else if (!$user->uid && $server) {
......@@ -698,11 +700,11 @@ function user_pass($edit = array()) {
global $base_url;
if ($edit["name"]) {
$account = db_fetch_object(db_query("SELECT uid, name, mail FROM {users} WHERE name = '%s'", $edit["name"]));
$account = db_fetch_object(db_query("SELECT uid, name, mail FROM {users} WHERE status = 1 AND name = '%s'", $edit["name"]));
if (!$account) $error = t("Sorry. The username <i>%s</i> is not recognized.", array("%s" => $edit["name"]));
}
else if ($edit["mail"]) {
$account = db_fetch_object(db_query("SELECT uid, name, mail FROM {users} WHERE mail = '%s'", $edit["mail"]));
$account = db_fetch_object(db_query("SELECT uid, name, mail FROM {users} WHERE status = 1 AND mail = '%s'", $edit["mail"]));
if (!$account) $error = t("Sorry. The e-mail address <i>%s</i> is not recognized.", array("%s" => $edit["mail"]));
}
if ($account) {
......
......@@ -561,7 +561,8 @@ function user_login($edit = array(), $msg = "") {
}
/*
** When possible, determine corresponding external auth source. Invoke source, and login user if successful:
** When possible, determine corresponding external auth source. Invoke
** source, and login user if successful:
*/
if (!$user->uid && $server && $result = user_get_authmaps("$name@$server")) {
......@@ -574,8 +575,9 @@ function user_login($edit = array(), $msg = "") {
}
}
/*
** Try each external authentication source in series. Register user if successful.
/*
** Try each external authentication source in series. Register user if
** successful.
*/
else if (!$user->uid && $server) {
......@@ -698,11 +700,11 @@ function user_pass($edit = array()) {
global $base_url;
if ($edit["name"]) {
$account = db_fetch_object(db_query("SELECT uid, name, mail FROM {users} WHERE name = '%s'", $edit["name"]));
$account = db_fetch_object(db_query("SELECT uid, name, mail FROM {users} WHERE status = 1 AND name = '%s'", $edit["name"]));
if (!$account) $error = t("Sorry. The username <i>%s</i> is not recognized.", array("%s" => $edit["name"]));
}
else if ($edit["mail"]) {
$account = db_fetch_object(db_query("SELECT uid, name, mail FROM {users} WHERE mail = '%s'", $edit["mail"]));
$account = db_fetch_object(db_query("SELECT uid, name, mail FROM {users} WHERE status = 1 AND mail = '%s'", $edit["mail"]));
if (!$account) $error = t("Sorry. The e-mail address <i>%s</i> is not recognized.", array("%s" => $edit["mail"]));
}
if ($account) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment