[Fusionforge-commits] FusionForge branch master updated. 6.0.4-986-ge92ae45

[Roland Mas]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "FusionForge".

The branch, master has been updated
       via  e92ae4579fd80d21873e9dd82aa4cb0f305ac68d (commit)
      from  8bcbe1b5ed619f4b51558717e4a315f22c64c6a8 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://scm.fusionforge.org/anonscm/gitweb/?p=fusionforge/fusionforge.git;a=commitdiff;h=e92ae4579fd80d21873e9dd82aa4cb0f305ac68d

commit e92ae4579fd80d21873e9dd82aa4cb0f305ac68d
Author: Roland Mas <lola...@debian.org>
Date:   Thu Oct 6 09:56:00 2016 +0200

    Block password reset for suspended/deleted users
    
    Suspended and deleted users should not be able to reset their password,
    nor to re-verify their initial validation hash, nor to change their
    email address.

diff --git a/src/www/account/change_email-complete.php 
b/src/www/account/change_email-complete.php
index 8235432..17906c5 100644
--- a/src/www/account/change_email-complete.php
+++ b/src/www/account/change_email-complete.php
@@ -52,6 +52,8 @@ if (!$u || !is_object($u)) {
        exit_error(_('Could Not Get User'),'home');
 } elseif ($u->isError()) {
        exit_error($u->getErrorMessage(),'my');
+} elseif (($u->getStatus == 'D') || ($u->getStatus == 'D')) {
+       exit_error(_('Account is suspended or deleted','my'));
 }
 
 if (!$u->setEmail($u->getNewEmail())) {
diff --git a/src/www/account/lostlogin.php b/src/www/account/lostlogin.php
index ed92fdf..e4129bc 100644
--- a/src/www/account/lostlogin.php
+++ b/src/www/account/lostlogin.php
@@ -55,6 +55,8 @@ if (!$u || !is_object($u)) {
        exit_error(_('Could Not Get User'),'home');
 } elseif ($u->isError()) {
        exit_error($u->getErrorMessage(),'my');
+} elseif (($u->getStatus == 'D') || ($u->getStatus == 'D')) {
+       exit_error(_('Account is suspended or deleted','my'));
 }
 
 if (getStringFromRequest("submit")) {
diff --git a/src/www/account/lostpw.php b/src/www/account/lostpw.php
index 2ef888e..67bcd01 100644
--- a/src/www/account/lostpw.php
+++ b/src/www/account/lostpw.php
@@ -40,7 +40,7 @@ if (getStringFromRequest('submit')) {
 
        $u = user_get_object_by_name($loginname);
 
-       if (!$u || !is_object($u)){
+       if (!$u || !is_object($u) || ($u->getStatus == 'D') || ($u->getStatus 
== 'S')){
                form_release_key(getStringFromRequest('form_key'));
                exit_error(_('That user does not exist.'),'my');
        }
@@ -53,6 +53,8 @@ if (getStringFromRequest('submit')) {
        if ($u->isError()) {
                form_release_key(getStringFromRequest('form_key'));
                exit_error($u->getErrorMessage(),'my');
+       } elseif (($u->getStatus == 'D') || ($u->getStatus == 'D')) {
+               exit_error(_('Account is suspended or deleted','my'));
        } else {
 
                $message = sprintf(_('Someone (presumably you) on the %s site 
requested a password change through email verification.'),
diff --git a/src/www/account/unsubscribe.php b/src/www/account/unsubscribe.php
index 3b418ee..55c39b1 100644
--- a/src/www/account/unsubscribe.php
+++ b/src/www/account/unsubscribe.php
@@ -54,6 +54,8 @@ if (!$user || !is_object($user)) {
     exit_error(_('Could Not Get User'),'home');
 } elseif ($user->isError()) {
     exit_error($user->getErrorMessage(),'my');
+} elseif (($u->getStatus == 'D') || ($u->getStatus == 'D')) {
+       exit_error(_('Account is suspended or deleted','my'));
 }
 
 $all=getStringFromRequest('all');
diff --git a/src/www/account/verify.php b/src/www/account/verify.php
index 7889a78..8287bef 100644
--- a/src/www/account/verify.php
+++ b/src/www/account/verify.php
@@ -52,6 +52,8 @@ if (getStringFromRequest('submit')) {
                $error_msg = $u->getErrorMessage();
        } elseif ($u->getStatus()=='A'){
                $error_msg = _('Account already active.');
+       } elseif (($u->getStatus == 'D') || ($u->getStatus == 'D')) {
+               $error_msg = _('Account is suspended or deleted','my');
        } elseif ($confirm_hash != $u->getConfirmHash()) {
                $error_msg = _('Cannot confirm account identity - invalid 
confirmation hash (or login name)');
        } elseif (!session_login_valid($loginname, $passwd, 1)) {

-----------------------------------------------------------------------

Summary of changes:
 src/www/account/change_email-complete.php | 2 ++
 src/www/account/lostlogin.php             | 2 ++
 src/www/account/lostpw.php                | 4 +++-
 src/www/account/unsubscribe.php           | 2 ++
 src/www/account/verify.php                | 2 ++
 5 files changed, 11 insertions(+), 1 deletion(-)


hooks/post-receive
-- 
FusionForge

_______________________________________________
Fusionforge-commits mailing list
Fusionforge-commits@lists.fusionforge.org
http://lists.fusionforge.org/cgi-bin/mailman/listinfo/fusionforge-commits