Commit fc9ee332 authored by Robert Lyon's avatar Robert Lyon Committed by Aaron Wells
Browse files

Checking and removing of expired password requests (Bug #1296472)



Seen as we already have an expiry column in the db we might as well
use it.

Change-Id: I4de92289edff40e26c74ff8b9e4a77cf9bd8ccf2
Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
parent 66822ecc
......@@ -1654,6 +1654,13 @@ function auth_clean_partial_registrations() {
WHERE expiry < ?', array(db_format_timestamp(time())));
}
/**
* Removes password reset requests that were not completed in the allowed amount of time
*/
function auth_clean_expired_password_requests() {
delete_records_sql('DELETE FROM {usr_password_request}
WHERE expiry < ?', array(db_format_timestamp(time())));
}
function _email_or_notify($user, $subject, $bodytext, $bodyhtml) {
try {
......
......@@ -34,6 +34,10 @@ if (isset($_GET['key'])) {
die_info(get_string('nosuchpasswordrequest'));
}
if (strtotime($pwrequest->expiry) < time()) {
die_info(get_string('passwordresetexpired'));
}
$form = array(
'name' => 'forgotpasschange',
'method' => 'post',
......
......@@ -493,6 +493,7 @@ $string['forgotpassnosuchemailaddressorusername'] = 'The email address or userna
$string['forgotpassuserusingexternalauthentication'] = 'The user you requested uses an external authentication method. <a href="%s">Ask your administrator</a> for help with changing your password. Or provide another username or email address.';
$string['forgotpasswordenternew'] = 'Please enter your new password to continue.';
$string['nosuchpasswordrequest'] = 'No such password request';
$string['passwordresetexpired'] = 'The password reset key has expired';
$string['passwordchangedok'] = 'Your password was successfully changed.';
// Reset password when moving from external to internal auth.
......
......@@ -3477,5 +3477,17 @@ function xmldb_core_upgrade($oldversion=0) {
create_table($table);
}
if ($oldversion < 2014062000) {
$data = array('callfunction' => 'auth_clean_expired_password_requests',
'nextrun' => null,
'minute' => '5',
'hour' => '0',
'day' => '*',
'month' => '*',
'dayofweek' => '*',
);
ensure_record_exists('cron', (object)$data, (object)$data);
}
return $status;
}
......@@ -905,6 +905,7 @@ function core_install_firstcoredata_defaults() {
// install the cronjobs...
$cronjobs = array(
'auth_clean_partial_registrations' => array('5', '0', '*', '*', '*'),
'auth_clean_expired_password_requests' => array('5', '0', '*', '*', '*'),
'auth_handle_account_expiries' => array('5', '10', '*', '*', '*'),
'auth_handle_institution_expiries' => array('5', '9', '*', '*', '*'),
'activity_process_queue' => array('*/5', '*', '*', '*', '*'),
......
......@@ -16,7 +16,7 @@ $config = new stdClass();
// See https://wiki.mahara.org/index.php/Developer_Area/Version_Numbering_Policy
// For upgrades on stable branches, increment the version by one. On master, use the date.
$config->version = 2014061100;
$config->version = 2014062000;
$config->release = '1.10.0dev';
$config->minupgradefrom = 2009022600;
$config->minupgraderelease = '1.1.0 (release tag 1.1.0_RELEASE)';
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment