From 7846165d81f3ace1a504716cd2d28bd97aef7daa Mon Sep 17 00:00:00 2001 From: Platonides Date: Mon, 27 Dec 2010 17:17:45 +0000 Subject: [PATCH] (Bug 26434) - Generated password from "Create account by email" does not work. Another consequence of the $ts === 0 from r71751. Fixed in a more verbose way. Behavior documented in tables.sql --- includes/User.php | 4 +++- maintenance/tables.sql | 5 ++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/includes/User.php b/includes/User.php index 4f63fb790d..4bada328ba 100644 --- a/includes/User.php +++ b/includes/User.php @@ -2820,7 +2820,9 @@ class User { function checkTemporaryPassword( $plaintext ) { global $wgNewPasswordExpiry; if( self::comparePasswords( $this->mNewpassword, $plaintext, $this->getId() ) ) { - $this->load(); + if ( is_null( $this->mNewpassTime ) ) { + return true; + } $expiry = wfTimestamp( TS_UNIX, $this->mNewpassTime ) + $wgNewPasswordExpiry; return ( time() < $expiry ); } else { diff --git a/maintenance/tables.sql b/maintenance/tables.sql index 43672ea64a..59cf7e0c67 100644 --- a/maintenance/tables.sql +++ b/maintenance/tables.sql @@ -76,7 +76,10 @@ CREATE TABLE /*_*/user ( user_newpassword tinyblob NOT NULL, -- Timestamp of the last time when a new password was - -- sent, for throttling purposes + -- sent, for throttling and expiring purposes + -- Emailed passwords will expire $wgNewPasswordExpiry + -- (a week) after being set. If user_newpass_time is NULL + -- (eg. created by mail) it doesn't expire. user_newpass_time binary(14), -- Note: email should be restricted, not public info. -- 2.20.1