(Bug 26434) - Generated password from "Create account by email" does not work.

Another consequence of the $ts === 0 from r71751.
Fixed in a more verbose way. Behavior documented in tables.sql

diff --git a/includes/User.php b/includes/User.php
index 4f63fb7..4bada32 100644 (file)
--- a/includes/User.php
+++ b/includes/User.php
@@ -2820,7 +2820,9 @@ class User {
        function checkTemporaryPassword( $plaintext ) {
                global $wgNewPasswordExpiry;
                if( self::comparePasswords( $this->mNewpassword, $plaintext, $this->getId() ) ) {
-                       $this->load();
+                       if ( is_null( $this->mNewpassTime ) ) {
+                               return true;
+                       }
                        $expiry = wfTimestamp( TS_UNIX, $this->mNewpassTime ) + $wgNewPasswordExpiry;
                        return ( time() < $expiry );
                } else {

diff --git a/maintenance/tables.sql b/maintenance/tables.sql
index 43672ea..59cf7e0 100644 (file)
--- a/maintenance/tables.sql
+++ b/maintenance/tables.sql
@@ -76,7 +76,10 @@ CREATE TABLE /*_*/user (
   user_newpassword tinyblob NOT NULL,
 
   -- Timestamp of the last time when a new password was
-  -- sent, for throttling purposes
+  -- sent, for throttling and expiring purposes
+  -- Emailed passwords will expire $wgNewPasswordExpiry
+  -- (a week) after being set. If user_newpass_time is NULL
+  -- (eg. created by mail) it doesn't expire.
   user_newpass_time binary(14),
 
   -- Note: email should be restricted, not public info.