From 3a443b56233c58df49d15861c1c4add996b7660b Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Thu, 3 Oct 2019 16:56:17 +0200 Subject: [ticket/11327] Adjust code per review comments PHPBB3-11327 --- phpBB/config/default/container/services_ucp.yml | 2 +- phpBB/language/en/ucp.php | 2 +- phpBB/phpbb/ucp/controller/reset_password.php | 35 +++++++++++++------------ 3 files changed, 20 insertions(+), 19 deletions(-) (limited to 'phpBB') diff --git a/phpBB/config/default/container/services_ucp.yml b/phpBB/config/default/container/services_ucp.yml index 44e97cb546..861fa4ac75 100644 --- a/phpBB/config/default/container/services_ucp.yml +++ b/phpBB/config/default/container/services_ucp.yml @@ -12,6 +12,6 @@ services: - '@request' - '@template' - '@user' - - '%tables%' + - '%tables.users%' - '%core.root_path%' - '%core.php_ext%' diff --git a/phpBB/language/en/ucp.php b/phpBB/language/en/ucp.php index 2fb6a93754..542d814911 100644 --- a/phpBB/language/en/ucp.php +++ b/phpBB/language/en/ucp.php @@ -417,7 +417,7 @@ $lang = array_merge($lang, array( 'PASSWORD' => 'Password', 'PASSWORD_ACTIVATED' => 'Your new password has been activated.', 'PASSWORD_RESET' => 'Your password has been successfully reset.', - 'PASSWORD_RESET_LINK_SENT' => 'If your account exists, a password reset link was sent to your registered email address. If you do not receive an email, it may be because you are banned, your account is not activated, you have requested multiple password resets within a short time frame, or you are not allowed to change your password. Contact an admin if any of those reasons apply. Also, please check your spam filter.', + 'PASSWORD_RESET_LINK_SENT' => 'If your account exists, a password reset link was sent to your registered email address. If you do not receive an email, it may be because you are banned, your account is not activated, you have requested multiple password resets within a short time frame, or you are not allowed to change your password. Contact an administrator if any of those reasons apply. Also, please check your spam filter.', 'PERMISSIONS_RESTORED' => 'Successfully restored original permissions.', 'PERMISSIONS_TRANSFERRED' => 'Successfully transferred permissions from %s, you are now able to browse the board with this user’s permissions.
Please note that admin permissions were not transferred. You are able to revert to your permission set at any time.', 'PM_DISABLED' => 'Private messaging has been disabled on this board.', diff --git a/phpBB/phpbb/ucp/controller/reset_password.php b/phpBB/phpbb/ucp/controller/reset_password.php index d7b96c51c4..666957b0dc 100644 --- a/phpBB/phpbb/ucp/controller/reset_password.php +++ b/phpBB/phpbb/ucp/controller/reset_password.php @@ -63,7 +63,7 @@ class reset_password protected $user; /** @var array phpBB DB table names */ - protected $tables; + protected $users_table; /** @var string phpBB root path */ protected $root_path; @@ -84,13 +84,14 @@ class reset_password * @param request_interface $request * @param template $template * @param user $user - * @param array $tables - * @param $root_path - * @param $php_ext + * @param string $users_table + * @param string $root_path + * @param string $php_ext */ public function __construct(config $config, driver_interface $db, dispatcher $dispatcher, helper $helper, language $language, log_interface $log, manager $passwords_manager, - request_interface $request, template $template, user $user, $tables, $root_path, $php_ext) + request_interface $request, template $template, user $user, string $users_table, + string $root_path, string $php_ext) { $this->config = $config; $this->db = $db; @@ -102,7 +103,7 @@ class reset_password $this->request = $request; $this->template = $template; $this->user = $user; - $this->tables = $tables; + $this->users_table = $users_table; $this->root_path = $root_path; $this->php_ext = $php_ext; } @@ -135,7 +136,7 @@ class reset_password 'reset_token_expiration' => 0, ]; - $sql = 'UPDATE ' . $this->tables['users'] . ' + $sql = 'UPDATE ' . $this->users_table . ' SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . ' WHERE user_id = ' . $user_id; $this->db->sql_query($sql); @@ -171,7 +172,7 @@ class reset_password $sql_array = [ 'SELECT' => 'user_id, username, user_permissions, user_email, user_jabber, user_notify_type, user_type,' . ' user_lang, user_inactive_reason, reset_token, reset_token_expiration', - 'FROM' => [$this->tables['users'] => 'u'], + 'FROM' => [$this->users_table => 'u'], 'WHERE' => "user_email_hash = '" . $this->db->sql_escape(phpbb_email_hash($email)) . "'" . (!empty($username) ? " AND username_clean = '" . $this->db->sql_escape(utf8_clean_string($username)) . "'" : ''), ]; @@ -228,10 +229,10 @@ class reset_password } // Check users permissions - $auth2 = new auth(); - $auth2->acl($user_row); + $auth = new auth(); + $auth->acl($user_row); - if (!$auth2->acl_get('u_chgpasswd')) + if (!$auth->acl_get('u_chgpasswd')) { return $this->helper->message($message); } @@ -244,7 +245,7 @@ class reset_password 'reset_token_expiration' => strtotime('+1 day'), ]; - $sql = 'UPDATE ' . $this->tables['users'] . ' + $sql = 'UPDATE ' . $this->users_table . ' SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . ' WHERE user_id = ' . $user_row['user_id']; $this->db->sql_query($sql); @@ -314,7 +315,7 @@ class reset_password $sql_array = [ 'SELECT' => 'user_id, username, user_permissions, user_email, user_jabber, user_notify_type, user_type,' . ' user_lang, user_inactive_reason, reset_token, reset_token_expiration', - 'FROM' => [$this->tables['users'] => 'u'], + 'FROM' => [$this->users_table => 'u'], 'WHERE' => 'user_id = ' . $user_id, ]; @@ -373,10 +374,10 @@ class reset_password } // Check users permissions - $auth2 = new auth(); - $auth2->acl($user_row); + $auth = new auth(); + $auth->acl($user_row); - if (!$auth2->acl_get('u_chgpasswd')) + if (!$auth->acl_get('u_chgpasswd')) { return $this->helper->message($message); } @@ -410,7 +411,7 @@ class reset_password 'reset_token' => '', 'reset_token_expiration' => 0, ]; - $sql = 'UPDATE ' . $this->tables['users'] . ' + $sql = 'UPDATE ' . $this->users_table . ' SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . ' WHERE user_id = ' . (int) $user_row['user_id']; $this->db->sql_query($sql); -- cgit v1.2.1