X-Git-Url: http://git.sourceforge.jp/view?a=blobdiff_plain;f=src%2Fnewslash_web%2Flib%2FNewslash%2FPlugin%2FUsers.pm;fp=src%2Fnewslash_web%2Flib%2FNewslash%2FPlugin%2FUsers.pm;h=21c11133e271f75c5859d3d90ff5d7734d47e62d;hb=8cce59d737a2e9f5712046b3b403af799abb41d1;hp=a3b2b89b71a160a325842fe588ccf3bf779f1cb0;hpb=7009e56137158b80d479dab7861fe62da0239d08;p=newslash%2Fnewslash.git diff --git a/src/newslash_web/lib/Newslash/Plugin/Users.pm b/src/newslash_web/lib/Newslash/Plugin/Users.pm index a3b2b89b..21c11133 100644 --- a/src/newslash_web/lib/Newslash/Plugin/Users.pm +++ b/src/newslash_web/lib/Newslash/Plugin/Users.pm @@ -30,12 +30,55 @@ sub cancel_activation { my $rs = $users->update(uid => $user->{uid}, newpasswd => "", newpasswd_ts => {function => "NULL"}); - if (!$rs) { + if (!defined $rs) { $self->app->log->error("Users: newpasswd reset error! uid: $user->{uid}"); + $self->last_error($users->last_error); + return; } - return $rs; + return 1; +} + +sub update_password_by_token { + my ($self, $nickname, $token, $password) = @_; + + # check nickname and token pair + my $the_user = $self->activation($nickname, $token); + return if !$the_user; + + return $self->_update_password($the_user, $password); +} + +sub update_password { + my ($self, $user, $old_password, $new_password) = @_; + return; +} + +sub _update_password { + my ($self, $the_user, $password) = @_; + my $users = $self->app->model('users'); + + my @params = (uid => $the_user->{uid}, + passwd => $password ); + + if ($the_user->{seclev} < 1) { + push @params, seclev => 1; + } + + if ($the_user->{newpasswd}) { + push @params, newpasswd => ""; + push @params, newpasswd_ts => { function => "NULL" }; + } + + my $rs = $users->update(@params); + + if (!defined $rs) { + $self->last_error($users->last_error); + return; + } + return 1; } + sub activation { my ($self, $nickname, $token) = @_; return if (!$nickname || !$token); @@ -45,9 +88,10 @@ sub activation { # check if token is correct if (!$the_user - || $users->passwords->compare_password($token, $the_user->{newpasswd}) + || !$users->passwords->compare_password($token, $the_user->{newpasswd}) || !$the_user->{newpasswd_ts}) { - return { error => "INVALID_TOKEN" }; + $self->last_error("INVALID_TOKEN"); + return; } # check if token is expired @@ -55,15 +99,17 @@ sub activation { my $expire_dt = eval { DateTime::Format::MySQL->parse_datetime($the_user->{newpasswd_ts}) }; if (!$expire_dt) { $self->app->log->error("Users: invalid newpasswd_ts ($the_user->{newpasswd_ts}). uid: $the_user->{uid}"); - return { error => "INVALID_TOKEN" }; + $self->last_error("INVALID_TOKEN"); + return; } $expire_dt->add( seconds => $expiration_limit); if ($expire_dt->epoch() < time()) { - return { error => "TOKEN_EXPIRED" }; + $self->last_error("TOKEN_EXPIRED"); + return; } # ok - return { error => 0 }; + return $the_user; } sub create_new_user { @@ -74,16 +120,18 @@ sub create_new_user { # check $nickname and $email my ($id_error, $email_error) = $self->validate_new_user($nickname, $email); if ($id_error || $email_error) { - return (0, { id_error => $id_error, - email_error => $email_error }); + $self->last_error({ id_error => $id_error, + email_error => $email_error }); + return; } my $uid = $users->create($nickname, $email, "", { seclev => 0 }); if (!$uid) { # error occured - return (0, { id_error => $id_error, - email_error => $email_error, - system_error => $users->last_error }); + $self->last_error({ id_error => $id_error, + email_error => $email_error, + system_error => $users->last_error }); + return; } # check options @@ -138,7 +186,12 @@ sub validate_new_user { } } - return ($id_error, $email_error); + if ($id_error || $email_error) { + $self->last_error({id_error => $id_error, email_error => $email_error}); + return; + } + + return 1; } 1;