Attempts by unvalidated users to login or request new passwords now trigger plugin hooks (if available) or trigger the user validation event by default. Thus, in the default case, the user will be remailed a validation link. Addresses part of http://trac.elgg.org/elgg/ticket/759 .

git-svn-id: https://code.elgg.org/elgg/trunk@2924 36083f99-b078-4883-b0ff-0f9b5a30f544

1 files changed, 18 insertions, 8 deletions

diff --git a/actions/user/requestnewpassword.php b/actions/user/requestnewpassword.php
index de7147a7b..0e685adde 100644
--- a/actions/user/requestnewpassword.php
+++ b/actions/user/requestnewpassword.php
@@ -16,18 +16,28 @@
 	action_gatekeeper();
 	
 	$username = get_input('username');
-	
+	

+	$access_status = access_get_show_hidden_status();

+	access_show_hidden_entities(true);
 	$user = get_user_by_username($username);
 	if ($user)
-	{
-		if (send_new_password_request($user->guid))
-			system_message(elgg_echo('user:password:resetreq:success'));
-		else
-			register_error(elgg_echo('user:password:resetreq:fail')); 
+	{

+		if ($user->validated) {
+			if (send_new_password_request($user->guid))
+				system_message(elgg_echo('user:password:resetreq:success'));
+			else
+				register_error(elgg_echo('user:password:resetreq:fail'));

+		} else if (!trigger_plugin_hook('unvalidated_requestnewpassword','user',array('entity'=>$user))) {

+        	// if plugins have not registered an action, the default action is to

+        	// trigger the validation event again and assume that the validation

+        	// event will display an appropriate message

+			trigger_elgg_event('validate', 'user', $user);

+        }
 	}
 	else
-		register_error(sprintf(elgg_echo('user:username:notfound'), $username));
-	
+		register_error(sprintf(elgg_echo('user:username:notfound'), $username));

+		
+	access_show_hidden_entities($access_status);
 	forward($_SERVER['HTTP_REFERER']);
 	exit;
 ?>
\ No newline at end of file