diff --git a/admin/themes/default/js/user_list.js b/admin/themes/default/js/user_list.js
index 342372054..1e7f7c995 100644
--- a/admin/themes/default/js/user_list.js
+++ b/admin/themes/default/js/user_list.js
@@ -2215,8 +2215,9 @@ function send_new_user_password(user_id, mail) {
$.ajax({
url: "ws.php?format=json",
dataType: "json",
+ type: "POST",
data:{
- method: 'pwg.users.generateResetPasswordLink',
+ method: 'pwg.users.generatePasswordLink',
user_id: user_id,
send_by_mail: send_by_mail,
pwg_token: pwg_token
@@ -2228,12 +2229,14 @@ function send_new_user_password(user_id, mail) {
$('#AddUserFieldContainer').hide();
$('#AddUserSuccessContainer').fadeIn();
$('#AddUserPasswordLink').val(response.result.generated_link).trigger('focus');
- $('#AddUserTextField').html(send_by_mail ? sprintf(validLinkMail, `${mail}`) : validLinkWithoutMail);
+ $('#AddUserTextField').html(send_by_mail
+ ? sprintf(validLinkMail, response.result.time_validation, `${mail}`)
+ : sprintf(validLinkWithoutMail, response.result.time_validation));
if(send_by_mail && !response.result.send_by_mail) {
$('#AddUserUpdated').removeClass('icon-green border-green icon-ok').addClass('icon-red-error icon-cancel');
$('#AddUserUpdatedText').html(errorMailSent);
- $('#AddUserTextField').html(errorMailSentMsg);
+ $('#AddUserTextField').html(sprintf(errorMailSentMsg, response.result.time_validation));
} else if (send_by_mail && response.result.send_by_mail) {
password_container.hide();
}
@@ -2316,8 +2319,9 @@ function send_link_password(email, username, user_id, send_by_mail) {
$.ajax({
url: "ws.php?format=json",
dataType: "json",
+ type: "POST",
data: {
- method: 'pwg.users.generateResetPasswordLink',
+ method: 'pwg.users.generatePasswordLink',
user_id: user_id,
send_by_mail: send_by_mail,
pwg_token: pwg_token
diff --git a/admin/themes/default/template/user_list.tpl b/admin/themes/default/template/user_list.tpl
index a4bba7cef..6ad777c88 100644
--- a/admin/themes/default/template/user_list.tpl
+++ b/admin/themes/default/template/user_list.tpl
@@ -45,9 +45,9 @@ const mainUserUpgradeWebmaster = "{'This user must first be defined as the webma
const errorStr = "{'an error happened'|@translate|escape:javascript}";
const copyLinkStr = "{'Copied link'|@translate|escape:javascript}";
const cantCopy = "{'You cannot copy the password if the connection to this site is not secure.'|@translate|escape:javascript}";
-const validLinkMail = "{'An activation link valid for 1 hour has been sent to "%s". If the user doesn\'t receive the link, you can generate and copy a new one by editing the user and managing her password.'|@translate|escape:javascript}";
+const validLinkMail = "{'An activation link valid for %s has been sent to "%s". If the user doesn\'t receive the link, you can generate and copy a new one by editing the user and managing her password.'|@translate|escape:javascript}";
const validLinkWithoutMail = "{'Copy the link below and send it to the user so the password can be set.'|@translate|escape:javascript}";
-const errorMailSentMsg = "{'An activation link valid for 1 hour was created but could not be sent. You can now copy the link below and send it to the user.'|@translate|escape:javascript}";
+const errorMailSentMsg = "{'An activation link valid for %s was created but could not be sent. You can now copy the link below and send it to the user.'|@translate|escape:javascript}";
const registered_str = '{"Registered"|@translate|escape:javascript}';
const last_visit_str = '{"Last visit"|@translate|escape:javascript}';
diff --git a/include/config_default.inc.php b/include/config_default.inc.php
index 4fc47bc2e..b1e27bc6a 100644
--- a/include/config_default.inc.php
+++ b/include/config_default.inc.php
@@ -599,6 +599,14 @@ $conf['browser_language'] = true;
// If false it'll be redirected from index.php to identification.php
$conf['guest_access'] = true;
+// password_reset_duration : defines the validity duration (in seconds) of a
+// password reset link. Default value is one hour (3600 seconds).
+$conf['password_reset_duration'] = 60*60;
+
+// password_activation_duration : defines the validity duration (in seconds)
+// of an password activation link. Default value is 72 hours (259200 seconds).
+$conf['password_activation_duration'] = 3*24*60*60;
+
// +-----------------------------------------------------------------------+
// | history |
// +-----------------------------------------------------------------------+
diff --git a/include/functions_mail.inc.php b/include/functions_mail.inc.php
index 1c15ecabc..fac513277 100644
--- a/include/functions_mail.inc.php
+++ b/include/functions_mail.inc.php
@@ -1010,11 +1010,12 @@ function pwg_send_mail_test($success, $mail, $args)
* Return the content mail to send
* @since 15
* @param string $username
- * @param string $reset_password_link
+ * @param string $password_link
* @param string $gallery_title
- * @return string mail content
+ * @param string $remaining_time
+ * @return array mail content
*/
-function pwg_generate_reset_password_mail($username, $reset_password_link, $gallery_title)
+function pwg_generate_reset_password_mail($username, $password_link, $gallery_title, $remaining_time)
{
set_make_full_url();
@@ -1026,7 +1027,8 @@ function pwg_generate_reset_password_mail($username, $reset_password_link, $gall
);
$message.= "\r\n\r\n";
$message.= l10n('To reset your password, visit the following address:') . "\r\n";
- $message.= $reset_password_link;
+ $message.= $password_link . "\r\n";
+ $message.= l10n('This link is valid for %s. After this time, you will need to request a new link.', $remaining_time);
$message.= "\r\n\r\n";
$message.= l10n('If this was a mistake, just ignore this email and nothing will happen.')."\r\n";
@@ -1047,11 +1049,12 @@ function pwg_generate_reset_password_mail($username, $reset_password_link, $gall
* Return the content mail to send
* @since 15
* @param string $username
- * @param string $reset_password_link
+ * @param string $password_link
* @param string $gallery_title
- * @return string mail content
+ * @param string $remaining_time
+ * @return array mail content
*/
-function pwg_generate_set_password_mail($username, $set_password_link, $gallery_title)
+function pwg_generate_set_password_mail($username, $set_password_link, $gallery_title, $remaining_time)
{
set_make_full_url();
@@ -1063,7 +1066,8 @@ function pwg_generate_set_password_mail($username, $set_password_link, $gallery_
);
$message.= "\r\n\r\n";
$message.= l10n('To set your password, visit the following address:') . "\r\n";
- $message.= $set_password_link;
+ $message.= $set_password_link . "\r\n";
+ $message.= l10n('This link is valid for %s. After this time, you will need to request a new link.', $remaining_time);
$message.= "\r\n\r\n";
$message.= l10n('If this was a mistake, just ignore this email and nothing will happen.')."\r\n";
diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php
index d01d350a5..dc13418d1 100644
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@@ -1740,14 +1740,19 @@ function deactivate_password_reset_key($user_id)
*
* @since 15
* @param int $user_id
- * @param string $user_email
- * @return array activation_key and reset password link
+ * @param boolean $first_login
+ * @return array time_validation and password link
*/
-function generate_reset_password_link($user_id)
+function generate_password_link($user_id, $first_login=false)
{
+ global $conf;
+
$activation_key = generate_key(20);
- list($expire) = pwg_db_fetch_row(pwg_query('SELECT ADDDATE(NOW(), INTERVAL 1 HOUR)'));
+ $duration = $first_login
+ ? $conf['password_activation_duration']
+ : $conf['password_reset_duration'];
+ list($expire) = pwg_db_fetch_row(pwg_query('SELECT ADDDATE(NOW(), INTERVAL '. $duration .' SECOND)'));
single_update(
USER_INFOS_TABLE,
@@ -1760,13 +1765,20 @@ function generate_reset_password_link($user_id)
set_make_full_url();
- $reset_password_link = get_root_url().'password.php?key='.$activation_key;
+ $password_link = get_root_url().'password.php?key='.$activation_key;
unset_make_full_url();
+ $time_validation = time_since(
+ strtotime('now -'.$duration.' second'),
+ 'second',
+ null,
+ false
+ );
+
return array(
- 'activation_key' => $activation_key,
- 'reset_password_link' => $reset_password_link,
+ 'time_validation' => $time_validation,
+ 'password_link' => $password_link,
);
}
diff --git a/include/ws_functions/pwg.users.php b/include/ws_functions/pwg.users.php
index 220722be1..3e9f3f2c9 100644
--- a/include/ws_functions/pwg.users.php
+++ b/include/ws_functions/pwg.users.php
@@ -989,7 +989,7 @@ SELECT
* @option string pwg_token
* @option boolean send_by_mail
*/
-function ws_users_generate_reset_password_link($params, &$service)
+function ws_users_generate_password_link($params, &$service)
{
global $user, $conf;
include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
@@ -1020,19 +1020,19 @@ function ws_users_generate_reset_password_link($params, &$service)
return new PwgError(403, 'You cannot perform this action');
}
- $generate_link = generate_reset_password_link($params['user_id']);
+ $first_login = first_connexion($params['user_id']);
+ $generate_link = generate_password_link($params['user_id'], $first_login);
$send_by_mail_response = null;
if ($params['send_by_mail'] and !empty($user_lost['email']))
{
- $first_login = first_connexion($params['user_id']);
if ($first_login)
{
- $email_params = pwg_generate_set_password_mail($user_lost['username'], $generate_link['reset_password_link'], $conf['gallery_title']);
+ $email_params = pwg_generate_set_password_mail($user_lost['username'], $generate_link['password_link'], $conf['gallery_title'], $generate_link['time_validation']);
}
else
{
- $email_params = pwg_generate_reset_password_mail($user_lost['username'], $generate_link['reset_password_link'], $conf['gallery_title']);
+ $email_params = pwg_generate_reset_password_mail($user_lost['username'], $generate_link['password_link'], $conf['gallery_title'], $generate_link['time_validation']);
}
// Here we remove the display of errors because they prevent the response from being parsed
if (@pwg_mail($user_lost['email'], $email_params))
@@ -1046,8 +1046,9 @@ function ws_users_generate_reset_password_link($params, &$service)
}
return array(
- 'generated_link' => $generate_link['reset_password_link'],
+ 'generated_link' => $generate_link['password_link'],
'send_by_mail' => $send_by_mail_response,
+ 'time_validation' => $generate_link['time_validation'],
);
}
diff --git a/language/en_UK/admin.lang.php b/language/en_UK/admin.lang.php
index 5fff88c96..8a1731ea7 100644
--- a/language/en_UK/admin.lang.php
+++ b/language/en_UK/admin.lang.php
@@ -1392,9 +1392,9 @@ $lang['Set as main user'] = 'Set as main user';
$lang['This user must first be defined as the webmaster before it can be upgraded to the main user'] = 'This user must first be defined as the webmaster before it can be upgraded to the main user';
$lang['Copied link'] = 'Copied link';
$lang['You cannot copy the password if the connection to this site is not secure.'] = 'You cannot copy the password if the connection to this site is not secure.';
-$lang['An activation link valid for 1 hour has been sent to "%s". If the user doesn\'t receive the link, you can generate and copy a new one by editing the user and managing her password.'] = 'An activation link valid for 1 hour has been sent to "%s". If the user doesn\'t receive the link, you can generate and copy a new one by editing the user and managing her password.';
+$lang['An activation link valid for %s has been sent to "%s". If the user doesn\'t receive the link, you can generate and copy a new one by editing the user and managing her password.'] = 'An activation link valid for %s has been sent to "%s". If the user doesn\'t receive the link, you can generate and copy a new one by editing the user and managing her password.';
$lang['Copy the link below and send it to the user so the password can be set.'] = 'Copy the link below and send it to the user so the password can be set.';
-$lang['An activation link valid for 1 hour was created but could not be sent. You can now copy the link below and send it to the user.'] = 'An activation link valid for 1 hour was created but could not be sent. You can now copy the link below and send it to the user.';
+$lang['An activation link valid for %s was created but could not be sent. You can now copy the link below and send it to the user.'] = 'An activation link valid for %s was created but could not be sent. You can now copy the link below and send it to the user.';
$lang['Copy the password link'] = 'Copy the password link';
$lang['Resend password link'] = 'Resend password link';
$lang['Username successfully modified'] = 'Username successfully modified';
@@ -1403,4 +1403,7 @@ $lang['Yes, let\'s proceed'] = 'Yes, let\'s proceed';
$lang['What\'s new in version %s'] = 'What\'s new in version %s?';
$lang['Read the release note'] = 'Read the release note';
$lang['Ok, got it!'] = 'Ok, got it!';
+$lang['This link is valid for %s. After this time, you will need to request a new link.'] = 'This link is valid for %s. After this time, you will need to request a new link.';
+$lang['To set your password, visit the following address:'] = 'To set your password, visit the following address:';
+$lang['Someone requested that the password be set for the following user account:'] = 'Someone requested that the password be set for the following user account:';
// Leave this line empty
\ No newline at end of file
diff --git a/language/fr_FR/admin.lang.php b/language/fr_FR/admin.lang.php
index 7b8853d70..260cf2518 100644
--- a/language/fr_FR/admin.lang.php
+++ b/language/fr_FR/admin.lang.php
@@ -1394,9 +1394,9 @@ $lang['Set as main user'] = 'Définir comme utilisateur principal';
$lang['This user must first be defined as the webmaster before it can be upgraded to the main user'] = 'Cet utilisateur doit d\'abord être défini en tant que webmaster avant de pouvoir devenir l\'utilisateur principal';
$lang['Copied link'] = 'Lien copié';
$lang['You cannot copy the password if the connection to this site is not secure.'] = 'Vous ne pouvez pas copier le mot de passe si la connexion à ce site n\'est pas sécurisée.';
-$lang['An activation link valid for 1 hour has been sent to "%s". If the user doesn\'t receive the link, you can generate and copy a new one by editing the user and managing her password.'] = 'Un lien d\'activation valable 1 heure a été envoyé à « %s ». Si l\'utilisateur ne reçoit pas le lien, vous pouvez en générer et en copier un nouveau en éditant l\'utilisateur et en gérant son mot de passe.';
+$lang['An activation link valid for %s has been sent to "%s". If the user doesn\'t receive the link, you can generate and copy a new one by editing the user and managing her password.'] = 'Un lien d\'activation valable %s a été envoyé à « %s ». Si l\'utilisateur ne reçoit pas le lien, vous pouvez en générer et en copier un nouveau en éditant l\'utilisateur et en gérant son mot de passe.';
$lang['Copy the link below and send it to the user so the password can be set.'] = 'Copiez le lien ci-dessous et envoyez-le à l\'utilisateur pour qu\'il définisse son mot de passe.';
-$lang['An activation link valid for 1 hour was created but could not be sent. You can now copy the link below and send it to the user.'] = 'Un lien d\'activation valable 1 heure a été créé mais n\'a pas pu être envoyé. Vous pouvez maintenant copier le lien ci-dessous et l\'envoyer à l\'utilisateur.';
+$lang['An activation link valid for %s was created but could not be sent. You can now copy the link below and send it to the user.'] = 'Un lien d\'activation valable %s a été créé mais n\'a pas pu être envoyé. Vous pouvez maintenant copier le lien ci-dessous et l\'envoyer à l\'utilisateur.';
$lang['Copy the password link'] = 'Copier le lien du mot de passe';
$lang['Resend password link'] = 'Renvoyer le lien du mot de passe';
$lang['Username successfully modified'] = 'Nom d\'utilisateur modifié avec succès';
@@ -1405,4 +1405,7 @@ $lang['Yes, let\'s proceed'] = 'Oui, continuons';
$lang['What\'s new in version %s'] = 'Quoi de neuf dans Piwigo %s ?';
$lang['Read the release note'] = 'Lire la note de version';
$lang['Ok, got it!'] = 'Ok, j\'ai compris!';
+$lang['This link is valid for %s. After this time, you will need to request a new link.'] = 'Ce lien est valide pendant %s. Passé ce délai, vous devrez demander un nouveau lien.';
+$lang['To set your password, visit the following address:'] = 'Pour définir votre mot de passe, rendez-vous à l\'adresse suivante:';
+$lang['Someone requested that the password be set for the following user account:'] = 'Quelqu\'un a demandé que le mot de passe soit défini pour l\'utilisateur suivant:';
// Leave this line empty
diff --git a/password.php b/password.php
index c44421eb0..9088116aa 100644
--- a/password.php
+++ b/password.php
@@ -76,11 +76,11 @@ function process_password_request()
return false;
}
- $generate_link = generate_reset_password_link($user_id);
+ $generate_link = generate_password_link($user_id);
- $userdata['activation_key'] = $generate_link['activation_key'];
+ // $userdata['activation_key'] = $generate_link['activation_key'];
- $email_params = pwg_generate_reset_password_mail($userdata['username'], $generate_link['reset_password_link'], $conf['gallery_title']);
+ $email_params = pwg_generate_reset_password_mail($userdata['username'], $generate_link['password_link'], $conf['gallery_title'], $generate_link['time_validation']);
if (pwg_mail($userdata['email'], $email_params))
{
diff --git a/ws.php b/ws.php
index 526ff2f42..c6c266a0d 100644
--- a/ws.php
+++ b/ws.php
@@ -1506,8 +1506,8 @@ enabled_high, registration_date, registration_date_string, registration_date_sin
);
$service->addMethod(
- 'pwg.users.generateResetPasswordLink',
- 'ws_users_generate_reset_password_link',
+ 'pwg.users.generatePasswordLink',
+ 'ws_users_generate_password_link',
array(
'user_id' => array(
'type'=>WS_TYPE_ID
@@ -1522,7 +1522,7 @@ enabled_high, registration_date, registration_date_string, registration_date_sin
'Return the reset password link
(Only webmaster can perform this action for another webmaster)',
$ws_functions_root . 'pwg.users.php',
- array('admin_only'=>true)
+ array('admin_only'=>true, 'post_only'=>true)
);
$service->addMethod(