Updating LoginToboggan to 7.x-1.5

mwanberg · Dec 4, 2018 · 2dc4452 · 2dc4452
1 parent 2f2124e
commit 2dc4452
Show file tree

Hide file tree

Showing 9 changed files with 170 additions and 30 deletions.
diff --git a/sites/all/modules/contrib/logintoboggan/CHANGELOG.txt b/sites/all/modules/contrib/logintoboggan/CHANGELOG.txt
@@ -0,0 +1,116 @@
+7.x-1.5, 2015-05-01
+-------------------
+- Added CHANGELOG.txt.
+- Various one-time-login and validation links don't work with Drupal 6.35 and Drupal 7.35.
+- Trimming email input of any stray space characters.
+- Merge branch '7.x-1.x' of git.drupal.org:project/logintoboggan into 7.x-1.x.
+- Issue #1257572 by md2: reinstates page title on unified login page.
+- Improve message consistency.
+- Prevent an existing user's email address being used as name by another user.
+- Apply patch 1363244-1 to install file.
+- Reapply patch after creating new 7.x-1.x dev version.
+- Missing parameter in moved_deltas.
+
+7.x-1.4, 2014-07-04
+-------------------
+- Unified login form not santitizing url.
+- Change hook that removes authorized role from users with temporary role so that it happens in all page loads.
+
+7.x-1.3, 2011-11-09
+-------------------
+- Add logintoboggan_variable module to contrib.
+- Update custom js for permissions to keep up with core.
+- Setting for optional unsetting of sidebars on access denied pages.
+- Removing incorrectly committed file.
+- Merge branch 'master' of git.drupal.org:project/logintoboggan.
+- Content Access compatibility contrib module README file, bump core version in .info file.
+- Deleting the accidently added patch file.
+- The LoginToboggan rule module now lists its event in User eventgroup. patch provided by mikewink.
+- Document non-authenticated role disables auto-permission from authenticated user.
+- Fix errors in t() implementation.
+- Content Access compatibility contrib module. implements a hook which specifies to Content Access that the Non-authenticated role, if defined, requires special treatment. i did not test the module at all, the contrib folder is the wild west, so hopefully it works. ;).
+- Show unified login on Access Denied. this also abstracts the creation of the unified login form into its own function, and adds a helper function to determine which login form to build based on the LT settings.
+- Use format_username() in theme_lt_login_link() function.
+- Typo in administration page. Mimimum should be minimum.
+- Use single spacing between sentences.
+
+7.x-1.2, 2011-03-04
+-------------------
+- For #753224 by scor: LoginToboggan Rules now compatible with Drupal7/Rules-7.x.
+- Other modules cannot react upon email validation.
+- Allow One Time Login To Be Used Only Once.
+- Removing translation directories.
+- Stripping CVS keywords.
+- Disable core 'Require e-mail verification when a visitor creates an account' setting.
+
+7.x-1.1, 2011-01-20
+-------------------
+- Hook_init too late to remove auth user role.
+
+7.x-1.0, 2011-01-06
+-------------------
+- Update logintoboggan_rules to 7.x.
+- Option for unified login/register page.
+- Use user_save instead of update hook in _logintoboggan_process_validation.
+- Update registration function with new workflow from core. clean up password description, max length no longer supported. update module help for 7.x.
+- Get rid of unnecessary batching function in cron.
+- Clean up upgrade file for 7.x.
+- Move admin and validation functions to .inc files.  various fixes in preparation for 7.x release.
+- Move protocol function back to main module file.
+- Break out admin pages and validation functions into .inc file.
+- Update the permissions js file in line with core updates.
+- Update install and readme for 7.x.
+- Update .info file for 7.x.
+- Add ID tags to css files.
+- Bad array syntax in logintoboggan_form_user_admin_permissions_alter.
+- Updating js/css handling for 7.x.
+- Remove unnecessary check for 'account' form element.
+- Ereg deprecated in PHP 5.3, remove from password checking function.
+- Enabling of Module Generates Warning from Token Module. move token hooks into separate .inc file.
+- Remove 30 char limit for password.
+- Email validation sent out even if new account was created by administrator.
+
+7.x-1.0-alpha3, 2010-07-25
+--------------------------
+- User_register value default has changed, contants for its values.  thanks to rfay for the tipoff.
+- Remove dead code for predicting if account form was wrapped in a fieldset or not.
+- Logintoboggan_main_settings has extraneous form_state arg.
+- Remove dead menu caching code.
+- Minor update to README.txt of logintoboggan_rules module.
+- Fix strict warning.
+- Disabling Display of Login Block creates PHP Notices, block settings missing.
+- Hide the auth user checkbox on the user edit screen if the user is in the pre-auth role -- reduces UI confusion.
+- Non-authenticated role is hidden in user profile form even when 'Set password' is unchecked.
+- Redirect on invalid email validation.
+- Adding LoginToboggan/Rules integration module.
+- Update link to admin'ing roles.
+- Use 'Sentence case' for settings page.
+- Leverage newly added user_delete_multiple function to purge unvalidated users.
+- Remove hard-coded numeric deltas from blocks, per core change.
+- Switch to using user_pass_rehash\(\) for validation hashs.
+- User interface changes per #546356.
+- Cleanup menu paths and arguments.
+- Rollback of #48438 due to core's change in #437930.
+- Better check for no password.
+- Use $_GLOBALS['user'] where appropriate.
+- Use #theme element for logged in block.
+- Remove unnecessary code causing fatal error.
+
+7.x-1.0-alpha2, 2009-10-25
+--------------------------
+- Arguments -> variables per change to hook_theme.
+
+7.x-1.0-alpha1, 2009-10-21
+--------------------------
+- Doxygen cleanups. user_delete -> user_cancel. use batchAPI for deleting unvalidated users.
+- Value -> markup. refactor check for a manual removal of the pre-auth role by the admin -- use a hidden form field instead. fix logic for password description. add a missing user message for registration when the pre-auth role is the auth user. fix broken query placeholders. remove unnecessary query that erroneously updated a user's login time when an admin validated their account. fix broken call to drupal_goto. fix up redirect array. use core's user mail functionality for resending validation emails. fix broken mail_alter implementation for admin validation emails.
+- Refactor mailing code to use user module's functions, tokens, and hook_mail_alter. make sure anonymous user can't access revalidation link menu callback. remove unneeded security check from registration function.
+- Use REQUEST_TIME, as per 7.x upgrade conventions.
+- Login successful message now contains username.  logged in block now uses theme_username on username.  update theme functions to work for 7.x.  clean up and refactor the access denied/login form functionality.  use a custom user admin permission js file when the pre-auth role is not the auth user -- allows pre-auth role to have lower permissions than auth role.
+- Much cleaner implementation of the site 403 variable reset logic.
+- Fix login link and collapsible login block for 7.x.
+- Update admin paths and help for 7.x.
+- More general main settings submit function.  refactor site 403 handling to work.
+- New admin path for module settings.  fix 'Set password' option to work with system_settings_form.
+- Ensure arrays before array operations.
+
diff --git a/...ib/logintoboggan_content_access_integration/logintoboggan_content_access_integration.info b/...ib/logintoboggan_content_access_integration/logintoboggan_content_access_integration.info
@@ -6,9 +6,9 @@ core = "7.x"
 dependencies[] = logintoboggan
 dependencies[] = content_access
 
-; Information added by drupal.org packaging script on 2011-11-09
-version = "7.x-1.3"
+; Information added by Drupal.org packaging script on 2015-05-01
+version = "7.x-1.5"
 core = "7.x"
 project = "logintoboggan"
-datestamp = "1320873335"
+datestamp = "1430501885"
 
diff --git a/sites/all/modules/contrib/logintoboggan/contrib/logintoboggan_rules/logintoboggan_rules.info b/sites/all/modules/contrib/logintoboggan/contrib/logintoboggan_rules/logintoboggan_rules.info
@@ -6,9 +6,9 @@ core = "7.x"
 dependencies[] = logintoboggan
 dependencies[] = rules
 
-; Information added by drupal.org packaging script on 2011-11-09
-version = "7.x-1.3"
+; Information added by Drupal.org packaging script on 2015-05-01
+version = "7.x-1.5"
 core = "7.x"
 project = "logintoboggan"
-datestamp = "1320873335"
+datestamp = "1430501885"
 
diff --git a/.../modules/contrib/logintoboggan/contrib/logintoboggan_variable/logintoboggan_variable.info b/.../modules/contrib/logintoboggan/contrib/logintoboggan_variable/logintoboggan_variable.info
@@ -5,9 +5,9 @@ core = "7.x"
 dependencies[] = logintoboggan
 dependencies[] = variable
 
-; Information added by drupal.org packaging script on 2011-11-09
-version = "7.x-1.3"
+; Information added by Drupal.org packaging script on 2015-05-01
+version = "7.x-1.5"
 core = "7.x"
 project = "logintoboggan"
-datestamp = "1320873335"
+datestamp = "1430501885"
 
diff --git a/sites/all/modules/contrib/logintoboggan/logintoboggan.info b/sites/all/modules/contrib/logintoboggan/logintoboggan.info
@@ -7,9 +7,9 @@ configure = admin/config/system/logintoboggan
 stylesheets[all][] = logintoboggan.css
 
 
-; Information added by drupal.org packaging script on 2011-11-09
-version = "7.x-1.3"
+; Information added by Drupal.org packaging script on 2015-05-01
+version = "7.x-1.5"
 core = "7.x"
 project = "logintoboggan"
-datestamp = "1320873335"
+datestamp = "1430501885"
 
diff --git a/sites/all/modules/contrib/logintoboggan/logintoboggan.install b/sites/all/modules/contrib/logintoboggan/logintoboggan.install
@@ -34,7 +34,7 @@ function logintoboggan_update_7000(&$sandbox) {
     ),
   );
 
-  update_fix_d7_block_deltas($sandbox, $renamed_deltas);
+  update_fix_d7_block_deltas($sandbox, $renamed_deltas, array());
 }
 
 /**

diff --git a/sites/all/modules/contrib/logintoboggan/logintoboggan.module b/sites/all/modules/contrib/logintoboggan/logintoboggan.module
@@ -447,9 +447,8 @@ function logintoboggan_user_register_submit($form, &$form_state) {
   $pre_auth = logintoboggan_validating_id() != DRUPAL_AUTHENTICATED_RID;
 
   // If we are allowing user selected passwords then skip the auto-generate function
-  // The new user's status should default to the site settings, unless reg_passwd_set == 1
-  // (immediate login, we are going to assign a pre-auth role), and we want to allow
-  // admin approval accounts access to the site.
+  // The new user's status will be 1 (visitors can create own accounts) if reg_pass_set == 1
+  // Immediate login, we are going to assign a pre-auth role, until email validation completed
   if ($reg_pass_set) {
     $pass = $form_state['values']['pass'];
     $status = 1;
@@ -505,7 +504,7 @@ function logintoboggan_user_register_submit($form, &$form_state) {
   //   3. Visitors can create their own accounts.
   $message = t('Further instructions have been sent to your e-mail address.');
   if($reg_pass_set && $pre_auth && variable_get('user_register', USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL) == USER_REGISTER_VISITORS) {
-    $message = t('A validation e-mail has been sent to your e-mail address. In order to gain full access to the site, you will need to follow the instructions in that message.');
+    $message = t('A validation e-mail has been sent to your e-mail address. You will need to follow the instructions in that message in order to gain full access to the site.');
   }
 
   if (variable_get('user_register', USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL) == USER_REGISTER_VISITORS) {
@@ -560,9 +559,15 @@ function logintoboggan_user_login_validate($form, &$form_state) {
  * @ingroup logintoboggan_form
  */
 function logintoboggan_user_register_validate($form, &$form_state) {
+  //Check to see whether our username matches any email address currently in the system.
+  if($mail = db_query("SELECT mail FROM {users} WHERE LOWER(:name) = LOWER(mail)", array(
+  ':name' => $form_state['values']['name'],
+  ))->fetchField()) {
+    form_set_error('name', t('This e-mail has already been taken by another user.'));
+  }
   //Check to see whether our e-mail address matches the confirm address if enabled.
   if (variable_get('logintoboggan_confirm_email_at_registration', 0) && isset($form_state['values']['conf_mail'])) {
-    if ($form_state['values']['mail'] != $form_state['values']['conf_mail']) {
+    if (trim($form_state['values']['mail']) != trim($form_state['values']['conf_mail'])) {
       form_set_error('conf_mail', t('Your e-mail address and confirmed e-mail address must match.'));
     }
   }
@@ -619,11 +624,11 @@ function logintoboggan_user_edit_validate($form, &$form_state) {
  *
  * @ingroup logintoboggan_core
  *
- * This is the best current place to dynamically remove the authenticated role
- * from the user object on initial page load.  hook_init() is too late, as menu
- * access checks have already been performed.
+ * This is currently the best place to dynamically remove the authenticated role
+ * from the user object, hook_boot() allows us to act on the user object before
+ * any access checks are performed.
  */
-function logintoboggan_menu_get_item_alter() {
+function logintoboggan_boot() {
   global $user;
 
   // Make sure any user with pre-auth role doesn't have authenticated user role
@@ -744,14 +749,18 @@ function logintoboggan_revalidate_access($account) {
  *   Which form to display, should be 'login' or 'register'.
  */
 function logintoboggan_unified_login_page($active_form = 'login') {
+  // Sanitise the $active_form text as it comes direct from the url.
+  // It should only ever be 'login' or 'register', so default to 'login'.
+  if ($active_form != 'login' && $active_form != 'register') {
+    $active_form = 'login';
+  }
+
   global $user;
   if ($user->uid) {
     menu_set_active_item('user/' . $user->uid);
     return menu_execute_active_handler(NULL, FALSE);
   }
   else {
-    // Title just clutters the interface...
-    drupal_set_title('');
     $output = logintoboggan_get_authentication_form($active_form);
     return $output;
   }
@@ -1045,11 +1054,11 @@ function logintoboggan_process_login($account, &$edit, $redirect = array()){
 
 function logintoboggan_eml_validate_url($account, $url_options){
   $timestamp = REQUEST_TIME;
-  return url("user/validate/$account->uid/$timestamp/". logintoboggan_eml_rehash($account->pass, $timestamp, $account->mail), $url_options);
+  return url("user/validate/$account->uid/$timestamp/". logintoboggan_eml_rehash($account->pass, $timestamp, $account->mail, $account->uid), $url_options);
 }
 
-function logintoboggan_eml_rehash($password, $timestamp, $mail) {
-  return user_pass_rehash($password, $timestamp, $mail);
+function logintoboggan_eml_rehash($password, $timestamp, $mail, $uid) {
+  return user_pass_rehash($password, $timestamp, $mail, $uid);
 }
 
 /**

diff --git a/sites/all/modules/contrib/logintoboggan/logintoboggan.unifiedlogin.js b/sites/all/modules/contrib/logintoboggan/logintoboggan.unifiedlogin.js
@@ -10,13 +10,29 @@ Drupal.behaviors.unifiedLogin = {
       $('.toboggan-unified #login-link').removeClass('lt-active');
       $('.toboggan-unified #register-form').show();
       $('.toboggan-unified #login-form').hide();
+      $.ajax({
+        url: "/user/register",
+        success: function(data) {
+          var title = data.match("<title>(.*?)</title>")[1];
+          $('html head').find('title').text(title);
+          $('h1.title').text(title.substring(0,title.indexOf('|')));
+        },
+      });
       return false;
     });
     $('.toboggan-unified #login-link').click(function() {
       $(this).addClass('lt-active').blur();
       $('.toboggan-unified #register-link').removeClass('lt-active');
       $('.toboggan-unified #login-form').show();
       $('.toboggan-unified #register-form').hide();
+      $.ajax({
+        url: "/user/login",
+        success: function(data) {
+          var title = data.match("<title>(.*?)</title>")[1];
+          $('html head').find('title').text(title);
+          $('h1.title').text(title.substring(0,title.indexOf('|')));
+        },
+      });
       return false;
     });
 
@@ -32,5 +48,4 @@ Drupal.behaviors.unifiedLogin = {
   }
 };
 
-})(jQuery);
-
+})(jQuery);
diff --git a/sites/all/modules/contrib/logintoboggan/logintoboggan.validation.inc b/sites/all/modules/contrib/logintoboggan/logintoboggan.validation.inc
@@ -22,7 +22,7 @@ function logintoboggan_validate_email($account, $timestamp, $hashed_pass, $actio
   // - the user is still in the pre-auth role or didn't set
   //   their own password.
   // - the hashed password is correct.
-  if (((variable_get('user_email_verification', TRUE) && empty($account->login)) || ($pre_auth && array_key_exists($validating_id, $account->roles))) && $hashed_pass == logintoboggan_eml_rehash($account->pass, $timestamp, $account->mail)) {
+  if (((variable_get('user_email_verification', TRUE) && empty($account->login)) || ($pre_auth && array_key_exists($validating_id, $account->roles))) && $hashed_pass == logintoboggan_eml_rehash($account->pass, $timestamp, $account->mail, $account->uid)) {
     watchdog('user', 'E-mail validation URL used for %name with timestamp @timestamp.', array('%name' => $account->name, '@timestamp' => $timestamp));
 
     _logintoboggan_process_validation($account);
-Original file line number
+Diff line change
@@ Expand Up / @@ -34,7 +34,7 @@ function logintoboggan_update_7000(&$sandbox) { @@
         ),
       );
-      update_fix_d7_block_deltas($sandbox, $renamed_deltas);
+      update_fix_d7_block_deltas($sandbox, $renamed_deltas, array());
     }
     /**
@@ Expand Down @@