Андрей (andy) wrote in changelog,
Андрей
andy
changelog

[livejournal] r18383: LJSUP-8016 (Sysban lostpassword should b...

Committer: ailyin
LJSUP-8016 (Sysban lostpassword should block all attempts to change password)
U   trunk/htdocs/changepassword.bml
Modified: trunk/htdocs/changepassword.bml
===================================================================
--- trunk/htdocs/changepassword.bml	2011-02-22 10:43:05 UTC (rev 18382)
+++ trunk/htdocs/changepassword.bml	2011-02-22 11:06:01 UTC (rev 18383)
@@ -33,11 +33,15 @@
      return BML::redirect("$LJ::SITEROOT/lostinfo.bml")
          unless $aa->{action} eq 'reset_password';
 
-     return BML::redirect("$LJ::SITEROOT/") if $LJ::PASSWORD_PROTECTED_ACCOUNTS{ $aa->{userid} };
-
      # confirmed the identity...
      $authu = LJ::load_userid($aa->{userid});
 
+     if ( LJ::sysban_check( 'lostpassword', $authu->username )
+       || LJ::sysban_check( 'lostpassword_email', $authu->email_raw ) )
+     {
+         return LJ::bad_input('This user is banned from resetting passwords.');
+     }
+
      # verify the email can still receive passwords
      return LJ::bad_input(BML::ml('.error.emailchanged', { 'aopts' => "href='$LJ::SITEROOT/lostinfo.bml'"}))
          unless $authu->can_receive_password($aa->{arg1});

Tags: andy, bml, livejournal
Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 0 comments