From dea0337ea8af35cc442dc7abf0860d54feb0f016 Mon Sep 17 00:00:00 2001
From: Jared Hancock <jared@osticket.com>
Date: Fri, 17 Jul 2015 09:15:21 -0500
Subject: [PATCH] client: Fix login from confirmation email

Also fix clobber of password reset user ID's in config table, and fix
cleanup of client password reset tokens from config table.
---
 include/class.auth.php   |  6 +++---
 include/class.client.php |  4 ++--
 include/class.user.php   | 14 +++++---------
 pwreset.php              |  7 +++++--
 4 files changed, 15 insertions(+), 16 deletions(-)

diff --git a/include/class.auth.php b/include/class.auth.php
index 0f13622e3..eb7b74092 100644
--- a/include/class.auth.php
+++ b/include/class.auth.php
@@ -1223,7 +1223,7 @@ class ClientPasswordResetTokenBackend extends UserAuthenticationBackend {
                 || !($client = new ClientSession(new EndUser($acct->getUser()))))
             $errors['msg'] = __('Invalid user-id given');
         elseif (!($id = $_config->get($_POST['token']))
-                || $id != $client->getId())
+                || $id != 'c'.$client->getId())
             $errors['msg'] = __('Invalid reset token');
         elseif (!($ts = $_config->lastModified($_POST['token']))
                 && ($ost->getConfig()->getPwResetWindow() < (time() - strtotime($ts))))
@@ -1258,9 +1258,9 @@ class ClientAcctConfirmationTokenBackend extends UserAuthenticationBackend {
             return false;
         elseif (!($id = $_config->get($_GET['token'])))
             return false;
-        elseif (!($acct = ClientAccount::lookup(array('user_id'=>$id)))
+        elseif (!($acct = ClientAccount::lookup(array('user_id'=>substr($id,1))))
                 || !$acct->getId()
-                || $id != $acct->getUserId()
+                || $id != 'c'.$acct->getUserId()
                 || !($client = new ClientSession(new EndUser($acct->getUser()))))
             return false;
         else
diff --git a/include/class.client.php b/include/class.client.php
index 92b58b1ef..746b5e63d 100644
--- a/include/class.client.php
+++ b/include/class.client.php
@@ -343,7 +343,7 @@ class ClientAccount extends UserAccount {
         // TODO: Drop password-reset tokens from the config table for
         //       this user id
         $sql = 'DELETE FROM '.CONFIG_TABLE.' WHERE `namespace`="pwreset"
-            AND `key`='.db_input($this->getUserId());
+            AND `value`='.db_input('c'.$this->getUserId());
         if (!db_query($sql, false))
             return false;
 
@@ -371,7 +371,7 @@ class ClientAccount extends UserAccount {
 
             if ($rtoken) {
                 $_config = new Config('pwreset');
-                if ($_config->get($rtoken) != $this->getUserId())
+                if ($_config->get($rtoken) != 'c'.$this->getUserId())
                     $errors['err'] =
                         __('Invalid reset token. Logout and try again');
                 elseif (!($ts = $_config->lastModified($rtoken))
diff --git a/include/class.user.php b/include/class.user.php
index 8eb17ba48..dc599225c 100644
--- a/include/class.user.php
+++ b/include/class.user.php
@@ -986,7 +986,7 @@ class UserEmail extends UserEmailModel {
 }
 
 
-class UserAccountModel extends VerySimpleModel {
+class UserAccount extends VerySimpleModel {
     static $meta = array(
         'table' => USER_ACCOUNT_TABLE,
         'pk' => array('id'),
@@ -998,11 +998,12 @@ class UserAccountModel extends VerySimpleModel {
         ),
     );
 
+    const LANG_MAILOUTS = 1;            // Language preference for mailouts
+
     var $_status;
     var $_extra;
 
-    function __construct() {
-        call_user_func_array(array('parent', '__construct'), func_get_args());
+    function __onload() {
         $this->_status = new UserAccountStatus($this->get('status'));
     }
 
@@ -1133,11 +1134,6 @@ class UserAccountModel extends VerySimpleModel {
         }
         return parent::save($refetch);
     }
-}
-
-class UserAccount extends UserAccountModel {
-
-    const LANG_MAILOUTS = 1;            // Language preference for mailouts
 
     function hasPassword() {
         return (bool) $this->get('passwd');
@@ -1189,7 +1185,7 @@ class UserAccount extends UserAccountModel {
         ), $vars);
 
         $_config = new Config('pwreset');
-        $_config->set($vars['token'], $this->getUser()->getId());
+        $_config->set($vars['token'], 'c'.$this->getUser()->getId());
 
         $email->send($this->getUser()->getEmail(),
             Format::striptags($msg['subj']), $msg['body']);
diff --git a/pwreset.php b/pwreset.php
index e37e4d264..10a7db2fc 100644
--- a/pwreset.php
+++ b/pwreset.php
@@ -46,11 +46,14 @@ elseif ($_GET['token']) {
     $inc = 'pwreset.login.php';
     $_config = new Config('pwreset');
     if (($id = $_config->get($_GET['token']))
-            && ($acct = ClientAccount::lookup(array('user_id'=>$id)))) {
+            && ($acct = ClientAccount::lookup(array('user_id'=>substr($id,1))))) {
         if (!$acct->isConfirmed()) {
             $inc = 'register.confirmed.inc.php';
             $acct->confirm();
-            // TODO: Log the user in
+            // FIXME: The account has to be uncached in order for the lookup
+            // in the ::processSignOn to detect the confirmation
+            ModelInstanceManager::uncache($acct);
+            // Log the user in
             if ($client = UserAuthenticationBackend::processSignOn($errors)) {
                 if ($acct->hasPassword() && !$acct->get('backend')) {
                     $acct->cancelResetTokens();
-- 
GitLab