maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

Fixed some bugs, made activationcode more secure, added update script, merged missing commit

Browse Source
This commit is contained in:
BNoiZe
2013-12-01 10:34:31 +01:00
parent 2a36a0c22f
commit e5e0ae7527
8 changed files with 42 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
index.php
View File

@@ -297,8 +297,8 @@ if ($action == 'forgotpwd') {
if ($user !== false) {
// build a activation code
$timestamp = time();
$first = substr(md5($user['loginname'] . $timestamp), 0, 15);
$third = substr(md5($user['email'] . $timestamp), -15);
$first = substr(md5($user['loginname'] . $timestamp . rand(0, $timestamp)), 0, 15);
$third = substr(md5($user['email'] . $timestamp . rand(0, $timestamp)), -15);
$activationcode = $first . $timestamp . $third . substr(md5($third . $timestamp), 0, 10);
// Drop all existing activation codes for this user
@@ -419,6 +419,12 @@ if ($action == 'forgotpwd') {
if ($action == 'resetpwd') {
$message = '';
// Remove old activation codes
$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_ACTIVATION . "`
WHERE creation < :oldest"
);
Database::pexecute($stmt, array("oldest" => time() - 86400));
if (isset($_GET['resetcode']) && strlen($_GET['resetcode']) == 50) {
// Check if activation code is valid
$activationcode = $_GET['resetcode'];