mirror of
				https://github.com/delight-im/PHP-Auth.git
				synced 2025-10-22 19:36:32 +02:00 
			
		
		
		
	Invalidate outstanding password reset tokens on email address change
This commit is contained in:
		
							
								
								
									
										12
									
								
								src/Auth.php
									
									
									
									
									
								
							
							
						
						
									
										12
									
								
								src/Auth.php
									
									
									
									
									
								
							| @@ -550,6 +550,18 @@ final class Auth extends UserManager { | ||||
| 		if (!empty($confirmationData)) { | ||||
| 			if (password_verify($token, $confirmationData['token'])) { | ||||
| 				if ($confirmationData['expires'] >= time()) { | ||||
| 					// invalidate any potential outstanding password reset requests | ||||
| 					try { | ||||
| 						$this->db->delete( | ||||
| 							$this->dbTablePrefix . 'users_resets', | ||||
| 							[ 'user' => $confirmationData['user_id'] ] | ||||
| 						); | ||||
| 					} | ||||
| 					catch (Error $e) { | ||||
| 						throw new DatabaseError(); | ||||
| 					} | ||||
|  | ||||
| 					// mark the email address as verified (and possibly update it to the new address given) | ||||
| 					try { | ||||
| 						$this->db->update( | ||||
| 							$this->dbTablePrefix . 'users', | ||||
|   | ||||
		Reference in New Issue
	
	Block a user