mirror/php-auth
1
0
Fork 0
mirror of https://github.com/delight-im/PHP-Auth.git synced 2025-08-04 23:27:28 +02:00
Code Issues Releases Wiki Activity

Invalidate outstanding password reset tokens on email address change

Browse Source
This commit is contained in:
Marco
2017-09-27 21:58:28 +02:00
parent 2ca835ac75
commit 61041cc6fd
1 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/Auth.php
View File

@@ -550,6 +550,18 @@ final class Auth extends UserManager {
if (!empty($confirmationData)) { if (!empty($confirmationData)) {
if (password_verify($token, $confirmationData['token'])) { if (password_verify($token, $confirmationData['token'])) {
if ($confirmationData['expires'] >= time()) { if ($confirmationData['expires'] >= time()) {
// invalidate any potential outstanding password reset requests
try {
$this->db->delete(
$this->dbTablePrefix . 'users_resets',
[ 'user' => $confirmationData['user_id'] ]
);
}
catch (Error $e) {
throw new DatabaseError();
}
// mark the email address as verified (and possibly update it to the new address given)
try { try {
$this->db->update( $this->db->update(
$this->dbTablePrefix . 'users', $this->dbTablePrefix . 'users',