mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-14 04:34:07 +02:00
Code Issues Releases Wiki Activity

[ticket/security/276] Centralise call for token expiration

Browse Source 
SECURITY-276
This commit is contained in:
Marc Alexander
2024-05-09 11:51:59 +02:00
parent 7c661746cf
commit 1c1c981b17
8 changed files with 20 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
phpBB/includes/acp/acp_inactive.php
View File

@@ -242,7 +242,7 @@ class acp_inactive
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_reminded = user_reminded + 1,
user_reminded_time = ' . time() . ',
user_actkey_expiration = ' . (int) strtotime('+1 day') . '
user_actkey_expiration = ' . (int) $user::get_token_expiration() . '
WHERE ' . $db->sql_in_set('user_id', $user_ids);
$db->sql_query($sql);

4
phpBB/includes/acp/acp_users.php
View File

@@ -388,12 +388,12 @@ class acp_users
// Always update actkey even if same and also update actkey expiration to 24 hours from now
$sql_ary = [
'user_actkey' => $user_actkey,
'user_actkey_expiration' => strtotime('+1 day'),
'user_actkey_expiration' => $user::get_token_expiration(),
];
$sql = 'UPDATE ' . USERS_TABLE . '
SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
WHERE user_id = ' . $user_id;
WHERE user_id = ' . (int) $user_id;
$db->sql_query($sql);
// Start sending email