mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-01-18 06:38:43 +01:00
Code Issues Releases Wiki Activity

Merge pull request #66 from phpbb/ticket/security-273

Browse Source 
[ticket/security-273] Reset reset token info when re-activating account
This commit is contained in:
Marc Alexander 2022-03-14 17:58:58 +01:00
commit cd057c126a
No known key found for this signature in database
GPG Key ID: 50E0D2423696F995
1 changed files with 14 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
phpBB/includes/ucp/ucp_activate.php
View File

@ -76,10 +76,12 @@ class ucp_activate
if ($update_password) if ($update_password)
{ {
$sql_ary = array( $sql_ary = array(
'user_actkey' => '', 'user_actkey' => '',
'user_password' => $user_row['user_newpasswd'], 'user_password' => $user_row['user_newpasswd'],
'user_newpasswd' => '', 'user_newpasswd' => '',
'user_login_attempts' => 0, 'user_login_attempts' => 0,
'reset_token' => '',
'reset_token_expiration' => 0,
); );
$sql = 'UPDATE ' . USERS_TABLE . ' $sql = 'UPDATE ' . USERS_TABLE . '
@ -101,8 +103,14 @@ class ucp_activate
user_active_flip('activate', $user_row['user_id']); user_active_flip('activate', $user_row['user_id']);
$sql = 'UPDATE ' . USERS_TABLE . " $sql_ary = [
SET user_actkey = '' 'user_actkey' => '',
'reset_token' => '',
'reset_token_expiration' => 0,
];
$sql = 'UPDATE ' . USERS_TABLE . '
SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
WHERE user_id = {$user_row['user_id']}"; WHERE user_id = {$user_row['user_id']}";
$db->sql_query($sql); $db->sql_query($sql);