mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-31 14:00:31 +02:00
Code Issues Releases Wiki Activity

[ticket/security/276] Prevent sending activation emails multiple times per day

Browse Source 
SECURITY-276
This commit is contained in:
Marc Alexander
2024-04-28 13:46:25 +02:00
parent a63a1913fa
commit f853f6523f
8 changed files with 103 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
phpBB/includes/acp/acp_users.php
View File

@@ -385,14 +385,18 @@ class acp_users
$user_actkey = empty($user_activation_key) ? $user_actkey : $user_activation_key;
}
if ($user_row['user_type'] == USER_NORMAL || empty($user_activation_key))
{
$sql = 'UPDATE ' . USERS_TABLE . "
SET user_actkey = '" . $db->sql_escape($user_actkey) . "'
WHERE user_id = $user_id";
$db->sql_query($sql);
}
// Always update actkey even if same and also update actkey expiration to 24 hours from now
$sql_ary = [
'user_actkey' => $user_actkey,
'user_actkey_expiration' => strtotime('+1 day'),
];
$sql = 'UPDATE ' . USERS_TABLE . '
SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
WHERE user_id = ' . $user_id;
$db->sql_query($sql);
// Start sending email
$messenger = new messenger(false);
$messenger->template($email_template, $user_row['user_lang']);