makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-08 20:38:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #66 from phpbb/ticket/security-273

Browse source 
[ticket/security-273] Reset reset token info when re-activating account
This commit is contained in:
Marc Alexander 2022-03-14 17:58:58 +01:00
commit cd057c126a
No known key found for this signature in database
GPG key ID: 50E0D2423696F995
1 changed files with 14 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
phpBB/includes/ucp/ucp_activate.php
View file

@ -80,6 +80,8 @@ class ucp_activate
'user_password' => $user_row['user_newpasswd'], 'user_password' => $user_row['user_newpasswd'],
'user_newpasswd' => '', 'user_newpasswd' => '',
'user_login_attempts' => 0, 'user_login_attempts' => 0,
'reset_token' => '',
'reset_token_expiration' => 0,
); );
$sql = 'UPDATE ' . USERS_TABLE . ' $sql = 'UPDATE ' . USERS_TABLE . '
@ -101,8 +103,14 @@ class ucp_activate
user_active_flip('activate', $user_row['user_id']); user_active_flip('activate', $user_row['user_id']);
$sql = 'UPDATE ' . USERS_TABLE . " $sql_ary = [
SET user_actkey = '' 'user_actkey' => '',
'reset_token' => '',
'reset_token_expiration' => 0,
];
$sql = 'UPDATE ' . USERS_TABLE . '
SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
WHERE user_id = {$user_row['user_id']}"; WHERE user_id = {$user_row['user_id']}";
$db->sql_query($sql); $db->sql_query($sql);