From 13b1f00590296244cecbb2271e82d38e5013dbfc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vojt=C4=9Bch=20Sajdl?= Date: Wed, 29 Nov 2017 15:32:40 +0100 Subject: [PATCH] Fix lost password change --- classes/token.php | 5 ++--- classes/user.php | 25 +++---------------------- 2 files changed, 5 insertions(+), 25 deletions(-) diff --git a/classes/token.php b/classes/token.php index e4527f3..fdf6b82 100644 --- a/classes/token.php +++ b/classes/token.php @@ -16,15 +16,14 @@ class Token return $token; } - public static function validate_token($token, $user, $data) + public static function validate_token($token, $id, $data) { global $mysqli; $time = time(); - $stmt = $mysqli->prepare("SELECT count(*) as count, data FROM tokens WHERE token = ? AND user = ? AND expire>=? AND data LIKE ?"); + $stmt = $mysqli->prepare("SELECT count(*) as count FROM tokens WHERE token = ? AND user = ? AND expire>=? AND data LIKE ?"); $stmt->bind_param("siis", $token, $id, $time, $data); $stmt->execute(); $query = $stmt->get_result(); - return $query->fetch_assoc()['count']; } diff --git a/classes/user.php b/classes/user.php index 52efe26..f4104a6 100644 --- a/classes/user.php +++ b/classes/user.php @@ -356,7 +356,6 @@ class User $stmt->bind_param("i", $id); $stmt->execute(); $query = $stmt->get_result(); - $result = $query->fetch_assoc(); $salt = $result['salt']; $pass = $_POST['password']; @@ -389,10 +388,8 @@ class User $id = $query->fetch_assoc()['id']; $time = strtotime('+1 day', time()); - $salt = uniqid(mt_rand(), true); - $token = hash('sha256', $id.$salt); - Token::new($id, 'passwd', $time); + $token = Token::new($id, 'passwd', $time); $link = WEB_URL."/admin/?do=lost-password&id=$id&token=$token"; $to = $email; @@ -409,27 +406,11 @@ class User public function email_link(){ global $mysqli; - $email = trim($_POST['email']); + $email = $_POST['email']; $time = strtotime('+1 day', time()); - $salt = uniqid(mt_rand(), true); $id = $this->id; - $token = hash('sha256', $id.$salt); - - $stmt = $mysqli->prepare("SELECT count(*) as count FROM users WHERE email=?"); - $stmt->bind_param("s", $email); - $stmt->execute(); - $query = $stmt->get_result(); - $count = $query->fetch_assoc()['count']; - - if ($count) - { - $message = "This email is already used."; - return; - } - - - Token::new($id, 'email;$email', $time); + $token = Token::new($id, 'email;$email', $time); $link = WEB_URL."/admin/?do=change-email&id=$id&token=$token";