diff options
author | plegall <plg@piwigo.org> | 2014-07-28 19:27:50 +0000 |
---|---|---|
committer | plegall <plg@piwigo.org> | 2014-07-28 19:27:50 +0000 |
commit | 87a30ff064c14ecdac1dd7a67c237a7299312bd5 (patch) | |
tree | 60422017450a23f8c10d9a77977be7da5ce2205f /include | |
parent | dc69d64bb0dbe44715f8d39202419354b251e2a9 (diff) |
bug 3050: increase security on reset password algorithm.
* reset key has a 1-hour life
* reset key is automatically deleted once used
* reset key is stored as a hash
Thank you effigies for code suggestions
git-svn-id: http://piwigo.org/svn/trunk@29111 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r-- | include/functions_user.inc.php | 24 |
1 files changed, 0 insertions, 24 deletions
diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php index f91f3f8fe..126a22838 100644 --- a/include/functions_user.inc.php +++ b/include/functions_user.inc.php @@ -1466,28 +1466,4 @@ function get_recent_photos_sql($db_field) .pwg_db_get_recent_period_expression($user['recent_period']) .','.pwg_db_get_recent_period_expression(1,$user['last_photo_date']).')'; } - -/** - * Returns a unique activation key. - * - * @return string - */ -function get_user_activation_key() -{ - while (true) - { - $key = generate_key(20); - $query = ' -SELECT COUNT(*) - FROM '.USER_INFOS_TABLE.' - WHERE activation_key = \''.$key.'\' -;'; - list($count) = pwg_db_fetch_row(pwg_query($query)); - if (0 == $count) - { - return $key; - } - } -} - ?>
\ No newline at end of file |