From 87a30ff064c14ecdac1dd7a67c237a7299312bd5 Mon Sep 17 00:00:00 2001
From: plegall <plg@piwigo.org>
Date: Mon, 28 Jul 2014 19:27:50 +0000
Subject: bug 3050: increase security on reset password algorithm.

* reset key has a 1-hour life
* reset key is automatically deleted once used
* reset key is stored as a hash

Thank you effigies for code suggestions


git-svn-id: http://piwigo.org/svn/trunk@29111 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 include/functions_user.inc.php | 24 ------------------------
 1 file changed, 24 deletions(-)

(limited to 'include/functions_user.inc.php')

diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php
index f91f3f8fe..126a22838 100644
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@@ -1466,28 +1466,4 @@ function get_recent_photos_sql($db_field)
     .pwg_db_get_recent_period_expression($user['recent_period'])
     .','.pwg_db_get_recent_period_expression(1,$user['last_photo_date']).')';
 }
-
-/**
- * Returns a unique activation key.
- *
- * @return string
- */
-function get_user_activation_key()
-{
-  while (true)
-  {
-    $key = generate_key(20);
-    $query = '
-SELECT COUNT(*)
-  FROM '.USER_INFOS_TABLE.'
-  WHERE activation_key = \''.$key.'\'
-;';
-    list($count) = pwg_db_fetch_row(pwg_query($query));
-    if (0 == $count)
-    {
-      return $key;
-    }
-  }
-}
-
 ?>
\ No newline at end of file
-- 
cgit v1.2.3