adam/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2026-06-02 04:15:05 +02:00
Code Issues Packages Projects Releases Wiki Activity

bug 3050: increase security on reset password algorithm.

Browse Source 
* reset key has a 1-hour life
* reset key is automatically deleted once used
* reset key is stored as a hash

Thank you effigies for code suggestions


git-svn-id: http://piwigo.org/svn/trunk@29111 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
plegall
2014-07-28 19:27:50 +00:00
parent dc69d64bb0
commit 87a30ff064
3 changed files with 126 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files
include/functions_user.inc.php
-24
View File
@@ -1466,28 +1466,4 @@ function get_recent_photos_sql($db_field)
.pwg_db_get_recent_period_expression($user['recent_period'])
.','.pwg_db_get_recent_period_expression(1,$user['last_photo_date']).')';
}
/**
* Returns a unique activation key.
*
* @return string
*/
function get_user_activation_key()
{
while (true)
{
$key = generate_key(20);
$query = '
SELECT COUNT(*)
FROM '.USER_INFOS_TABLE.'
WHERE activation_key = \''.$key.'\'
;';
list($count) = pwg_db_fetch_row(pwg_query($query));
if (0 == $count)
{
return $key;
}
}
}
?>