From 4f4e3669481c12d201d49daea0ea701f7da1d89d Mon Sep 17 00:00:00 2001
From: MatMasIt <mattia.mascarello@outlook.it>
Date: Sat, 21 Aug 2021 17:03:27 +0200
Subject: [PATCH] Security patch, kick out potential intruder

---
 resend.php | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/resend.php b/resend.php
index 1823b1c..c3e4b9a 100644
--- a/resend.php
+++ b/resend.php
@@ -21,11 +21,12 @@ if(!$u["verified"] && $u){
     <?php
 }
 elseif($_POST["action"]=="chpass"){
-	$q = $p->prepare("UPDATE Users SET passwordHash=:ph, emailToken=:ett WHERE emailToken=:et ");
+	$q = $p->prepare("UPDATE Users SET passwordHash=:ph, emailToken=:ett, token=:sessionToken WHERE emailToken=:et ");
     $q->execute([
         ":ph" => password_hash($_POST["password"],PASSWORD_DEFAULT),
         ":et" => $_POST["tk"],
-        ":ett" => bin2hex(random_bytes(16))
+        ":ett" => bin2hex(random_bytes(16)),
+        ":sessionToken" => bin2hex(random_bytes(16))
     ]);
     http_response_code(302);
     header("Location: .");
@@ -73,4 +74,4 @@ else{
       <a href=".">OK</a>
     </html>
    <?php
-}
\ No newline at end of file
+}