Security patch, kick out potential intruder
This commit is contained in:
parent
a3a5f23825
commit
4f4e366948
|
@ -21,11 +21,12 @@ if(!$u["verified"] && $u){
|
||||||
<?php
|
<?php
|
||||||
}
|
}
|
||||||
elseif($_POST["action"]=="chpass"){
|
elseif($_POST["action"]=="chpass"){
|
||||||
$q = $p->prepare("UPDATE Users SET passwordHash=:ph, emailToken=:ett WHERE emailToken=:et ");
|
$q = $p->prepare("UPDATE Users SET passwordHash=:ph, emailToken=:ett, token=:sessionToken WHERE emailToken=:et ");
|
||||||
$q->execute([
|
$q->execute([
|
||||||
":ph" => password_hash($_POST["password"],PASSWORD_DEFAULT),
|
":ph" => password_hash($_POST["password"],PASSWORD_DEFAULT),
|
||||||
":et" => $_POST["tk"],
|
":et" => $_POST["tk"],
|
||||||
":ett" => bin2hex(random_bytes(16))
|
":ett" => bin2hex(random_bytes(16)),
|
||||||
|
":sessionToken" => bin2hex(random_bytes(16))
|
||||||
]);
|
]);
|
||||||
http_response_code(302);
|
http_response_code(302);
|
||||||
header("Location: .");
|
header("Location: .");
|
||||||
|
@ -73,4 +74,4 @@ else{
|
||||||
<a href=".">OK</a>
|
<a href=".">OK</a>
|
||||||
</html>
|
</html>
|
||||||
<?php
|
<?php
|
||||||
}
|
}
|
||||||
|
|
Reference in New Issue
Block a user