Fixed email changing mechanics

author: Carson Fleming <cflems@cflems.net> 2017-03-07 17:23:52 -0500
committer: Carson Fleming <cflems@cflems.net> 2017-03-07 17:23:52 -0500
commit: 4132092529e478435c2c358203b291cd7b4c579c (patch)
tree: f49484c75de51dd69fce3f4ec6b437b11a2c9af0
parent: b76e2ff898b23745d4c9aaee49eeb7d88f2896ab (diff)
download: bulletin-4132092529e478435c2c358203b291cd7b4c579c.tar.gz
1 files changed, 3 insertions, 2 deletions
diff --git a/dash/profile.php b/dash/profile.php
index de9d562..e0db54d 100644
--- a/dash/profile.php
+++ b/dash/profile.php
@@ -68,9 +68,10 @@ $phonelink = '+'.preg_replace('/[^0-9]/', '', $user['phone']);
   $deactivate = '';
   $usepropic = '';
   if ($_POST['email'] != $b_user['email']) {
-    $deactivate = ', active = 0';
+    $session = uniqid('ch', true);
+    $deactivate = ', session = \''.bulletin_hash($session).'\', active = 0';
     bulletin_mail($_POST['email'], 'Verify Your Bulletin Email', tpl(array(
-      'activation_vars' => 'uid='.$b_user['id'].'&key='.$b_user['session'],
+      'activation_vars' => 'uid='.$b_user['id'].'&key='.$session,
     ), 'changed.tpl')) or dash_fatal('We couldn\'t send mail to your new email address, so your profile has not been updated.');
   }
   if (!empty($_FILES['picture']['tmp_name'])) {
author	Carson Fleming <cflems@cflems.net>	2017-03-07 17:23:52 -0500
committer	Carson Fleming <cflems@cflems.net>	2017-03-07 17:23:52 -0500
commit	4132092529e478435c2c358203b291cd7b4c579c (patch)
tree	f49484c75de51dd69fce3f4ec6b437b11a2c9af0
parent	b76e2ff898b23745d4c9aaee49eeb7d88f2896ab (diff)
download	bulletin-4132092529e478435c2c358203b291cd7b4c579c.tar.gz