diff options
| author | Carson Fleming <cflems@cflems.net> | 2017-02-28 17:37:57 -0500 |
|---|---|---|
| committer | Carson Fleming <cflems@cflems.net> | 2017-02-28 17:37:57 -0500 |
| commit | a8f3669b4ea82f48edbca69742364adf2794e07f (patch) | |
| tree | b2668a0a31623a578a16622a5da6b0c924b3c071 /forgot.php | |
| parent | 3bfe03a6f6136947eb8b9c714306d080ce889af7 (diff) | |
| download | bulletin-a8f3669b4ea82f48edbca69742364adf2794e07f.tar.gz | |
Modularized email and hashing
Diffstat (limited to 'forgot.php')
| -rw-r--r-- | forgot.php | 8 |
1 files changed, 4 insertions, 4 deletions
@@ -4,7 +4,7 @@ require('inc/common.php'); if ($b_user['id'] > 0) loggedin(); if (!empty($_GET['key']) && !empty($_GET['id'])) { $db = new bdb() or fatal('No database connection!'); - $result = $db->query('SELECT id FROM users WHERE id = '.intval($_GET['id']).' AND session = \''.hash('sha512', $_GET['key']).'\' AND active = 1 LIMIT 1') or fatal($db->error); + $result = $db->query('SELECT id FROM users WHERE id = '.intval($_GET['id']).' AND session = \''.bulletin_hash($_GET['key']).'\' AND active = 1 LIMIT 1') or fatal($db->error); if ($result->num_rows < 1) { $result->free(); $db->close(); @@ -19,14 +19,14 @@ if (!empty($_GET['key']) && !empty($_GET['id'])) { $token = uniqid('fp', true); $result = $db->query('SELECT id FROM users WHERE email = \''.$db->escape_string($_POST['email']).'\'') or fatal($db->error); if ($result->num_rows > 0) { - $db->query('UPDATE users SET session = \''.hash('sha512', $token).'\' WHERE email = \''.$db->escape_string($_POST['email']).'\'') or fatal($db->error); + $db->query('UPDATE users SET session = \''.bulletin_hash($token).'\' WHERE email = \''.$db->escape_string($_POST['email']).'\'') or fatal($db->error); if ($db->affected_rows < 1) fatal('Could not affect the database'); $row = $result->fetch_assoc(); $result->free(); $db->close(); - mail($_POST['email'], 'Recover Your Bulletin Account', tpl(array( + bulletin_mail($_POST['email'], 'Recover Your Bulletin Account', tpl(array( 'vars' => 'id='.$row['id'].'&key='.$token, -), 'forgot.tpl'), "From: ".$b_config['mail_from']."\r\nContent-type: text/html") or fatal('Could not send out the recovery email, we apologize for the inconvenience.'); +), 'forgot.tpl')) or fatal('Could not send out the recovery email, we apologize for the inconvenience.'); fatal('A recovery email has been sent to the address you supplied. You can use this email to access your account, and from there change your password.'); } else { $result->free(); |