From 4132092529e478435c2c358203b291cd7b4c579c Mon Sep 17 00:00:00 2001
From: Carson Fleming <cflems@cflems.net>
Date: Tue, 7 Mar 2017 17:23:52 -0500
Subject: Fixed email changing mechanics

---
 dash/profile.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'dash/profile.php')

diff --git a/dash/profile.php b/dash/profile.php
index de9d562..e0db54d 100644
--- a/dash/profile.php
+++ b/dash/profile.php
@@ -68,9 +68,10 @@ $phonelink = '+'.preg_replace('/[^0-9]/', '', $user['phone']);
   $deactivate = '';
   $usepropic = '';
   if ($_POST['email'] != $b_user['email']) {
-    $deactivate = ', active = 0';
+    $session = uniqid('ch', true);
+    $deactivate = ', session = \''.bulletin_hash($session).'\', active = 0';
     bulletin_mail($_POST['email'], 'Verify Your Bulletin Email', tpl(array(
-      'activation_vars' => 'uid='.$b_user['id'].'&key='.$b_user['session'],
+      'activation_vars' => 'uid='.$b_user['id'].'&key='.$session,
     ), 'changed.tpl')) or dash_fatal('We couldn\'t send mail to your new email address, so your profile has not been updated.');
   }
   if (!empty($_FILES['picture']['tmp_name'])) {
-- 
cgit v1.2.3