diff options
author | robocoder <anthon.pang@gmail.com> | 2011-07-03 21:12:39 +0400 |
---|---|---|
committer | robocoder <anthon.pang@gmail.com> | 2011-07-03 21:12:39 +0400 |
commit | 1f22d78bf1b217ab28c51d6c61a99686d72f1669 (patch) | |
tree | 2b5510d38601c931a8cfb16899d671dd793dc0c8 /plugins/Login | |
parent | 331d048cfbc0f35dade0efa9f700d1a3f1276767 (diff) |
refs #308 - salt the password reset token; minor compat buster (tokens issued in the past 24 hrs are invalidated)
git-svn-id: http://dev.piwik.org/svn/trunk@4991 59fd770c-687e-43c8-a1e3-f5a4ff64c105
Diffstat (limited to 'plugins/Login')
-rw-r--r-- | plugins/Login/Controller.php | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/plugins/Login/Controller.php b/plugins/Login/Controller.php index 6b6919a784..5faff40844 100644 --- a/plugins/Login/Controller.php +++ b/plugins/Login/Controller.php @@ -193,6 +193,11 @@ class Piwik_Login_Controller extends Piwik_Controller */ protected function lostPasswordFormValidated($loginMail) { + if( $user === 'anonymous' ) + { + return Piwik_Translate('Login_InvalidUsernameEmail'); + } + $user = self::getUserInformation($loginMail); if( $user === null ) { @@ -374,7 +379,7 @@ class Piwik_Login_Controller extends Piwik_Controller } $expiry = strftime('%Y%m%d%H', $timestamp); - $token = md5($expiry . $user['login'] . $user['email'] . $user['password']); + $token = md5(Piwik_Common::getSalt() . md5($expiry . $user['login'] . $user['email'] . $user['password'])); return $token; } |