From 1f22d78bf1b217ab28c51d6c61a99686d72f1669 Mon Sep 17 00:00:00 2001
From: robocoder <anthon.pang@gmail.com>
Date: Sun, 3 Jul 2011 17:12:39 +0000
Subject: refs #308 - salt the password reset token; minor compat buster
 (tokens issued in the past 24 hrs are invalidated)

git-svn-id: http://dev.piwik.org/svn/trunk@4991 59fd770c-687e-43c8-a1e3-f5a4ff64c105
---
 plugins/Login/Controller.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'plugins/Login')

diff --git a/plugins/Login/Controller.php b/plugins/Login/Controller.php
index 6b6919a784..5faff40844 100644
--- a/plugins/Login/Controller.php
+++ b/plugins/Login/Controller.php
@@ -193,6 +193,11 @@ class Piwik_Login_Controller extends Piwik_Controller
 	 */
 	protected function lostPasswordFormValidated($loginMail)
 	{
+		if( $user === 'anonymous' )
+		{
+			return Piwik_Translate('Login_InvalidUsernameEmail');
+		}
+
 		$user = self::getUserInformation($loginMail);
 		if( $user === null )
 		{
@@ -374,7 +379,7 @@ class Piwik_Login_Controller extends Piwik_Controller
 		}
 
 		$expiry = strftime('%Y%m%d%H', $timestamp); 
-		$token = md5($expiry . $user['login'] . $user['email'] . $user['password']);
+		$token = md5(Piwik_Common::getSalt() . md5($expiry . $user['login'] . $user['email'] . $user['password']));
 		return $token;
 	}
 
-- 
cgit v1.2.3