Commit 9cec5b68 authored by Mike Sheldon's avatar Mike Sheldon

Fix password recovery

parent 5c71a5a1
......@@ -66,7 +66,7 @@ if (isset($_GET['code'])) {
}
elseif (isset($_POST['user']) || isset($_POST['email'])) {
if (isset($_POST['email'])) {
if (isset($_POST['email']) && !empty($_POST['email'])) {
$field = 'email';
$value = $_POST['email'];
} else {
......@@ -78,7 +78,7 @@ elseif (isset($_POST['user']) || isset($_POST['email'])) {
$err = 0;
try {
$row = $adodb->GetRow("SELECT * FROM Users WHERE {$field} = '{$adodb->qstr($value)}'");
$row = $adodb->GetRow('SELECT * FROM Users WHERE ' . $field . ' = ' . $adodb->qstr($value));
}
catch (exception $e) {
$err = 1;
......@@ -90,6 +90,7 @@ elseif (isset($_POST['user']) || isset($_POST['email'])) {
$smarty->display('error.tpl');
die();
}
$username = $row['username'];
$code = md5($username . $row['email'] . time());
// If a recovery_request already exists, delete it from the database
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment