diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2012-02-19 13:38:31 +0100 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2012-02-19 13:38:31 +0100 |
| commit | 8a9735e34dc99c24355e0aee74a3cd49aa3b1492 (patch) | |
| tree | 0ca2d6db51264520fcc9eb9243644dbe639a033f | |
| parent | 4d3ea096062ffd40303a0499aee5b7f757e00948 (diff) | |
| download | rpg-8a9735e34dc99c24355e0aee74a3cd49aa3b1492.tar.gz rpg-8a9735e34dc99c24355e0aee74a3cd49aa3b1492.tar.bz2 | |
added a timelimit for password reset tokens
passwords now need to be reset within 3 days of requesting the password
change mail
| -rw-r--r-- | inc/auth.php | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/inc/auth.php b/inc/auth.php index 437a82a82..4e11288e1 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -860,6 +860,14 @@ function act_resendpwd(){ unset($_REQUEST['pwauth']); return false; } + // token is only valid for 3 days + if( (time() - filemtime($tfile)) > (3*60*60*24) ){ + msg($lang['resendpwdbadauth'],-1); + unset($_REQUEST['pwauth']); + @unlink($tfile); + return false; + } + $user = io_readfile($tfile); $userinfo = $auth->getUserData($user); if(!$userinfo['mail']) { |