From 1d5856cfe64e778c70fece0d08d36f153be16600 Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Fri, 14 Jul 2006 13:05:48 +0200
Subject: two-stage password reset

This patch changes the password reset function to a two-stage process.
After requesting a new password a confirmation email is sent first, only
if the link contained in this mail is used the password is changed for real.

This makes sure malicious people can't reset passwords for other users.

darcs-hash:20060714110548-7ad00-c1e23fd51cc2d2f16473914421ebe0f9c3b2ba8c.gz
---
 inc/html.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'inc/html.php')

diff --git a/inc/html.php b/inc/html.php
index 9fed619a8..58199e1cd 100644
--- a/inc/html.php
+++ b/inc/html.php
@@ -78,14 +78,14 @@ function html_login(){
     if($auth->canDo('addUser') && actionOK('register')){
       print '<p>';
       print $lang['reghere'];
-      print ': <a href="'.wl($ID,'do=register').'" class="wikilink1">'.$lang['register'].'</a>';
+      print ': <a href="'.wl($ID,'do=register').'" rel="nofollow" class="wikilink1">'.$lang['register'].'</a>';
       print '</p>';
     }
 
     if ($auth->canDo('modPass') && actionOK('resendpwd')) {
       print '<p>';
       print $lang['pwdforget'];
-      print ': <a href="'.wl($ID,'do=resendpwd').'" class="wikilink1">'.$lang['btn_resendpwd'].'</a>';
+      print ': <a href="'.wl($ID,'do=resendpwd').'" rel="nofollow" class="wikilink1">'.$lang['btn_resendpwd'].'</a>';
       print '</p>';
     }
   ?>
-- 
cgit v1.2.3