Delete token for email recovery.

2018-05-01 21:30:50 -05:00 · 2018-05-01 21:30:50 -05:00 · aaf866ebb0
parent 3011ccf8db
commit aaf866ebb0
3 changed files with 15 additions and 2 deletions
--- a/html/inc/boinc_db.inc
+++ b/html/inc/boinc_db.inc
@ -812,6 +812,12 @@ class BoincToken {
        $db = BoincDB::get();
        return $db->get_list('token', 'userid', 'type', 'create_time', 'expire_time', 'BoincToken', '*', $where_clause, $order_clause, $limit);
    }
+
+    static function delete_token($where_clause) {
+        $db = BoincDb::get();
+        $db->delete_aux('token', $where_clause);
+        return $db->affected_rows();
+    }
    
    static function delete_expired() {
        $db = BoincDb::get();
--- a/html/inc/token.inc
+++ b/html/inc/token.inc
@ -39,6 +39,13 @@ function create_token($userid, $type, $duration) {
    return $token;
 }

+function delete_token($userid, $token, $type) {
+    $token = BoincDb::escape_string($token);
+    $type = BoincDb::escape_string($type);
+    $result = BoincToken::delete_token("userid = $userid and token = '$token' and type = '$type'");
+    return $result;
+}
+
 function is_valid_token($userid, $token, $type) {
    $boincToken = BoincToken::lookup_valid_token($userid, $token, $type);
    if ( $boincToken == null ) {
--- a/html/user/recover_email.php
+++ b/html/user/recover_email.php
@ -30,7 +30,6 @@ $user = get_logged_in_user(false);
 if ($user) {
    clear_cookie('auth');
    $g_logged_in_user = null;
-    echo tra("Note: You have been logged out to clear all cookies.")."<br /><br />";
 }

 page_head(tra("Recover email address"));
@ -46,13 +45,14 @@ if(is_valid_token($userid, $token, TOKEN_TYPE_CHANGE_EMAIL)) {
 	if ($existing) {
 	    echo tra("There is already an account with that email address.")."<br /><br />".tra("Please contact the admin.  Previous email address could not be reverted as another account is using it as their email address.");
 	} else {
-	    echo tra("Email address has been reverted.")."<br /><br />".tra("You need to reset your password:  ")."<a href\=".secure_url_base()."get_passwd.php\">".secure_url_base()."get_passwd.php</a>";
+	    echo tra("Email address has been reverted.")."<br /><br />".tra("You need to reset your password:  ")."<a href=\"".secure_url_base()."get_passwd.php\">".secure_url_base()."get_passwd.php</a>";

            $database_passwd_hash = password_hash(random_string() , PASSWORD_DEFAULT);
 	    //Change previous_email
 	    $result = $tmpuser->update(
 		"email_addr=previous_email_addr, previous_email_addr=null, email_addr_change_time=0, passwd_hash='$database_passwd_hash', email_validated=0"
 	    );
+            $result = delete_token($userid, $token, TOKEN_TYPE_CHANGE_EMAIL);
 	}
    }
 } else {