From aaf866ebb005ea64ec95a603b2979ab01a269e3b Mon Sep 17 00:00:00 2001 From: Keith Uplinger Date: Tue, 1 May 2018 21:30:50 -0500 Subject: [PATCH] Delete token for email recovery. --- html/inc/boinc_db.inc | 6 ++++++ html/inc/token.inc | 7 +++++++ html/user/recover_email.php | 4 ++-- 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/html/inc/boinc_db.inc b/html/inc/boinc_db.inc index 3a343d0389..7ae8501576 100644 --- a/html/inc/boinc_db.inc +++ b/html/inc/boinc_db.inc @@ -812,6 +812,12 @@ class BoincToken { $db = BoincDB::get(); return $db->get_list('token', 'userid', 'type', 'create_time', 'expire_time', 'BoincToken', '*', $where_clause, $order_clause, $limit); } + + static function delete_token($where_clause) { + $db = BoincDb::get(); + $db->delete_aux('token', $where_clause); + return $db->affected_rows(); + } static function delete_expired() { $db = BoincDb::get(); diff --git a/html/inc/token.inc b/html/inc/token.inc index a1b67aef9c..5903c82714 100644 --- a/html/inc/token.inc +++ b/html/inc/token.inc @@ -39,6 +39,13 @@ function create_token($userid, $type, $duration) { return $token; } +function delete_token($userid, $token, $type) { + $token = BoincDb::escape_string($token); + $type = BoincDb::escape_string($type); + $result = BoincToken::delete_token("userid = $userid and token = '$token' and type = '$type'"); + return $result; +} + function is_valid_token($userid, $token, $type) { $boincToken = BoincToken::lookup_valid_token($userid, $token, $type); if ( $boincToken == null ) { diff --git a/html/user/recover_email.php b/html/user/recover_email.php index 97a59e9c0f..30456015a3 100644 --- a/html/user/recover_email.php +++ b/html/user/recover_email.php @@ -30,7 +30,6 @@ $user = get_logged_in_user(false); if ($user) { clear_cookie('auth'); $g_logged_in_user = null; - echo tra("Note: You have been logged out to clear all cookies.")."

"; } page_head(tra("Recover email address")); @@ -46,13 +45,14 @@ if(is_valid_token($userid, $token, TOKEN_TYPE_CHANGE_EMAIL)) { if ($existing) { echo tra("There is already an account with that email address.")."

".tra("Please contact the admin. Previous email address could not be reverted as another account is using it as their email address."); } else { - echo tra("Email address has been reverted.")."

".tra("You need to reset your password: ")."".secure_url_base()."get_passwd.php"; + echo tra("Email address has been reverted.")."

".tra("You need to reset your password: ")."".secure_url_base()."get_passwd.php"; $database_passwd_hash = password_hash(random_string() , PASSWORD_DEFAULT); //Change previous_email $result = $tmpuser->update( "email_addr=previous_email_addr, previous_email_addr=null, email_addr_change_time=0, passwd_hash='$database_passwd_hash', email_validated=0" ); + $result = delete_token($userid, $token, TOKEN_TYPE_CHANGE_EMAIL); } } } else {