fixes #1275 delete password reset key when email address is changed

include/functions_user.inc.php

@@ -1629,6 +1629,25 @@ UPDATE '.USER_AUTH_KEYS_TABLE.'
   pwg_query($query);
 }
 
+/**
+ * Deactivates password reset key
+ *
+ * @since 11
+ * @param int $user_id
+ * @return null
+ */
+function deactivate_password_reset_key($user_id)
+{
+  single_update(
+    USER_INFOS_TABLE,
+    array(
+      'activation_key' => null,
+      'activation_key_expire' => null,
+      ),
+    array('user_id' => $user_id)
+    );
+}
+
 /**
  * Gets the last visit (datetime) of a user, based on history table
  *

include/ws_functions/pwg.users.php

@@ -555,6 +555,11 @@ SELECT
     deactivate_user_auth_keys($params['user_id'][0]);
   }
 
+  if (isset($updates[ $conf['user_fields']['email'] ]))
+  {
+    deactivate_password_reset_key($params['user_id'][0]);
+  }
+
   if (isset($update_status) and count($params['user_id_for_status']) > 0)
   {
     $query = '

password.php

@@ -238,15 +238,7 @@ function reset_password()
     array($conf['user_fields']['id'] => $user_id)
     );
 
-  single_update(
+  deactivate_password_reset_key($user_id);
-    USER_INFOS_TABLE,
-    array(
-      'activation_key' => null,
-      'activation_key_expire' => null,
-      ),
-    array('user_id' => $user_id)
-    );
-
   deactivate_user_auth_keys($user_id);
 
   $page['infos'][] = l10n('Your password has been reset');

profile.php

@@ -243,6 +243,11 @@ function save_profile_from_post($userdata, &$errors)
                     ),
                    array($data));
 
+      if ($_POST['mail_address'] != $userdata['email'])
+      {
+        deactivate_password_reset_key($userdata['id']);
+      }
+
       $activity_details_tables[] = 'users';
     }