fixes #1275 delete password reset key when email address is changed

2025-04-26 11:19:55 +03:00 · 2020-12-22 15:04:30 +01:00 · 2020-12-22 15:04:30 +01:00 · 7d7943b3ed
commit 7d7943b3ed
parent 498fb5e85d
4 changed files with 30 additions and 9 deletions
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@ -1629,6 +1629,25 @@ UPDATE '.USER_AUTH_KEYS_TABLE.'
  pwg_query($query);
 }

+/**
+ * Deactivates password reset key
+ *
+ * @since 11
+ * @param int $user_id
+ * @return null
+ */
+function deactivate_password_reset_key($user_id)
+{
+  single_update(
+    USER_INFOS_TABLE,
+    array(
+      'activation_key' => null,
+      'activation_key_expire' => null,
+      ),
+    array('user_id' => $user_id)
+    );
+}
+
 /**
 * Gets the last visit (datetime) of a user, based on history table
 *
--- a/include/ws_functions/pwg.users.php
+++ b/include/ws_functions/pwg.users.php
@ -555,6 +555,11 @@ SELECT
    deactivate_user_auth_keys($params['user_id'][0]);
  }

+  if (isset($updates[ $conf['user_fields']['email'] ]))
+  {
+    deactivate_password_reset_key($params['user_id'][0]);
+  }
+
  if (isset($update_status) and count($params['user_id_for_status']) > 0)
  {
    $query = '
--- a/password.php
+++ b/password.php
@ -238,15 +238,7 @@ function reset_password()
    array($conf['user_fields']['id'] => $user_id)
    );

-  single_update(
-    USER_INFOS_TABLE,
-    array(
-      'activation_key' => null,
-      'activation_key_expire' => null,
-      ),
-    array('user_id' => $user_id)
-    );
-
+  deactivate_password_reset_key($user_id);
  deactivate_user_auth_keys($user_id);

  $page['infos'][] = l10n('Your password has been reset');
--- a/profile.php
+++ b/profile.php
@ -243,6 +243,11 @@ function save_profile_from_post($userdata, &$errors)
                    ),
                   array($data));

+      if ($_POST['mail_address'] != $userdata['email'])
+      {
+        deactivate_password_reset_key($userdata['id']);
+      }
+
      $activity_details_tables[] = 'users';
    }