equal
deleted
inserted
replaced
2193 } |
2193 } |
2194 |
2194 |
2195 $row = $db->fetchrow(); |
2195 $row = $db->fetchrow(); |
2196 $temp_pass = $this->random_pass(); |
2196 $temp_pass = $this->random_pass(); |
2197 |
2197 |
|
2198 // check the seclog |
|
2199 $ts = time() - 15; |
|
2200 // Prevent resets on the same UID or from the same IP |
|
2201 // FIXME: Qatar |
|
2202 // (http://www.reddit.com/r/todayilearned/comments/k27x6/til_that_the_entire_nation_of_qatar_has_a_single/) |
|
2203 $q = $this->sql('SELECT log_id, time_id FROM ' . table_prefix . "logs WHERE log_type = 'security' AND action = 'pass_reset' AND ( edit_summary = '{$_SERVER['REMOTE_ADDR']}' OR author_uid = {$row['user_id']} ) AND time_id > $ts;"); |
|
2204 if ( $db->numrows($q) > 0 ) |
|
2205 { |
|
2206 // rate limit exceeded... one password reset request every 15 seconds is not appropriate |
|
2207 $db->free_result(); |
|
2208 return false; |
|
2209 } |
|
2210 $db->free_result(); |
|
2211 |
|
2212 $now = time(); |
|
2213 $uname = $db->escape($row['username']); |
|
2214 $this->sql('INSERT INTO ' . table_prefix . 'logs ( time_id, log_type, action, author, author_uid, edit_summary ) VALUES' |
|
2215 . "($now, 'security', 'pass_reset', '$uname', {$row['user_id']}, '{$_SERVER['REMOTE_ADDR']}');"); |
2198 $this->register_temp_password($row['user_id'], $temp_pass); |
2216 $this->register_temp_password($row['user_id'], $temp_pass); |
2199 |
2217 |
2200 $site_name = getConfig('site_name'); |
2218 $site_name = getConfig('site_name'); |
2201 |
2219 |
2202 $message = $lang->get('userfuncs_passreset_email', array( |
2220 $message = $lang->get('userfuncs_passreset_email', array( |