From: skodak <skodak>
Date: Mon, 1 Sep 2008 08:16:41 +0000 (+0000)
Subject: MDL-15218 reset change password secret if somebody just tries to guess it; merged... 
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=e6b2b5bbe09b3898b4d1b0cd30d5084a5d9e8eb3;p=moodle.git

MDL-15218 reset change password secret if somebody just tries to guess it; merged from MOODLE_19_STABLE
---

diff --git a/login/forgot_password.php b/login/forgot_password.php
index 123861f82f..3c5d8f67c0 100644
--- a/login/forgot_password.php
+++ b/login/forgot_password.php
@@ -77,6 +77,10 @@ if ($p_secret !== false) {
         notice(get_string('emailpasswordsent', '', $a), $changepasswordurl);
 
     } else {
+        if (!empty($user) and strlen($p_secret) === 15) {
+            // somebody probably tries to hack in by guessing secret - stop them!
+            $DB->set_field('user', 'secret', '', array('id'=>$user->id));
+        }
         print_header($strforgotten, $strforgotten, $navigation);
         print_error('forgotteninvalidurl');
     }