From 14bac768f3fc22c5bc6243028e254f1571d64ac2 Mon Sep 17 00:00:00 2001
From: skodak <skodak>
Date: Fri, 1 Dec 2006 09:13:06 +0000
Subject: [PATCH] Forgotten password page does not check secret MDL-7755

---
 lang/en_utf8/moodle.php   | 1 +
 login/forgot_password.php | 5 ++++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/lang/en_utf8/moodle.php b/lang/en_utf8/moodle.php
index 191c65558a..a0ffd64f59 100644
--- a/lang/en_utf8/moodle.php
+++ b/lang/en_utf8/moodle.php
@@ -570,6 +570,7 @@ $string['forcepasswordchangenotice'] = 'You must change your password to proceed
 $string['forcetheme'] = 'Force theme';
 $string['forgotaccount'] = 'Lost password?';
 $string['forgotten'] = 'Forgotten your username or password?';
+$string['forgotteninvalidurl'] = 'Invalid password reset URL';
 $string['format'] = 'Format';
 $string['formathtml'] = 'HTML format';
 $string['formatlams'] = 'LAMS course format';
diff --git a/login/forgot_password.php b/login/forgot_password.php
index 154a075b74..c3348a52fb 100644
--- a/login/forgot_password.php
+++ b/login/forgot_password.php
@@ -39,6 +39,7 @@ $txt->senddetails = get_string('senddetails');
 $txt->username = get_string('username');
 $txt->usernameemailmatch = get_string('usernameemailmatch');
 $txt->usernamenotfound = get_string('usernamenotfound');
+$txt->invalidurl = get_string('forgotteninvalidurl');
 
 $sesskey = sesskey();
 $errors = array();
@@ -179,7 +180,7 @@ if (!empty($param->p) and !empty($param->s)) {
     $user = get_complete_user_data('username',$param->s);
 
     // make sure that url relates to a valid user
-    if (!empty($user)) {
+    if (!empty($user) and $user->secret == $param->p) {
         // check this isn't guest user
         if (isguest( $user->id )) {
             error('You cannot change the guest password');
@@ -198,6 +199,8 @@ if (!empty($param->p) and !empty($param->s)) {
         $a->email = $user->email;
         $a->link = $changepasswordurl;
         $txt->emailpasswordsent = get_string( 'emailpasswordsent', '', $a );
+    } else {
+       $errors[] = $txt->invalidurl;
     }
 
 }
-- 
2.39.5