From e6b2b5bbe09b3898b4d1b0cd30d5084a5d9e8eb3 Mon Sep 17 00:00:00 2001
From: skodak <skodak>
Date: Mon, 1 Sep 2008 08:16:41 +0000
Subject: [PATCH] MDL-15218 reset change password secret if somebody just tries
 to guess it; merged from MOODLE_19_STABLE

---
 login/forgot_password.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/login/forgot_password.php b/login/forgot_password.php
index 123861f82f..3c5d8f67c0 100644
--- a/login/forgot_password.php
+++ b/login/forgot_password.php
@@ -77,6 +77,10 @@ if ($p_secret !== false) {
         notice(get_string('emailpasswordsent', '', $a), $changepasswordurl);
 
     } else {
+        if (!empty($user) and strlen($p_secret) === 15) {
+            // somebody probably tries to hack in by guessing secret - stop them!
+            $DB->set_field('user', 'secret', '', array('id'=>$user->id));
+        }
         print_header($strforgotten, $strforgotten, $navigation);
         print_error('forgotteninvalidurl');
     }
-- 
2.39.5