lkddi/nexusphp
1
0
Fork 0
mirror of https://github.com/lkddi/nexusphp.git synced 2026-04-23 19:37:23 +08:00
Code Issues Packages Projects Releases Wiki Activity

reset password update auth_key

Browse Source
This commit is contained in:
xiaomlove
2025-04-05 21:43:37 +07:00
parent 1841f1377a
commit 291f5c03b5
4 changed files with 13 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files
public/recover.php
+3 -4
View File
@@ -85,11 +85,10 @@ elseif($_SERVER["REQUEST_METHOD"] == "GET" && $take_recover && isset($_GET["id"]
$sec = mksecret();
// $newpasshash = md5($sec . $newpassword . $sec);
$newpasshash = hash('sha256', $newpassword);
$newpasshash = hash('sha256', $sec.$newpasshash);
$newpasshash = hash('sha256', $sec.hash('sha256', $newpassword));
$authKey = mksecret();
sql_query("UPDATE users SET secret=" . sqlesc($sec) . ", editsecret='', passhash=" . sqlesc($newpasshash) . " WHERE id=" . sqlesc($id)." AND editsecret=" . sqlesc($arr["editsecret"])) or sqlerr(__FILE__, __LINE__);
sql_query("UPDATE users SET secret=" . sqlesc($sec) . ", editsecret='', passhash=" . sqlesc($newpasshash) . ", auth_key=". sqlesc($authKey) . " WHERE id=" . sqlesc($id)." AND editsecret=" . sqlesc($arr["editsecret"])) or sqlerr(__FILE__, __LINE__);
if (!mysql_affected_rows())
stderr($lang_recover['std_error'], $lang_recover['std_unable_updating_user_data']);