lkddi/nexusphp
1
0
Fork 0
mirror of https://github.com/lkddi/nexusphp.git synced 2026-04-03 14:10:57 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix recover.php

Browse Source
This commit is contained in:
xiaomlove
2025-10-30 15:27:09 +07:00
parent acb7df6d92
commit b5bfdc3c99
1 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
public/recover.php
View File

@@ -47,7 +47,8 @@ if ($_SERVER["REQUEST_METHOD"] == "POST")
stderr($lang_recover['std_error'], $lang_recover['std_database_error']);
$hash = md5($sec . $email . $arr["passhash"] . $sec);
$ip = getip() ;
do_log("hash: $hash = md5(sec: $sec . email: $email . passhash: {$arr['passhash']} . sec: $sec)");
$ip = getip();
$title = $SITENAME.$lang_recover['mail_title'];
$mailOne = sprintf($lang_recover['mail_one'], $siteName);
$mailFour = sprintf($lang_recover['mail_four'], $siteName);
@@ -79,10 +80,10 @@ elseif($_SERVER["REQUEST_METHOD"] == "GET" && $take_recover && isset($_GET["id"]
$email = $arr["email"];
$sec = hash_pad($arr["editsecret"]);
if (preg_match('/^ *$/s', $sec))
httperr();
if ($md5 != md5($sec . $email . $arr["passhash"] . $sec))
httperr();
if ($md5 != md5($sec . $email . $arr["passhash"] . $sec)) {
do_log("secret: $md5 != md5(sec: $sec . email: $email . passhash: {$arr['passhash']} . sec: $sec)","error");
httperr();
}
// generate new password;
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";