lkddi/nexusphp
1
0
Fork 0
mirror of https://github.com/lkddi/nexusphp.git synced 2026-04-25 12:37:23 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix recover.php

Browse Source
This commit is contained in:
xiaomlove
2025-10-30 15:27:09 +07:00
parent acb7df6d92
commit b5bfdc3c99
1 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
public/recover.php
+6 -5
View File
@@ -47,7 +47,8 @@ if ($_SERVER["REQUEST_METHOD"] == "POST")
stderr($lang_recover['std_error'], $lang_recover['std_database_error']); stderr($lang_recover['std_error'], $lang_recover['std_database_error']);
$hash = md5($sec . $email . $arr["passhash"] . $sec); $hash = md5($sec . $email . $arr["passhash"] . $sec);
$ip = getip() ; do_log("hash: $hash = md5(sec: $sec . email: $email . passhash: {$arr['passhash']} . sec: $sec)");
$ip = getip();
$title = $SITENAME.$lang_recover['mail_title']; $title = $SITENAME.$lang_recover['mail_title'];
$mailOne = sprintf($lang_recover['mail_one'], $siteName); $mailOne = sprintf($lang_recover['mail_one'], $siteName);
$mailFour = sprintf($lang_recover['mail_four'], $siteName); $mailFour = sprintf($lang_recover['mail_four'], $siteName);
@@ -79,10 +80,10 @@ elseif($_SERVER["REQUEST_METHOD"] == "GET" && $take_recover && isset($_GET["id"]
$email = $arr["email"]; $email = $arr["email"];
$sec = hash_pad($arr["editsecret"]); $sec = hash_pad($arr["editsecret"]);
if (preg_match('/^ *$/s', $sec)) if ($md5 != md5($sec . $email . $arr["passhash"] . $sec)) {
httperr(); do_log("secret: $md5 != md5(sec: $sec . email: $email . passhash: {$arr['passhash']} . sec: $sec)","error");
if ($md5 != md5($sec . $email . $arr["passhash"] . $sec)) httperr();
httperr(); }
// generate new password; // generate new password;
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";