Delete token and time from user password reset after first use -refs …

…BT#9897 #TMI
chamilo · Aug 5, 2015 · 5af5c28 · 5af5c28
1 parent 0f817c8
commit 5af5c28
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/main/auth/reset.php b/main/auth/reset.php
@@ -48,6 +48,12 @@
         $userManager = UserManager::getManager();
         $userManager->updateUser($user, true);
 
+        $user->setConfirmationToken(null);
+        $user->setPasswordRequestedAt(null);
+
+        Database::getManager()->persist($user);
+        Database::getManager()->flush();
+
         Display::addFlash(Display::return_message(get_lang('Updated')));
         header('Location: '.api_get_path(WEB_PATH));
         exit;