From 5af5c2834c9c152cdffef6b0e056571ca586dc0a Mon Sep 17 00:00:00 2001
From: Nicolas Ducoulombier <nicolas@ldd.fr>
Date: Wed, 5 Aug 2015 17:03:20 -0500
Subject: [PATCH] Delete token and time from user password reset after first
 use -refs BT#9897 #TMI

---
 main/auth/reset.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/main/auth/reset.php b/main/auth/reset.php
index d69b41149e6..7132673e2a8 100644
--- a/main/auth/reset.php
+++ b/main/auth/reset.php
@@ -48,6 +48,12 @@
         $userManager = UserManager::getManager();
         $userManager->updateUser($user, true);
 
+        $user->setConfirmationToken(null);
+        $user->setPasswordRequestedAt(null);
+
+        Database::getManager()->persist($user);
+        Database::getManager()->flush();
+
         Display::addFlash(Display::return_message(get_lang('Updated')));
         header('Location: '.api_get_path(WEB_PATH));
         exit;