MDL-15218 reset change password secret if somebody just tries to gues…

…s it
scriby · Sep 1, 2008 · aa45463 · aa45463
1 parent 7fecd32
commit aa45463
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/login/forgot_password.php b/login/forgot_password.php
@@ -77,6 +77,10 @@
         notice(get_string('emailpasswordsent', '', $a), $changepasswordurl);
 
     } else {
+        if (!empty($user) and strlen($p_secret) === 15) {
+            // somebody probably tries to hack in by guessing secret - stop them!
+            set_field('user', 'secret', '', 'id', $user->id);
+        }
         print_header($strforgotten, $strforgotten, $navigation);
         print_error('forgotteninvalidurl');
     }