Delete token and time from user password reset after first use -refs BT#9897 #TMI

10 years ago · 5af5c2834c
parent 0f817c8234
commit 5af5c2834c
1 changed files with 6 additions and 0 deletions
--- a/main/auth/reset.php
+++ b/main/auth/reset.php
@ -48,6 +48,12 @@ if ($form->validate()) {
        $userManager = UserManager::getManager();
        $userManager->updateUser($user, true);

+        $user->setConfirmationToken(null);
+        $user->setPasswordRequestedAt(null);
+
+        Database::getManager()->persist($user);
+        Database::getManager()->flush();
+
        Display::addFlash(Display::return_message(get_lang('Updated')));
        header('Location: '.api_get_path(WEB_PATH));
        exit;