forgotpass: remove secretkey stuff because of new session handling; use stylesheet...

author Andrew Dolgov <fox@madoka.volgo-balt.ru>

Fri, 29 Mar 2013 06:10:20 +0000 (10:10 +0400)

committer Andrew Dolgov <fox@madoka.volgo-balt.ru>

Fri, 29 Mar 2013 06:10:20 +0000 (10:10 +0400)
author Andrew Dolgov <fox@madoka.volgo-balt.ru>
Fri, 29 Mar 2013 06:10:20 +0000 (10:10 +0400)
committer Andrew Dolgov <fox@madoka.volgo-balt.ru>
Fri, 29 Mar 2013 06:10:20 +0000 (10:10 +0400)
diff --git a/classes/handler/public.php b/classes/handler/public.php

index 902e836fc52098af598f9e921719e5b5de6f317a..6822faa771832f295232d10b73b3a22fc69e4716 100644 (file)
--- a/classes/handler/public.php
+++ b/classes/handler/public.php
@@ -723,15 +723,13 @@ class Handler_Public extends Handler {
  
         function forgotpass() {
                 header('Content-Type: text/html; charset=utf-8');
-               print "<html>
-                               <head>
-                                       <title>Tiny Tiny RSS</title>
-                                       <link rel=\"stylesheet\" type=\"text/css\" href=\"utility.css\">
-                                       <script type=\"text/javascript\" src=\"lib/prototype.js\"></script>
-                                       <script type=\"text/javascript\" src=\"lib/scriptaculous/scriptaculous.js?load=effects,dragdrop,controls\"></script>
-                                       <meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/>
-                               </head>
-                               <body id='forgotpass'>";
+               print "<html><head><title>Tiny Tiny RSS</title>";
+
+               print stylesheet_tag("utility.css");
+               print javascript_tag("lib/prototype.js");
+
+               print "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/>
+                       </head><body id='forgotpass'>";
  
                 print '<div class="floatingLogo"><img src="images/logo_small.png"></div>';
                 print "<h1>".__("Password recovery")."</h1>";
@@ -740,13 +738,9 @@ class Handler_Public extends Handler {
                 @$method = $_POST['method'];
  
                 if (!$method) {
-                       $secretkey = uniqid();
-                       $_SESSION["secretkey"] = $secretkey;
-
                         print_notice(__("You will need to provide valid account name and email. New password will be sent on your email address."));
  
                         print "<form method='POST' action='public.php'>";
-                       print "<input type='hidden' name='secretkey' value='$secretkey'>";
                         print "<input type='hidden' name='method' value='do'>";
                         print "<input type='hidden' name='op' value='forgotpass'>";
  
@@ -771,7 +765,6 @@ class Handler_Public extends Handler {
                         print "</form>";
                 } else if ($method == 'do') {
  
-                       $secretkey = $_POST["secretkey"];
                         $login = db_escape_string($this->link, $_POST["login"]);
                         $email = db_escape_string($this->link, $_POST["email"]);
                         $test = db_escape_string($this->link, $_POST["test"]);
@@ -784,7 +777,7 @@ class Handler_Public extends Handler {
                                         <input type=\"submit\" value=\"".__("Go back")."\">
                                         </form>";
  
-                       } else if ($_SESSION["secretkey"] == $secretkey) {
+                       } else {
  
                                 $result = db_query($this->link, "SELECT id FROM ttrss_users
                                         WHERE login = '$login' AND email = '$email'");
@@ -796,7 +789,7 @@ class Handler_Public extends Handler {
  
                                         print "<p>";
  
-                                       print_notice("Completed.");
+                                       print "<p>"."Completed."."</p>";
  
                                         print "<form method=\"GET\" action=\"index.php\">
                                                 <input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
@@ -811,14 +804,6 @@ class Handler_Public extends Handler {
                                                 </form>";
  
                                 }
-
-                       } else {
-                               print_error(__("Form secret key incorrect. Please enable cookies and try again."));
-                               print "<form method=\"GET\" action=\"public.php\">
-                                       <input type=\"hidden\" name=\"op\" value=\"forgotpass\">
-                                       <input type=\"submit\" value=\"".__("Go back")."\">
-                                       </form>";
-
                         }
  
                 }
author	Andrew Dolgov <fox@madoka.volgo-balt.ru>
	Fri, 29 Mar 2013 06:10:20 +0000 (10:10 +0400)
committer	Andrew Dolgov <fox@madoka.volgo-balt.ru>
	Fri, 29 Mar 2013 06:10:20 +0000 (10:10 +0400)