From: Andrew Dolgov Date: Fri, 29 Mar 2013 06:10:20 +0000 (+0400) Subject: forgotpass: remove secretkey stuff because of new session handling; use stylesheet... X-Git-Tag: 1.7.6~178 X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;h=e216d3025f486cee0398410a7842484f268b8c9d;p=tt-rss.git forgotpass: remove secretkey stuff because of new session handling; use stylesheet/javascript_tag --- diff --git a/classes/handler/public.php b/classes/handler/public.php index 902e836f..6822faa7 100644 --- a/classes/handler/public.php +++ b/classes/handler/public.php @@ -723,15 +723,13 @@ class Handler_Public extends Handler { function forgotpass() { header('Content-Type: text/html; charset=utf-8'); - print " - - Tiny Tiny RSS - - - - - - "; + print "Tiny Tiny RSS"; + + print stylesheet_tag("utility.css"); + print javascript_tag("lib/prototype.js"); + + print " + "; print ''; print "

".__("Password recovery")."

"; @@ -740,13 +738,9 @@ class Handler_Public extends Handler { @$method = $_POST['method']; if (!$method) { - $secretkey = uniqid(); - $_SESSION["secretkey"] = $secretkey; - print_notice(__("You will need to provide valid account name and email. New password will be sent on your email address.")); print "
"; - print ""; print ""; print ""; @@ -771,7 +765,6 @@ class Handler_Public extends Handler { print "
"; } else if ($method == 'do') { - $secretkey = $_POST["secretkey"]; $login = db_escape_string($this->link, $_POST["login"]); $email = db_escape_string($this->link, $_POST["email"]); $test = db_escape_string($this->link, $_POST["test"]); @@ -784,7 +777,7 @@ class Handler_Public extends Handler { "; - } else if ($_SESSION["secretkey"] == $secretkey) { + } else { $result = db_query($this->link, "SELECT id FROM ttrss_users WHERE login = '$login' AND email = '$email'"); @@ -796,7 +789,7 @@ class Handler_Public extends Handler { print "

"; - print_notice("Completed."); + print "

"."Completed."."

"; print "
@@ -811,14 +804,6 @@ class Handler_Public extends Handler {
"; } - - } else { - print_error(__("Form secret key incorrect. Please enable cookies and try again.")); - print "
- - -
"; - } }