From e216d3025f486cee0398410a7842484f268b8c9d Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Fri, 29 Mar 2013 10:10:20 +0400 Subject: [PATCH] forgotpass: remove secretkey stuff because of new session handling; use stylesheet/javascript_tag --- classes/handler/public.php | 33 +++++++++------------------------ 1 file changed, 9 insertions(+), 24 deletions(-) diff --git a/classes/handler/public.php b/classes/handler/public.php index 902e836f..6822faa7 100644 --- a/classes/handler/public.php +++ b/classes/handler/public.php @@ -723,15 +723,13 @@ class Handler_Public extends Handler { function forgotpass() { header('Content-Type: text/html; charset=utf-8'); - print " - - Tiny Tiny RSS - - - - - - "; + print "Tiny Tiny RSS"; + + print stylesheet_tag("utility.css"); + print javascript_tag("lib/prototype.js"); + + print " + "; print '

'; print "

".__("Password recovery")."

"; @@ -740,13 +738,9 @@ class Handler_Public extends Handler { @$method = $_POST['method']; if (!$method) { - $secretkey = uniqid(); - $_SESSION["secretkey"] = $secretkey; - print_notice(__("You will need to provide valid account name and email. New password will be sent on your email address.")); print ""; } else if ($method == 'do') { - $secretkey = $_POST["secretkey"]; $login = db_escape_string($this->link, $_POST["login"]); $email = db_escape_string($this->link, $_POST["email"]); $test = db_escape_string($this->link, $_POST["test"]); @@ -784,7 +777,7 @@ class Handler_Public extends Handler { "; - } else if ($_SESSION["secretkey"] == $secretkey) { + } else { $result = db_query($this->link, "SELECT id FROM ttrss_users WHERE login = '$login' AND email = '$email'"); @@ -796,7 +789,7 @@ class Handler_Public extends Handler { print "

"; - print_notice("Completed."); + print "

"."Completed."."

"; print ""; } - - } else { - print_error(__("Form secret key incorrect. Please enable cookies and try again.")); - print ""; - } } -- 2.39.2