@@ -145,7 +145,7 @@ function RemindPick()
145145 sendmail ($ row ['email_address ' ], $ emaildata ['subject ' ], $ emaildata ['body ' ], null , 'reminder ' , $ emaildata ['is_html ' ], 1 );
146146
147147 // Set the password in the database.
148- updateMemberData ($ row ['id_member ' ], array ('validation_code ' => substr (md5 ($ password ), 0 , 10 )));
148+ updateMemberData ($ row ['id_member ' ], array ('validation_code ' => substr (md5 ($ password ), 0 , 10 )) . ' | ' . time () );
149149
150150 // Set up the template.
151151 $ context ['sub_template ' ] = 'sent ' ;
@@ -236,7 +236,9 @@ function setPassword2()
236236 if ($ smcFunc ['db_num_rows ' ]($ request ) == 0 )
237237 fatal_lang_error ('invalid_userid ' , false );
238238
239- list ($ realCode , $ username , $ email , $ flood_value ) = $ smcFunc ['db_fetch_row ' ]($ request );
239+ list ($ code , $ username , $ email , $ flood_value ) = $ smcFunc ['db_fetch_row ' ]($ request );
240+ list ($ realCode , $ issuedTime ) = explode ('| ' , $ realCode );
241+ $ issuedTime = empty ($ issuedTime ) ? 0 : (int ) $ issuedTime ;
240242 $ smcFunc ['db_free_result ' ]($ request );
241243
242244 // Is the password actually valid?
@@ -253,7 +255,7 @@ function setPassword2()
253255 require_once ($ sourcedir . '/LogInOut.php ' );
254256
255257 // Quit if this code is not right.
256- if (empty ($ _POST ['code ' ]) || substr ($ realCode , 0 , 10 ) !== substr (md5 ($ _POST ['code ' ]), 0 , 10 ))
258+ if (empty ($ _POST ['code ' ]) || substr ($ realCode , 0 , 10 ) !== substr (md5 ($ _POST ['code ' ]), 0 , 10 ) || $ issuedTime + 3600 < time () )
257259 {
258260 // Stop brute force attacks like this.
259261 validatePasswordFlood ($ _POST ['u ' ], $ flood_value , false );
0 commit comments