From fc33ac036837dd641ef4907e8e13c1c3faba8fe3 Mon Sep 17 00:00:00 2001 From: ryan Date: Sun, 13 Mar 2005 17:15:56 +0000 Subject: [PATCH] Check for empty password reset key. http://mosquito.wordpress.org/view.php?id=1080 Props: idanso git-svn-id: http://svn.automattic.com/wordpress/trunk@2438 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-login.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/wp-login.php b/wp-login.php index a912bb547e..5ba6a368a3 100644 --- a/wp-login.php +++ b/wp-login.php @@ -125,11 +125,16 @@ case 'resetpass' : // Generate something random for a password... md5'ing current time with a rand salt $key = $_GET['key']; + if ( empty($key) ) + die( __('Sorry, that key does not appear to be valid.') ); $user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE user_activation_key = '$key'"); if ( !$user ) die( __('Sorry, that key does not appear to be valid.') ); do_action('password_reset'); +echo "doing password reset for : {$user->user_login}
"; +exit; + $new_pass = substr( md5( uniqid( microtime() ) ), 0, 7); $wpdb->query("UPDATE $wpdb->users SET user_pass = MD5('$new_pass'), user_activation_key = '' WHERE user_login = '$user->user_login'");