From feb2950b2d8d4d20425b1ad55c5fc773cfd92a81 Mon Sep 17 00:00:00 2001 From: ryan Date: Mon, 25 Feb 2008 07:34:24 +0000 Subject: [PATCH] Create password reset key only once. Props tellyworth. fixes #5990 git-svn-id: http://svn.automattic.com/wordpress/trunk@7015 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-login.php | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/wp-login.php b/wp-login.php index 45ec88377c..78eaf01a18 100644 --- a/wp-login.php +++ b/wp-login.php @@ -87,10 +87,13 @@ function retrieve_password() { do_action('retreive_password', $user_login); // Misspelled and deprecated do_action('retrieve_password', $user_login); - // Generate something random for a key... - $key = wp_generate_password(); - // Now insert the new md5 key into the db - $wpdb->query("UPDATE $wpdb->users SET user_activation_key = '$key' WHERE user_login = '$user_login'"); + $key = $wpdb->get_var("SELECT user_activation_key FROM $wpdb->users WHERE user_login = '$user_login'"); + if ( empty($key) ) { + // Generate something random for a key... + $key = wp_generate_password(); + // Now insert the new md5 key into the db + $wpdb->query("UPDATE $wpdb->users SET user_activation_key = '$key' WHERE user_login = '$user_login'"); + } $message = __('Someone has asked to reset the password for the following site and username.') . "\r\n\r\n"; $message .= get_option('siteurl') . "\r\n\r\n"; $message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n";