Commit bb67fbf7 authored by Stephan Großberndt's avatar Stephan Großberndt Committed by Christian Kuhn
Browse files

[BUGFIX] Fix PHP warning on second call to reset password link

This patch fixes a PHP warning being logged to sys_log when clicking
the reset password link again after the password has been changed.

Resolves: #92960
Releases: 10.4, 9.5
Change-Id: I67fb11838a99a40c4f935541fc69f45806af1140
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67308

Reviewed-by: Stephan Großberndt's avatarStephan Großberndt <stephan.grossberndt@typo3.org>
Reviewed-by: Christian Kuhn's avatarChristian Kuhn <lolli@schwarzbu.ch>
Tested-by: default avatarTYPO3com <noreply@typo3.com>
Tested-by: Christian Kuhn's avatarChristian Kuhn <lolli@schwarzbu.ch>
parent 595ca11a
......@@ -341,13 +341,15 @@ class FrontendLoginController extends AbstractPlugin implements LoggerAwareInter
$user = $this->pi_getRecord('fe_users', (int)$uid);
$userHash = $user['felogin_forgotHash'];
$compareHash = explode('|', $userHash);
if (strlen($compareHash[1]) === 40) {
if (!$compareHash || !$compareHash[1] || $compareHash[0] < time() || !hash_equals($compareHash[0], $hash[0])) {
$hashEquals = false;
} elseif (strlen($compareHash[1]) === 40) {
$hashEquals = hash_equals($compareHash[1], GeneralUtility::hmac((string)$hash[1]));
} else {
// backward-compatibility for previous MD5 hashes
$hashEquals = hash_equals($compareHash[1], md5($hash[1]));
}
if (!$compareHash || !$compareHash[1] || $compareHash[0] < time() || !hash_equals($compareHash[0], $hash[0]) || !$hashEquals) {
if (!$hashEquals) {
$markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText(
'change_password_notvalid_message',
$this->conf['changePasswordNotValidMessage_stdWrap.']
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment