From: Stéphane Jacob <sj@m4x.org>
Date: Mon, 12 Sep 2011 11:33:42 +0000 (+0200)
Subject: Do not try to use the certificate we just erased on email recovery.
X-Git-Tag: xorg/1.1.4~179
X-Git-Url: http://git.polytechnique.org/?a=commitdiff_plain;h=aba13e873ae85fae7e461b590b49a7e1b4489df4;p=platal.git

Do not try to use the certificate we just erased on email recovery.

Signed-off-by: Stéphane Jacob <sj@m4x.org>
---

diff --git a/modules/platal.php b/modules/platal.php
index 7d4e4ca..b7a641d 100644
--- a/modules/platal.php
+++ b/modules/platal.php
@@ -389,23 +389,18 @@ Adresse de secours : ' . $to));
         XDB::execute('DELETE FROM  account_lost_passwords
                             WHERE  DATE_SUB(NOW(), INTERVAL 380 MINUTE) > created');
 
-        $res = XDB::query('SELECT  uid
-                             FROM  account_lost_passwords WHERE certificat={?}', $certif);
-        $ligne = $res->fetchOneAssoc();
-        if (!$ligne) {
-            $page->changeTpl('platal/index.tpl');
-            $page->kill("Cette adresse n'existe pas ou n'existe plus sur le serveur.");
-        }
-
-        $uid = $ligne["uid"];
         if (Post::has('pwhash') && Post::t('pwhash')) {
+            $uid = XDB::fetchOneCell('SELECT  uid
+                                        FROM  accounts
+                                       WHERE  hruid = {?}',
+                                     Post::t('username'));
             $password = Post::t('pwhash');
             XDB::query('UPDATE  accounts
-                           SET  password={?}
+                           SET  password = {?}
                          WHERE  uid = {?} AND state = \'active\'',
                        $password, $uid);
             XDB::query('DELETE FROM  account_lost_passwords
-                              WHERE  certificat={?}', $certif);
+                              WHERE  certificat = {?}', $certif);
 
             // If GoogleApps is enabled, and the user did choose to use synchronized passwords,
             // updates the Google Apps password as well.
@@ -425,10 +420,19 @@ Adresse de secours : ' . $to));
 
             $page->changeTpl('platal/tmpPWD.success.tpl');
         } else {
+            $res = XDB::query('SELECT  uid
+                                 FROM  account_lost_passwords
+                                WHERE  certificat = {?}', $certif);
+            $ligne = $res->fetchOneAssoc();
+            if (!$ligne) {
+                $page->changeTpl('platal/index.tpl');
+                $page->kill("Cette adresse n'existe pas ou n'existe plus sur le serveur.");
+            }
+
             $hruid = XDB::fetchOneCell('SELECT  hruid
                                           FROM  accounts
                                          WHERE  uid = {?}',
-                                       $uid);
+                                       $ligne['uid']);
             $page->changeTpl('platal/password.tpl');
             $page->assign('hruid', $hruid);
             $page->assign('do_auth', 1);