From aba13e873ae85fae7e461b590b49a7e1b4489df4 Mon Sep 17 00:00:00 2001
From: =?utf8?q?St=C3=A9phane=20Jacob?= <sj@m4x.org>
Date: Mon, 12 Sep 2011 13:33:42 +0200
Subject: [PATCH] Do not try to use the certificate we just erased on email
 recovery.
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Signed-off-by: StÃ©phane Jacob <sj@m4x.org>
---
 modules/platal.php | 28 ++++++++++++++++------------
 1 file changed, 16 insertions(+), 12 deletions(-)

diff --git a/modules/platal.php b/modules/platal.php
index 7d4e4ca..b7a641d 100644
--- a/modules/platal.php
+++ b/modules/platal.php
@@ -389,23 +389,18 @@ Adresse de secours : ' . $to));
         XDB::execute('DELETE FROM  account_lost_passwords
                             WHERE  DATE_SUB(NOW(), INTERVAL 380 MINUTE) > created');
 
-        $res = XDB::query('SELECT  uid
-                             FROM  account_lost_passwords WHERE certificat={?}', $certif);
-        $ligne = $res->fetchOneAssoc();
-        if (!$ligne) {
-            $page->changeTpl('platal/index.tpl');
-            $page->kill("Cette adresse n'existe pas ou n'existe plus sur le serveur.");
-        }
-
-        $uid = $ligne["uid"];
         if (Post::has('pwhash') && Post::t('pwhash')) {
+            $uid = XDB::fetchOneCell('SELECT  uid
+                                        FROM  accounts
+                                       WHERE  hruid = {?}',
+                                     Post::t('username'));
             $password = Post::t('pwhash');
             XDB::query('UPDATE  accounts
-                           SET  password={?}
+                           SET  password = {?}
                          WHERE  uid = {?} AND state = \'active\'',
                        $password, $uid);
             XDB::query('DELETE FROM  account_lost_passwords
-                              WHERE  certificat={?}', $certif);
+                              WHERE  certificat = {?}', $certif);
 
             // If GoogleApps is enabled, and the user did choose to use synchronized passwords,
             // updates the Google Apps password as well.
@@ -425,10 +420,19 @@ Adresse de secours : ' . $to));
 
             $page->changeTpl('platal/tmpPWD.success.tpl');
         } else {
+            $res = XDB::query('SELECT  uid
+                                 FROM  account_lost_passwords
+                                WHERE  certificat = {?}', $certif);
+            $ligne = $res->fetchOneAssoc();
+            if (!$ligne) {
+                $page->changeTpl('platal/index.tpl');
+                $page->kill("Cette adresse n'existe pas ou n'existe plus sur le serveur.");
+            }
+
             $hruid = XDB::fetchOneCell('SELECT  hruid
                                           FROM  accounts
                                          WHERE  uid = {?}',
-                                       $uid);
+                                       $ligne['uid']);
             $page->changeTpl('platal/password.tpl');
             $page->assign('hruid', $hruid);
             $page->assign('do_auth', 1);
-- 
2.1.4