Commit acc33c53 authored by Benjamin Sonntag's avatar Benjamin Sonntag
Browse files

adding a tool to compute a hash for a mail + fixing csrf (for good)

parent 27ff9a47
......@@ -25,8 +25,8 @@ $debug=false;
foreach($fields as $f) if (isset($_POST[$f])) $found++;
if (!count($error)) $error=array();
if (!count($info)) $info=array();
if ($found==6 && $_POST["url"]=="") {
......@@ -93,8 +93,9 @@ if (isset($_GET["id"]) && isset($_GET["key"])) {
if ($already["disabledate"]!="") {
$error[]=sprintf(_("This account have been disabled. <a href=\"%s\">Click here to restore it</a>."),"recover.php");
if ($key!=$_GET["key"]) {
$key=substr(md5($csrf_key."-".$already["id"]."-".$already["jabberid"]."-".intval(time()/14400) ),0,16);
$key2=substr(md5($csrf_key."-".$already["id"]."-".$already["jabberid"]."-".intval((time()-14400)/14400) ),0,16);
if ($key!=$_GET["key"] && $key2!=$_GET["key"]) {
$error[]=_("The provided key is incorrect, please check your mail or contact us.");
if (count($error)==0) {
echo "Hashed email value is :".hashmail($argv[1])."\n";
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment