source: trunk/install/db/144-database.php @ 29511

Last change on this file since 29511 was 29111, checked in by plg, 10 years ago

bug 3050: increase security on reset password algorithm.

  • reset key has a 1-hour life
  • reset key is automatically deleted once used
  • reset key is stored as a hash

Thank you effigies for code suggestions
File size: 2.1 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based photo gallery                                    |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2014 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24if (!defined('PHPWG_ROOT_PATH'))
25{
26  die('Hacking attempt!');
27}
28
29$upgrade_description = 'add activation_key_expire';
30
31// we use PREFIX_TABLE, in case Piwigo uses an external user table
32pwg_query('
33ALTER TABLE '.USER_INFOS_TABLE.'
34  CHANGE activation_key activation_key VARCHAR(255) DEFAULT NULL,
35  ADD COLUMN activation_key_expire DATETIME DEFAULT NULL AFTER activation_key
36;');
37
38// purge current expiration keys
39pwg_query('UPDATE '.USER_INFOS_TABLE.' SET activation_key = NULL;');
40
41echo "\n".$upgrade_description."\n";
42
43?>
Note: See TracBrowser for help on using the repository browser.