Changeset 7015

Show
Ignore:
Timestamp:
02/25/08 07:34:24 (8 months ago)
Author:
ryan
Message:

Create password reset key only once. Props tellyworth. fixes #5990

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • trunk/wp-login.php

    r6987 r7015  
    8888    do_action('retrieve_password', $user_login); 
    8989 
    90     // Generate something random for a key... 
    91     $key = wp_generate_password(); 
    92     // Now insert the new md5 key into the db 
    93     $wpdb->query("UPDATE $wpdb->users SET user_activation_key = '$key' WHERE user_login = '$user_login'"); 
     90    $key = $wpdb->get_var("SELECT user_activation_key FROM $wpdb->users WHERE user_login = '$user_login'"); 
     91    if ( empty($key) ) { 
     92        // Generate something random for a key... 
     93        $key = wp_generate_password(); 
     94        // Now insert the new md5 key into the db 
     95        $wpdb->query("UPDATE $wpdb->users SET user_activation_key = '$key' WHERE user_login = '$user_login'"); 
     96    } 
    9497    $message = __('Someone has asked to reset the password for the following site and username.') . "\r\n\r\n"; 
    9598    $message .= get_option('siteurl') . "\r\n\r\n";