summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormam <m.maengel@project-biz.de>2014-02-18 23:26:46 +0100
committermam <m.maengel@project-biz.de>2014-02-18 23:26:46 +0100
commit351c76a5a61a9d0ac9564580cfb66b5090505443 (patch)
tree01f47dba738e2db73a3d131bdd2753727052af43
parent2636d78df8972e2fae91c0785c0a87262adc62bb (diff)
downloadcacert-devel-351c76a5a61a9d0ac9564580cfb66b5090505443.tar.gz
cacert-devel-351c76a5a61a9d0ac9564580cfb66b5090505443.tar.xz
cacert-devel-351c76a5a61a9d0ac9564580cfb66b5090505443.zip
bug 1138: added ticket validation for password reset
-rw-r--r--pages/account/44.php5
1 files changed, 4 insertions, 1 deletions
diff --git a/pages/account/44.php b/pages/account/44.php
index 9e4e194..51e853a 100644
--- a/pages/account/44.php
+++ b/pages/account/44.php
@@ -18,7 +18,10 @@
<? if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "") { ?><div color="orange">ERROR: <?=$_SESSION['_config']['error']?></div><? unset($_SESSION['_config']['error']); }
$ticketno = ""; if(array_key_exists('ticketno', $_SESSION)) $ticketno = $_SESSION['ticketno'];
-
+if (!valid_ticket_number($ticketno)) {
+ echo printf(_("I'm sorry, you did not enter a ticket number!%sYou cannot reset the password.%s"), '<br/>', '<br/><a href="account.php?id=43&amp;userid=' . intval($_REQUEST['userid']) .'">'. _('Back to previous page.').'</a>');
+ exit;
+ }
?>
<form method="post" action="account.php">