aboutsummaryrefslogtreecommitdiff
path: root/mod/uservalidationbyemail
diff options
context:
space:
mode:
authorcash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>2009-12-05 17:46:34 +0000
committercash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>2009-12-05 17:46:34 +0000
commit897f6d34fe382eed85b14a5a5ac69f968049bb84 (patch)
treef35a17013c64953eaa2e8d85f210e09219731def /mod/uservalidationbyemail
parent64c20a7d0a147cc48cdccfe6adb66fba19f79f6b (diff)
downloadelgg-897f6d34fe382eed85b14a5a5ac69f968049bb84.tar.gz
elgg-897f6d34fe382eed85b14a5a5ac69f968049bb84.tar.bz2
adding more security to the user validation by email code - before people could fake the validation with knowledge of the code making it possible for bots to register and validate without an email address
git-svn-id: http://code.elgg.org/elgg/trunk@3731 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'mod/uservalidationbyemail')
-rw-r--r--mod/uservalidationbyemail/start.php3
1 files changed, 2 insertions, 1 deletions
diff --git a/mod/uservalidationbyemail/start.php b/mod/uservalidationbyemail/start.php
index 583415a5d..049287c89 100644
--- a/mod/uservalidationbyemail/start.php
+++ b/mod/uservalidationbyemail/start.php
@@ -43,7 +43,8 @@
{
global $CONFIG;
- return md5($user_guid . $email_address . $CONFIG->site->url); // Note I bind to site URL, this is important on multisite!
+ // Note I bind to site URL, this is important on multisite!
+ return md5($user_guid . $email_address . $CONFIG->site->url . get_site_secret());
}
/**