From 897f6d34fe382eed85b14a5a5ac69f968049bb84 Mon Sep 17 00:00:00 2001 From: cash Date: Sat, 5 Dec 2009 17:46:34 +0000 Subject: adding more security to the user validation by email code - before people could fake the validation with knowledge of the code making it possible for bots to register and validate without an email address git-svn-id: http://code.elgg.org/elgg/trunk@3731 36083f99-b078-4883-b0ff-0f9b5a30f544 --- mod/uservalidationbyemail/start.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'mod/uservalidationbyemail') diff --git a/mod/uservalidationbyemail/start.php b/mod/uservalidationbyemail/start.php index 583415a5d..049287c89 100644 --- a/mod/uservalidationbyemail/start.php +++ b/mod/uservalidationbyemail/start.php @@ -43,7 +43,8 @@ { global $CONFIG; - return md5($user_guid . $email_address . $CONFIG->site->url); // Note I bind to site URL, this is important on multisite! + // Note I bind to site URL, this is important on multisite! + return md5($user_guid . $email_address . $CONFIG->site->url . get_site_secret()); } /** -- cgit v1.2.3