From 897f6d34fe382eed85b14a5a5ac69f968049bb84 Mon Sep 17 00:00:00 2001
From: cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Sat, 5 Dec 2009 17:46:34 +0000
Subject: adding more security to the user validation by email code - before
 people could fake the validation with knowledge of the code making it
 possible for bots to register and validate without an email address

git-svn-id: http://code.elgg.org/elgg/trunk@3731 36083f99-b078-4883-b0ff-0f9b5a30f544
---
 mod/uservalidationbyemail/start.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'mod')

diff --git a/mod/uservalidationbyemail/start.php b/mod/uservalidationbyemail/start.php
index 583415a5d..049287c89 100644
--- a/mod/uservalidationbyemail/start.php
+++ b/mod/uservalidationbyemail/start.php
@@ -43,7 +43,8 @@
 	{
 		global $CONFIG;
 		
-		return md5($user_guid . $email_address . $CONFIG->site->url); // Note I bind to site URL, this is important on multisite!
+		// Note I bind to site URL, this is important on multisite!
+		return md5($user_guid . $email_address . $CONFIG->site->url . get_site_secret()); 
 	}
 	
 	/**
-- 
cgit v1.2.3