From 163e5de1f0be44a6f430bc6b77a24c8ffec82d3c Mon Sep 17 00:00:00 2001
From: xisi <chaeldarrs@gmail.com>
Date: Sat, 18 Jan 2014 17:20:36 -0500
Subject: [PATCH] cleaned up & updated config options

---
 public/include/classes/csrftoken.class.php | 2 +-
 public/include/config/global.inc.dist.php  | 9 +++++----
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/public/include/classes/csrftoken.class.php b/public/include/classes/csrftoken.class.php
index 380b78cc..b0e59204 100644
--- a/public/include/classes/csrftoken.class.php
+++ b/public/include/classes/csrftoken.class.php
@@ -18,7 +18,7 @@ class CSRFToken Extends Base {
     $month = $data[0];    $day = $data[1];        $year = $data[2];
     $hour = $data[3];     $minute = $data[4];     $second = $data[5];
     $salt1 = $this->salt; $salt2 = $this->salty;  $seed = $salt1;
-    $lead = $this->config['csrf']['options']['leadtime'];
+    $lead = $this->config['csrf']['leadtime'];
     if ($lead >= 11) { $lead = 10; }
     if ($lead <= 0) { $lead = 3; }
     if ($minute == 59 && $second > (60-$lead)) {
diff --git a/public/include/config/global.inc.dist.php b/public/include/config/global.inc.dist.php
index c4dcd220..796c54af 100644
--- a/public/include/config/global.inc.dist.php
+++ b/public/include/config/global.inc.dist.php
@@ -136,20 +136,21 @@ $config['twofactor']['options']['changepw'] = true;
  * Options:
  *   enabled    =   Whether or not we will generate/check for valid CSRF tokens
  *   sitewide   =   Require a valid CSRF token for most* forms, does not override form specific settings
- *                  * contact, account edit, workers, notifications, invites, registration
- *   leadtime   =   Length of time in seconds to give as leeway between minute switches
+ *                   * contact, account edit, workers, notifications, invites, registration, passsword resets
  *   login      =   Use and check login-specific CSRF token
+ *   leadtime   =   Length of time in seconds to give as leeway between minute switches
+ *                   * Don't change this unless you know why you're changing it
  *
  * Default:
  *   enabled    =   true
  *   sitewide   =   true
- *   leadtime   =   3
  *   login      =   true
+ *   leadtime   =   3
  */
 $config['csrf']['enabled'] = true;
 $config['csrf']['options']['sitewide'] = true;
-$config['csrf']['options']['leadtime'] = 3;
 $config['csrf']['forms']['login'] = true;
+$config['csrf']['leadtime'] = 3;
 
 /**
  * Lock account after maximum failed logins