From 36f3a16cc3226b94a033a6f28e8bf64e65a5e5fa Mon Sep 17 00:00:00 2001
From: xisi <chaeldarrs@gmail.com>
Date: Sat, 18 Jan 2014 17:05:13 -0500
Subject: [PATCH] gave password reset its own csrf token

---
 public/include/pages/password.inc.php       | 3 +--
 public/include/pages/password/reset.inc.php | 5 ++---
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/public/include/pages/password.inc.php b/public/include/pages/password.inc.php
index a33a06e5..c25254d8 100644
--- a/public/include/pages/password.inc.php
+++ b/public/include/pages/password.inc.php
@@ -6,8 +6,7 @@ if (!defined('SECURITY'))
 
 // csrf token
 if ($config['csrf']['enabled'] && $config['csrf']['options']['sitewide']) {
-  // we have to use editaccount token because this can be called from 2 places
-  $token = $csrftoken->getBasic($user->getCurrentIP(), 'editaccount', 'mdyH');
+  $token = $csrftoken->getBasic($user->getCurrentIP(), 'resetaccount');
   $smarty->assign('CTOKEN', $token);
 }
 // Tempalte specifics
diff --git a/public/include/pages/password/reset.inc.php b/public/include/pages/password/reset.inc.php
index 3c05b07e..9102378b 100644
--- a/public/include/pages/password/reset.inc.php
+++ b/public/include/pages/password/reset.inc.php
@@ -6,8 +6,7 @@ if (!defined('SECURITY')) die('Hacking attempt');
 // csrf stuff
 $csrfenabled = ($config['csrf']['enabled'] && $config['csrf']['options']['sitewide']) ? 1 : 0;
 if ($csrfenabled) {
-  // we have to use editaccount token because this can be called from 2 separate places
-  $nocsrf = ($csrftoken->getBasic($user->getCurrentIP(), 'editaccount', 'mdyH') == @$_POST['ctoken']) ? 1 : 0;
+  $nocsrf = ($csrftoken->getBasic($user->getCurrentIP(), 'resetaccount') == @$_POST['ctoken']) ? 1 : 0;
 }
 
 // Process password reset request
@@ -24,7 +23,7 @@ if (!$csrfenabled || $csrfenabled && $nocsrf) {
 
 // csrf token
 if ($config['csrf']['enabled'] && $config['csrf']['options']['sitewide']) {
-  $token = $csrftoken->getBasic($user->getCurrentIP(), 'editaccount', 'mdyH');
+  $token = $csrftoken->getBasic($user->getCurrentIP(), 'resetaccount');
   $smarty->assign('CTOKEN', $token);
 }
 // Tempalte specifics, user default template by parent page