From 9ccb5e15bc2383c30e160b0fd3a71b84e6b14acb Mon Sep 17 00:00:00 2001
From: xisi <chaeldarrs@gmail.com>
Date: Fri, 17 Jan 2014 01:45:08 -0500
Subject: [PATCH] refactored old token usage in account edit page

---
 public/include/classes/csrftoken.class.php |  7 ++---
 public/include/pages/account/edit.inc.php  | 30 +++++++---------------
 2 files changed, 13 insertions(+), 24 deletions(-)

diff --git a/public/include/classes/csrftoken.class.php b/public/include/classes/csrftoken.class.php
index 21e8b5f7..380b78cc 100644
--- a/public/include/classes/csrftoken.class.php
+++ b/public/include/classes/csrftoken.class.php
@@ -36,9 +36,10 @@ class CSRFToken Extends Base {
   }
   
   /**
-   * 
-   * @param unknown $dowhat
-   * @return string
+   * Gets the HTML image (?) with short csrf description for users for the incorrect
+   * token error message
+   * @param dowhat string What will be put in the string "Simply $dowhat again to..."
+   * @return string HTML image with description
    */
   public static function getDescriptionImageHTML($dowhat="try") {
     $string = "<img src='site_assets/mpos/images/questionmark.png' ";
diff --git a/public/include/pages/account/edit.inc.php b/public/include/pages/account/edit.inc.php
index 8df98502..caa148e0 100644
--- a/public/include/pages/account/edit.inc.php
+++ b/public/include/pages/account/edit.inc.php
@@ -9,19 +9,11 @@ $cp_editable = $wf_editable = $ea_editable = $wf_sent = $ea_sent = $cp_sent = 0;
 $ea_token = (!isset($_POST['ea_token'])) ? '' : $_POST['ea_token'];
 $cp_token = (!isset($_POST['cp_token'])) ? '' : $_POST['cp_token'];
 $wf_token = (!isset($_POST['wf_token'])) ? '' : $_POST['wf_token'];
-// set old token and type so we can use it later
-$old_token = "";
-$old_token_type = 0;
-if ($ea_token !== "") {
-  $old_token = $ea_token;
-  $old_token_type = 5;
-} else if ($wf_token !== "") {
-  $old_token = $wf_token;
-  $old_token_type = 7;
-} else if ($cp_token !== "") {
-  $old_token_type = 6;
-  $old_token = $cp_token;
-}
+
+// set old token so we can use it if an error happens
+$oldtoken_ea = ($ea_token !== '') ? $ea_token : '';
+$oldtoken_wf = ($wf_token !== '') ? $wf_token : '';
+$oldtoken_cp = ($cp_token !== '') ? $cp_token : '';
 
 if ($user->isAuthenticated()) {
   if ($config['twofactor']['enabled']) {
@@ -136,14 +128,10 @@ if ($user->isAuthenticated()) {
 }
 // 2fa - one last time so we can sync with changes we made during this page
 if ($user->isAuthenticated() && $config['twofactor']['enabled']) {
-  // set the token to be the old token so we still have it if it errors out
-  if ($old_token_type == 5) {
-    $ea_token = $old_token;
-  } else if ($old_token_type == 7) {
-    $wf_token = $old_token;
-  } else if ($old_token_type == 6) {
-    $cp_token = $old_token;
-  }
+  // set the token to be the old token, just in case an error occured
+  $ea_token = ($oldtoken_ea !== '') ? $oldtoken_ea : $ea_token;
+  $wf_token = ($oldtoken_wf !== '') ? $oldtoken_wf : $wf_token;
+  $cp_token = ($oldtoken_cp !== '') ? $oldtoken_cp : $cp_token;
   if ($config['twofactor']['options']['details']) {
     $ea_editable = $user->token->isTokenValid($_SESSION['USERDATA']['id'], $ea_token, 5);
     $ea_sent = $user->token->doesTokenExist('account_edit', $_SESSION['USERDATA']['id']);