adding more security to the user validation by email code - before people could fake...

author cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>

Sat, 5 Dec 2009 17:46:34 +0000 (17:46 +0000)

committer cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>

Sat, 5 Dec 2009 17:46:34 +0000 (17:46 +0000)
author cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>
Sat, 5 Dec 2009 17:46:34 +0000 (17:46 +0000)
committer cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>
Sat, 5 Dec 2009 17:46:34 +0000 (17:46 +0000)
diff --git a/mod/uservalidationbyemail/start.php b/mod/uservalidationbyemail/start.php

index 583415a5dd8c9302dca9e8f0268b0f94b237dfe1..049287c89c415e305b8f1b17da2c64a8a4e7d1c8 100644 (file)
--- a/mod/uservalidationbyemail/start.php
+++ b/mod/uservalidationbyemail/start.php
@@ -43,7 +43,8 @@
         {
                 global $CONFIG;
                 
-               return md5($user_guid . $email_address . $CONFIG->site->url); // Note I bind to site URL, this is important on multisite!
+               // Note I bind to site URL, this is important on multisite!
+               return md5($user_guid . $email_address . $CONFIG->site->url . get_site_secret()); 
         }
         
         /**
author	cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>
	Sat, 5 Dec 2009 17:46:34 +0000 (17:46 +0000)
committer	cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>
	Sat, 5 Dec 2009 17:46:34 +0000 (17:46 +0000)