projects / Pman.Core / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6385a55)
DataObjects/Core_person.php
authorAlan Knowles <alan@roojs.com>
Thu, 17 Dec 2020 06:03:40 +0000 (14:03 +0800)
committerAlan Knowles <alan@roojs.com>
Thu, 17 Dec 2020 06:03:40 +0000 (14:03 +0800)
DataObjects/Core_person.php patch | blob | history

diff --git a/DataObjects/Core_person.php b/DataObjects/Core_person.php
index df6dc94..00b4179 100644 (file)
--- a/DataObjects/Core_person.php
+++ b/DataObjects/Core_person.php
@@ -549,7 +549,7 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
     function genAutoLoginURL($url, $expires = false) {
     {
         $expires = $expires  === false ? strtotime("NOW + 1 WEEK") : $expires;
-        return $url.'/'.$expires.'/'.hash('sha254', serialize(array($url, $time, $this->passwd)));
+        return $url.'/'.$this->id .'/'.$expires.'/'.hash('sha254', serialize(array($url, $time, $this->passwd)));
         
     }
     function validateAutoLogin($called)
@@ -557,11 +557,15 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
         $bits = explode($called);
         $hash = array_pop($bits);
         $time = array_pop($bits);
+        $id = array_pop($bits);
+        $u = DB_DataObject::Factory($this->tableName());
+        $u->get($id);
         $url = implode("/", $bits);
         if ($time < date()) {
             return false;
         }
-        if ($hash == hash('sha254', serialize(array($url, $time, $this->passwd)))) {
+        if ($hash == hash('sha254', serialize(array($url, $time, $u->email, $u->passwd)))) {
+            $u->login();
             return true;
         }
         return false;
Pman Core