diff options
Diffstat (limited to 'mod')
| -rw-r--r-- | mod/removeme.php | 8 | ||||
| -rw-r--r-- | mod/settings.php | 3 |
2 files changed, 10 insertions, 1 deletions
diff --git a/mod/removeme.php b/mod/removeme.php index f0b4ae3c0..095570480 100644 --- a/mod/removeme.php +++ b/mod/removeme.php @@ -23,6 +23,14 @@ function removeme_post(&$a) { if(! account_verify_password($account['account_email'],$_POST['qxz_password'])) return; + if($account['account_password_changed'] != '0000-00-00 00:00:00') { + $d1 = datetime_convert('UTC','UTC','now - 48 hours'); + if($account['account_password_changed'] > d1) { + notice( t('Channel removals are not allowed within 48 hours of changing the account password.') . EOL); + return; + } + } + require_once('include/Contact.php'); $global_remove = intval($_POST['global']); diff --git a/mod/settings.php b/mod/settings.php index e036755fc..6c11fbc9b 100644 --- a/mod/settings.php +++ b/mod/settings.php @@ -202,10 +202,11 @@ function settings_post(&$a) { if(! $errs) { $salt = random_string(32); $password_encoded = hash('whirlpool', $salt . $newpass); - $r = q("update account set account_salt = '%s', account_password = '%s' + $r = q("update account set account_salt = '%s', account_password = '%s', account_password_changed = '%s' where account_id = %d limit 1", dbesc($salt), dbesc($password_encoded), + dbesc(datetime_convert()), intval(get_account_id()) ); if($r) |