From 0d84c77c6c09f1e73e1ce1c5516ccf881b1dcdde Mon Sep 17 00:00:00 2001
From: redmatrix <redmatrix@redmatrix.me>
Date: Fri, 14 Aug 2015 22:19:15 -0700
Subject: set email verified if lost password workflow is completed to avoid
 the situation where they can reset the password but still not be able to
 login because the original email verification was lost.

---
 mod/lostpass.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'mod')

diff --git a/mod/lostpass.php b/mod/lostpass.php
index 3269128f1..3dbc2fe7d 100644
--- a/mod/lostpass.php
+++ b/mod/lostpass.php
@@ -72,10 +72,11 @@ function lostpass_content(&$a) {
 
 		$salt = random_string(32);
 		$password_encoded = hash('whirlpool', $salt . $new_password);
-
-		$r = q("UPDATE account SET account_salt = '%s', account_password = '%s', account_reset = '' where account_id = %d",
+		
+		$r = q("UPDATE account SET account_salt = '%s', account_password = '%s', account_reset = '', account_flags = (account_flags & ~%d) where account_id = %d",
 			dbesc($salt),
 			dbesc($password_encoded),
+			intval(ACCOUNT_UNVERIFIED),
 			intval($aid)
 		);
 
-- 
cgit v1.2.3