Bug 1460911: forgotpass page not checking the correct $SESSION instance

Change-Id: Icd870235f1d3eb43961ff92ded21c7e160e11f90 Signed-off-by: Robert Lyon <robertl@catalyst.net.nz>

Bug 1460911: forgotpass page not checking the correct $SESSION instance
Change-Id: Icd870235f1d3eb43961ff92ded21c7e160e11f90 Signed-off-by: Robert Lyon <robertl@catalyst.net.nz>
1e770dfb · Robert Lyon · cb1da444 · 1e770dfb
Commit 1e770dfb authored Jun 02, 2015 by Robert Lyon
--- a/htdocs/forgotpass.php
+++ b/htdocs/forgotpass.php
@@ -18,8 +18,8 @@ define('SECTION_PAGE', 'forgotpass');
 require('init.php');
 require_once('pieforms/pieform.php');

-if (!empty($SESSION->pwchangerequested)) {
-    unset($SESSION->pwchangerequested);
+if (!empty($SESSION->get('pwchangerequested'))) {
+    $SESSION->set('pwchangerequested', false);
    die_info(get_string('pwchangerequestsent'));
 }

@@ -27,16 +27,16 @@ if (isset($_GET['key'])) {
    $SESSION->set('forgotpasskey', $_GET['key']);
    redirect('/forgotpass.php');
 }
-if (isset($SESSION->forgotpasskey)) {
+if ($SESSION->get('forgotpasskey')) {
    define('TITLE', get_string('changepassword'));

    if (!$pwrequest = get_record('usr_password_request', 'key', $SESSION->forgotpasskey)) {
-        unset($SESSION->forgotpasskey);
+        $SESSION->set('forgotpasskey', false);
        die_info(get_string('nosuchpasswordrequest'));
    }

    if (strtotime($pwrequest->expiry) < time()) {
-        unset($SESSION->forgotpasskey);
+        $SESSION->set('forgotpasskey', false);
        die_info(get_string('passwordresetexpired'));
    }