requests\user.php contains code for password recovery:
case 'recover':
(…)
$code = md5($time);
$mysqli->query("INSERT INTO emails (type,uid,code) VALUES (1,'".$user->id."', '".$code."')"); $link = $sm['config']['site_url']."/index.php?page=recover&code=".$code."&id=".$user->id; $name = $user->name;
$email = $user->email;
forgotMailNotification($name,$email,$link);
md5($time) function is used to generate a secret recovery code. Since it is super easy to predict time value on the server (for example, by Nginx Date header from the response) – it is possible to use bruteforce approach to guess the code.
requests\user.php contains code for password recovery:
case 'recover':(…)$code = md5($time);$mysqli->query("INSERT INTO emails (type,uid,code) VALUES (1,'".$user->id."', '".$code."')"); $link =$sm['config']['site_url']."/index.php?page=recover&code=".$code."&id=".$user->id; $name = $user->name;$email = $user->email;forgotMailNotification($name,$email,$link);md5($time) function is used to generate a secret recovery code. Since it is super easy to predict time value on the server (for example, by Nginx Date header from the response) – it is possible to use bruteforce approach to guess the code.