use wcf\system\request\LinkHandler;
use wcf\system\WCF;
use wcf\util\HeaderUtil;
+use wcf\util\PasswordUtil;
use wcf\util\StringUtil;
/**
}
if (isset($_REQUEST['token'])) $this->token = StringUtil::trim($_REQUEST['token']);
- if (empty($this->token) || $this->token != $this->user->notificationMailToken) {
+ if (empty($this->token) || !PasswordUtil::secureCompare($this->user->notificationMailToken, $this->token)) {
throw new IllegalLinkException();
}
}
throw new UserInputException('lostPasswordKey', 'notValid');
}
- if ($this->user->lostPasswordKey != $this->lostPasswordKey) {
+ if (!PasswordUtil::secureCompare($this->user->lostPasswordKey, $this->lostPasswordKey)) {
throw new UserInputException('lostPasswordKey', 'notValid');
}
}