From fc33ac036837dd641ef4907e8e13c1c3faba8fe3 Mon Sep 17 00:00:00 2001
From: ryan <ryan@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Sun, 13 Mar 2005 17:15:56 +0000
Subject: [PATCH] Check for empty password reset key.
 http://mosquito.wordpress.org/view.php?id=1080 Props: idanso

git-svn-id: http://svn.automattic.com/wordpress/trunk@2438 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-login.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/wp-login.php b/wp-login.php
index a912bb547..5ba6a368a 100644
--- a/wp-login.php
+++ b/wp-login.php
@@ -125,11 +125,16 @@ case 'resetpass' :
 
 	// Generate something random for a password... md5'ing current time with a rand salt
 	$key = $_GET['key'];
+	if ( empty($key) )
+		die( __('Sorry, that key does not appear to be valid.') );
 	$user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE user_activation_key = '$key'");
 	if ( !$user )
 		die( __('Sorry, that key does not appear to be valid.') );
 
 	do_action('password_reset');
+echo "doing password reset for : {$user->user_login}<br/>";
+exit;
+
 
 	$new_pass = substr( md5( uniqid( microtime() ) ), 0, 7);
  	$wpdb->query("UPDATE $wpdb->users SET user_pass = MD5('$new_pass'), user_activation_key = '' WHERE user_login = '$user->user_login'");