From 237ce5f419f14c293fb78faeeffcf868e171b4e7 Mon Sep 17 00:00:00 2001
From: Kyle Drake <kyledrake@gmail.com>
Date: Mon, 22 Jul 2013 16:01:39 +0200
Subject: [PATCH] patch hole with password reset (why are people such dicks)

---
 app.rb | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/app.rb b/app.rb
index f0eafcdc..9c1d1d25 100644
--- a/app.rb
+++ b/app.rb
@@ -475,11 +475,23 @@ the NeoCities Cat
 end
 
 get '/password_reset_confirm' do
-  sites = Site.filter(password_reset_token: params[:token]).all
+  if params[:token].nil? || params[:token].empty?
+    flash[:error] = 'Could not find a site with this token.'
+    redirect '/'
+  end
+ 
+  reset_site = Site[password_reset_token: params[:token]]
+
+  if reset_site.nil?
+    flash[:error] = 'Could not find a site with this token.'
+    redirect '/'
+  end
+
+  sites = Site.filter(email: reset_site.email).all
 
   if sites.length > 0
     sites.each do |site|
-      site.password = params[:token]
+      site.password = reset_site.password_reset_token
       site.save
     end