From a31a92b6927b24a5a98101fdc96763faeef6c895 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bruno=20Ryb=C3=A1rsky?= <bruno@brn.systems>
Date: Sat, 3 Feb 2024 18:18:51 +0100
Subject: [PATCH] Clear token on register

---
 lib/account.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/account.php b/lib/account.php
index 42cac0e..ea0d060 100644
--- a/lib/account.php
+++ b/lib/account.php
@@ -147,7 +147,7 @@ function doRegister($firstname, $lastname, $email, $password, $activation_token)
     if (!empty($activation_token) && !empty($email) && !empty($password) && !empty($firstname) && !empty($lastname) && isEmailAvailable($email)) {
         $passwordHash = password_hash($password, PASSWORD_DEFAULT);
 
-        $stmt = $mysqli->prepare("UPDATE Users SET FirstName=?, LastName=?, Email=?, PasswordHash=?, PrivilegeLevel=?, isActivated=1, ActivationToken=?, RegisteredAt=NOW() WHERE ActivationToken = ?");
+        $stmt = $mysqli->prepare("UPDATE Users SET FirstName=?, LastName=?, Email=?, PasswordHash=?, PrivilegeLevel=?, isActivated=1, ActivationToken='', RegisteredAt=NOW() WHERE ActivationToken = ?");
         $privilege_level = $routerConfig["logged_in_default_permission_level"];
 
         /** @noinspection SpellCheckingInspection */