From ab666b6b7fb901621b53979262c334c9b5918fa4 Mon Sep 17 00:00:00 2001 From: Christian Boltz Date: Mon, 9 Oct 2017 23:12:01 +0200 Subject: [PATCH] Fix microtime() usage By default, microtime() returns a string :-/ which unsurprisingly causes a warning when doing math on it. --- users/password-recover.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/users/password-recover.php b/users/password-recover.php index 10803802..54695f1c 100644 --- a/users/password-recover.php +++ b/users/password-recover.php @@ -56,7 +56,7 @@ function sendCodebySMS($to, $username, $code) { } if ($_SERVER['REQUEST_METHOD'] === "POST") { - $start_time = microtime(); + $start_time = microtime(true); $tUsername = escape_string (safepost('fUsername')); $handler = $context === 'admin' ? new AdminHandler : new MailboxHandler; $token = $handler->getPasswordRecoveryCode($tUsername); @@ -84,7 +84,7 @@ if ($_SERVER['REQUEST_METHOD'] === "POST") { } // throttle password reset requests to prevent brute force attack - $elapsed_time = microtime() - $start_time; + $elapsed_time = microtime(true) - $start_time; if ($elapsed_time < 2 * pow(10, 6)) { usleep(2 * pow(10, 6) - $elapsed_time); }