From 9711e6b0879596688701c29ac2ad3329cbb016e8 Mon Sep 17 00:00:00 2001
From: Pierre <pierre@hubert.fr>
Date: Sat, 26 May 2018 14:52:05 +0200
Subject: [PATCH] Can check the validity of a password reset token

---
 RestControllers/accountController.php   | 21 ++++++++++++++++++++
 classes/components/AccountComponent.php | 26 +++++++++++++++++++++++++
 2 files changed, 47 insertions(+)

diff --git a/RestControllers/accountController.php b/RestControllers/accountController.php
index dde7557..db7eaa9 100644
--- a/RestControllers/accountController.php
+++ b/RestControllers/accountController.php
@@ -175,6 +175,27 @@ class accountController {
 		);
 	}
 
+	/**
+	 * Check the validity of a reset account token
+	 * 
+	 * @url POST /account/check_password_reset_token
+	 */
+	public function checkResetAccountToken(){
+
+		//Get the token
+		$token = postString("token", 10);
+		
+		//Validate the tokens
+		$userID = components()->account->getUserIDfromResetToken($token);
+
+		//Check if the user ID is valid
+		if($userID < 1)
+			Rest_fatal_error(401, "Invalid token!");
+		
+		//The token is valid
+		return array("success" => "The token is valid.");
+	}
+
 	/**
 	 * Create an account
 	 * 
diff --git a/classes/components/AccountComponent.php b/classes/components/AccountComponent.php
index beb46a3..47c0e94 100644
--- a/classes/components/AccountComponent.php
+++ b/classes/components/AccountComponent.php
@@ -310,6 +310,32 @@ class AccountComponent {
 		return cs()->db->updateDB(self::USER_TABLE, "ID = ?", $modifs, array($userID));
 	}
 
+	/**
+	 * Associate password reset token with user ID
+	 * 
+	 * @param string $token The token to associate
+	 * @return int The ID of the user / -1 in case of failure
+	 */
+	public function getUserIDfromResetToken(string $token) : int {
+
+		//Prepare database query
+		$conditions = "WHERE password_reset_token = ? AND password_reset_token_time_create > ?";
+		$values = array(
+			$token,
+			time()-60*60*24 //Maximum validity : 24 hours
+		);
+
+		//Query the database
+		$results = cs()->db->select(self::USER_TABLE, $conditions, $values);
+
+		//Check if there is not any result
+		if(count($results) == 0)
+			return -1;
+		
+		//Return first result user ID
+		return $results[0]["ID"];
+	}
+
 	/**
 	 * Crypt user password
 	 *