Can check the validity of a password reset token

2025-11-04 04:04:20 +00:00 · 2018-05-26 14:52:05 +02:00
parent d3570af12f
commit 9711e6b087
2 changed files with 47 additions and 0 deletions
--- a/classes/components/AccountComponent.php
+++ b/classes/components/AccountComponent.php
@@ -310,6 +310,32 @@ class AccountComponent {
 		return cs()->db->updateDB(self::USER_TABLE, "ID = ?", $modifs, array($userID));
 	}

+	/**
+	 * Associate password reset token with user ID
+	 * 
+	 * @param string $token The token to associate
+	 * @return int The ID of the user / -1 in case of failure
+	 */
+	public function getUserIDfromResetToken(string $token) : int {
+
+		//Prepare database query
+		$conditions = "WHERE password_reset_token = ? AND password_reset_token_time_create > ?";
+		$values = array(
+			$token,
+			time()-60*60*24 //Maximum validity : 24 hours
+		);
+
+		//Query the database
+		$results = cs()->db->select(self::USER_TABLE, $conditions, $values);
+
+		//Check if there is not any result
+		if(count($results) == 0)
+			return -1;
+		
+		//Return first result user ID
+		return $results[0]["ID"];
+	}
+
 	/**
 	 * Crypt user password
 	 *