Can check the validity of a password reset token

This commit is contained in:
Pierre 2018-05-26 14:52:05 +02:00
parent d3570af12f
commit 9711e6b087
2 changed files with 47 additions and 0 deletions

View File

@ -175,6 +175,27 @@ class accountController {
); );
} }
/**
* Check the validity of a reset account token
*
* @url POST /account/check_password_reset_token
*/
public function checkResetAccountToken(){
//Get the token
$token = postString("token", 10);
//Validate the tokens
$userID = components()->account->getUserIDfromResetToken($token);
//Check if the user ID is valid
if($userID < 1)
Rest_fatal_error(401, "Invalid token!");
//The token is valid
return array("success" => "The token is valid.");
}
/** /**
* Create an account * Create an account
* *

View File

@ -310,6 +310,32 @@ class AccountComponent {
return cs()->db->updateDB(self::USER_TABLE, "ID = ?", $modifs, array($userID)); return cs()->db->updateDB(self::USER_TABLE, "ID = ?", $modifs, array($userID));
} }
/**
* Associate password reset token with user ID
*
* @param string $token The token to associate
* @return int The ID of the user / -1 in case of failure
*/
public function getUserIDfromResetToken(string $token) : int {
//Prepare database query
$conditions = "WHERE password_reset_token = ? AND password_reset_token_time_create > ?";
$values = array(
$token,
time()-60*60*24 //Maximum validity : 24 hours
);
//Query the database
$results = cs()->db->select(self::USER_TABLE, $conditions, $values);
//Check if there is not any result
if(count($results) == 0)
return -1;
//Return first result user ID
return $results[0]["ID"];
}
/** /**
* Crypt user password * Crypt user password
* *