mirror of
https://github.com/pierre42100/ComunicAPI
synced 2024-11-27 15:59:29 +00:00
Can check the validity of a password reset token
This commit is contained in:
parent
d3570af12f
commit
9711e6b087
@ -175,6 +175,27 @@ class accountController {
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Check the validity of a reset account token
|
||||
*
|
||||
* @url POST /account/check_password_reset_token
|
||||
*/
|
||||
public function checkResetAccountToken(){
|
||||
|
||||
//Get the token
|
||||
$token = postString("token", 10);
|
||||
|
||||
//Validate the tokens
|
||||
$userID = components()->account->getUserIDfromResetToken($token);
|
||||
|
||||
//Check if the user ID is valid
|
||||
if($userID < 1)
|
||||
Rest_fatal_error(401, "Invalid token!");
|
||||
|
||||
//The token is valid
|
||||
return array("success" => "The token is valid.");
|
||||
}
|
||||
|
||||
/**
|
||||
* Create an account
|
||||
*
|
||||
|
@ -310,6 +310,32 @@ class AccountComponent {
|
||||
return cs()->db->updateDB(self::USER_TABLE, "ID = ?", $modifs, array($userID));
|
||||
}
|
||||
|
||||
/**
|
||||
* Associate password reset token with user ID
|
||||
*
|
||||
* @param string $token The token to associate
|
||||
* @return int The ID of the user / -1 in case of failure
|
||||
*/
|
||||
public function getUserIDfromResetToken(string $token) : int {
|
||||
|
||||
//Prepare database query
|
||||
$conditions = "WHERE password_reset_token = ? AND password_reset_token_time_create > ?";
|
||||
$values = array(
|
||||
$token,
|
||||
time()-60*60*24 //Maximum validity : 24 hours
|
||||
);
|
||||
|
||||
//Query the database
|
||||
$results = cs()->db->select(self::USER_TABLE, $conditions, $values);
|
||||
|
||||
//Check if there is not any result
|
||||
if(count($results) == 0)
|
||||
return -1;
|
||||
|
||||
//Return first result user ID
|
||||
return $results[0]["ID"];
|
||||
}
|
||||
|
||||
/**
|
||||
* Crypt user password
|
||||
*
|
||||
|
Loading…
Reference in New Issue
Block a user