mirror of
https://github.com/pierre42100/ComunicAPI
synced 2024-11-27 15:59:29 +00:00
Password reset token can be now used only once.
This commit is contained in:
parent
d149eadfbe
commit
f011d06e5b
@ -204,6 +204,9 @@ class accountController {
|
|||||||
if(!components()->account->set_new_user_password($userID, $newPassword))
|
if(!components()->account->set_new_user_password($userID, $newPassword))
|
||||||
Rest_fatal_error(500, "Could not update user password!");
|
Rest_fatal_error(500, "Could not update user password!");
|
||||||
|
|
||||||
|
//Cancel password reset token of the password
|
||||||
|
components()->account->remove_password_reset_token($userID);
|
||||||
|
|
||||||
//Success
|
//Success
|
||||||
return array("success" => "Your password has been updated!");
|
return array("success" => "Your password has been updated!");
|
||||||
}
|
}
|
||||||
|
@ -310,6 +310,24 @@ class AccountComponent {
|
|||||||
return cs()->db->updateDB(self::USER_TABLE, "ID = ?", $modifs, array($userID));
|
return cs()->db->updateDB(self::USER_TABLE, "ID = ?", $modifs, array($userID));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Delete the password reset token for an account
|
||||||
|
*
|
||||||
|
* @param int $userID Target user ID
|
||||||
|
* @return bool TRUE for a success / FALSE else
|
||||||
|
*/
|
||||||
|
public function remove_password_reset_token(int $userID) : bool {
|
||||||
|
|
||||||
|
//Prepare database update
|
||||||
|
$modifs = array(
|
||||||
|
"password_reset_token" => "",
|
||||||
|
"password_reset_token_time_create" => 84 //Too low value to be valid
|
||||||
|
);
|
||||||
|
|
||||||
|
//Apply update
|
||||||
|
return cs()->db->updateDB(self::USER_TABLE, "ID = ?", $modifs, array($userID));
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Associate password reset token with user ID
|
* Associate password reset token with user ID
|
||||||
*
|
*
|
||||||
|
Loading…
Reference in New Issue
Block a user