Comunic/ComunicAPI
1
0
Fork 0
mirror of https://github.com/pierre42100/ComunicAPI synced 2024-11-23 22:09:29 +00:00
Code Issues Projects Releases Wiki Activity

Password reset token can be now used only once.

Browse Source
This commit is contained in:
Pierre 2018-05-27 11:11:23 +02:00
parent d149eadfbe
commit f011d06e5b
2 changed files with 21 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
RestControllers/accountController.php
View File

@ -204,6 +204,9 @@ class accountController {
if(!components()->account->set_new_user_password($userID, $newPassword)) if(!components()->account->set_new_user_password($userID, $newPassword))
Rest_fatal_error(500, "Could not update user password!"); Rest_fatal_error(500, "Could not update user password!");
//Cancel password reset token of the password
components()->account->remove_password_reset_token($userID);
//Success //Success
return array("success" => "Your password has been updated!"); return array("success" => "Your password has been updated!");
} }

18
classes/components/AccountComponent.php
View File

@ -310,6 +310,24 @@ class AccountComponent {
return cs()->db->updateDB(self::USER_TABLE, "ID = ?", $modifs, array($userID)); return cs()->db->updateDB(self::USER_TABLE, "ID = ?", $modifs, array($userID));
} }
/**
* Delete the password reset token for an account
*
* @param int $userID Target user ID
* @return bool TRUE for a success / FALSE else
*/
public function remove_password_reset_token(int $userID) : bool {
//Prepare database update
$modifs = array(
"password_reset_token" => "",
"password_reset_token_time_create" => 84 //Too low value to be valid
);
//Apply update
return cs()->db->updateDB(self::USER_TABLE, "ID = ?", $modifs, array($userID));
}
/** /**
* Associate password reset token with user ID * Associate password reset token with user ID
* *