Password reset token can be now used only once.

This commit is contained in:
Pierre 2018-05-27 11:11:23 +02:00
parent d149eadfbe
commit f011d06e5b
2 changed files with 21 additions and 0 deletions

View File

@ -204,6 +204,9 @@ class accountController {
if(!components()->account->set_new_user_password($userID, $newPassword))
Rest_fatal_error(500, "Could not update user password!");
//Cancel password reset token of the password
components()->account->remove_password_reset_token($userID);
//Success
return array("success" => "Your password has been updated!");
}

View File

@ -310,6 +310,24 @@ class AccountComponent {
return cs()->db->updateDB(self::USER_TABLE, "ID = ?", $modifs, array($userID));
}
/**
* Delete the password reset token for an account
*
* @param int $userID Target user ID
* @return bool TRUE for a success / FALSE else
*/
public function remove_password_reset_token(int $userID) : bool {
//Prepare database update
$modifs = array(
"password_reset_token" => "",
"password_reset_token_time_create" => 84 //Too low value to be valid
);
//Apply update
return cs()->db->updateDB(self::USER_TABLE, "ID = ?", $modifs, array($userID));
}
/**
* Associate password reset token with user ID
*