Chiefsoft/CoreGrade
1
0
Fork 0
Code Issues Pull Requests Releases Activity

fix

Browse Source
This commit is contained in:
Olusesan Ameye
2020-04-12 16:33:08 -04:00
parent 24ea6b9ae7
commit 90309496e9
7 changed files with 145 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files
coregrade/email/start_losspass.mailfile
+7 -7
View File
@@ -1,5 +1,5 @@
To: {{email}}
Subject: PayQuic - Password Reset for {{email}}
Subject: CoreGrade - Password Reset for {{email}}
<html>
<head>
</head>
@@ -9,7 +9,7 @@ Subject: PayQuic - Password Reset for {{email}}
<table cellpadding="2" cellspacing="2" border="0" style="height:30px; width:400px; font-size:12px;color:#333333;width:100%;border-width: 0px;border-color: #9dcc7a;border-collapse: collapse;">
<tr><td><span align=center><img src="http://www.payquic.com/images/logo.png" alt="PayQuic"></span></td></tr>
<tr><td><span align=center><img src="{{server_name}}/images/logo.png" alt="CoreGrade"></span></td></tr>
<tr>
<td style="font-size:12px; text-alig:left;">
Dear {{firstname}}
@@ -24,7 +24,7 @@ We have initiated your password reset process as requested as by you on {{lost_a
<td style="font-size:12px; text-alig:left;height:10px;">
<span align="center">
<table cellpadding="2" cellspacing="2" border="0" style="height:10px; width:300px; font-size:12px;color:#333333;width:100%;border-width: 0px;border-color: #9dcc7a;border-collapse: collapse;">
<tr><td style="width:130px;text-align:left;">Click the link</td><td>https://{{site}}/creset.html?rlink={{reset_link}}</td></tr>
<tr><td style="width:130px;text-align:left;">Click the link</td><td>https://{{server_name}}/auth/passreset?rlink={{reset_key}}</td></tr>
<tr><td style="width:130px;text-align:left;">Link will expire</td><td>{{expire}}</td></tr>
</table>
</span>
@@ -32,11 +32,11 @@ We have initiated your password reset process as requested as by you on {{lost_a
</tr>
<tr>
<td style="font-size:12px; text-alig:left;">
If it was not at your request, then please contact PayQuic support immediately.
If it was not at your request, then please contact CoreGrade support immediately.
For further support go to our website at www.PayQuic.com or call 08188697770 between the hours of 10:00 AM and 5:00 PM.
Thank you for choosing PayQuic.
PayQuic Team.
For further support go to our website at https://{{server_name}} or call 08188697770 between the hours of 10:00 AM and 5:00 PM.
Thank you for choosing CoreGrade.
CoreGrade Team.
</td>
</tr>
coregrade/email/welcome.mailfile
+1 -1
View File
@@ -1,5 +1,5 @@
To: {{email}}
Subject: Welcome to PayQuic
Subject: Welcome to CoreGrade
<html>
<head>
</head>
coregrade/src/shared_tool/account.cc
+8 -9
View File
@@ -195,7 +195,7 @@ long startPassReset(CVars in, CVars &out) {
ret = load_db_record(out, "SELECT id AS member_id,now() AS reset_seed FROM members WHERE status=1 AND LOWER(username)=LOWER('%s') ", in["username"].c_str());
if (ret && out["member_id"].Long() > 0) {
// remove all existing session
pgsql_exec("UPDATE resetpassword SET status=7 WHERE status NOT IN (3,5) AND member_id=%ld ", out["member_id"].Long());
pgsql_exec("UPDATE password_reset SET status=7 WHERE status NOT IN (3,5) AND member_id=%ld ", out["member_id"].Long());
// Create New Session Now
if (load_db_record(y, "SELECT floor( random()*100000) AS reset_pin ,md5('%s') AS reset_key", out["reset_seed"].c_str()) >= 0) {
@@ -211,7 +211,7 @@ long startPassReset(CVars in, CVars &out) {
x["reset_pin"].set_valid(true);
x["member_id"].set_valid(true);
out["reset_id"] = insert_db_record(DBS_VALID, "resetpassword", "resetpassword_id_seq", x);
out["reset_id"] = insert_db_record(DBS_VALID, "password_reset", "password_reset_id_seq", x);
if (out["reset_id"].Long() > 0) {
ret = PHP_API_OK;
out["reset_key"] = "YOU WILL GET THIS IF PIN IS CORRECT IN CONFIRM"; //x["reset_key"];
@@ -227,7 +227,7 @@ long startPassReset(CVars in, CVars &out) {
x["username"].set_valid(true);
x["loc"].set_valid(true);
x["status"].set_valid(true);
out["reset_id"] = insert_db_record(DBS_VALID, "resetpassword", "resetpassword_id_seq", x);
out["reset_id"] = insert_db_record(DBS_VALID, "password_reset", "password_reset_id_seq", x);
out["status_message"] = "Invalid Username or disabled account";
out["status_advice"] = "Check username or Contact support";
@@ -246,13 +246,12 @@ long confirmPassReset(CVars in, CVars &out) {
long ret = PHP_API_BAD_PARAM;
CVars x, y;
try {
REQ_STRING(in, "username", 2, 49, "(.*)");
REQ_LONG(in, "reset_pin", 0, -1);
REQ_STRING(in, "reset_key", 12, 49, "(.*)");
const char *loc = getenv("REMOTE_ADDR");
ret = load_db_record(out, "SELECT *, id AS reset_id FROM resetpassword WHERE status = 0 AND LOWER(username)=LOWER('%s') AND reset_pin='%lu' AND loc='%s'", in["username"].c_str(), in["reset_pin"].Long(), loc);
ret = load_db_record(out, "SELECT *, id AS reset_id FROM password_reset WHERE status = 0 AND reset_key='%s' ", in["reset_key"].c_str());
if (ret && out["id"].Long() > 0) {
pgsql_query("UPDATE resetpassword SET status = 1 WHERE id =%lu", out["reset_id"].Long());
pgsql_query("UPDATE password_reset SET status = 1 WHERE id =%lu", out["reset_id"].Long());
ret = PHP_API_OK;
} else {
out["status_message"] = "Invalid PIN or disabled account";
@@ -278,13 +277,13 @@ long completePassReset(CVars in, CVars &out) {
const char *loc = getenv("REMOTE_ADDR");
ret = load_db_record(out, "SELECT *,id AS reset_id FROM resetpassword WHERE status=1 AND LOWER(username)=LOWER('%s') AND reset_pin='%lu' AND loc='%s' AND reset_key='%s'", in["username"].c_str(), in["reset_pin"].Long(), loc, in["reset_key"].c_str());
ret = load_db_record(out, "SELECT *,id AS reset_id FROM password_reset WHERE status=1 AND LOWER(username)=LOWER('%s') AND reset_pin='%lu' AND loc='%s' AND reset_key='%s'", in["username"].c_str(), in["reset_pin"].Long(), loc, in["reset_key"].c_str());
if (ret && out["reset_id"].Long() > 0) {
char mcf[128];
int result = 0; //libscrypt_hash(mcf, in["password"].c_str(), SCRYPT_N, SCRYPT_r, SCRYPT_p);
if (result > 0) {
if (pgsql_query("UPDATE members SET password='%s' WHERE id =%lu", mcf, out["member_id"].Long()) >= 0) {
pgsql_query("UPDATE resetpassword SET status = 5,reset_key=NULL WHERE id =%lu", out["reset_id"].Long());
pgsql_query("UPDATE password_reset SET status = 5,reset_key=NULL WHERE id =%lu", out["reset_id"].Long());
ret = PHP_API_OK;
}
coregrade/src/shared_tool/email.cc
+6 -3
View File
@@ -108,9 +108,11 @@ long member_email_calls(long action, CVars in, CVars &out) {
out["facebook"] = CfgReadChar("system.facebook");
out["twitter"] = CfgReadChar("system.twitter");
char * server_name = getenv( "SERVER_NAME" );
//https://www.float.sg/
form.LetStr("site_name", "Float");
form.LetStr("site_name", "CoreGrade");
form.LetStr("contactus", out["contactus"].c_str());
form.LetStr("facebook", out["facebook"].c_str());
form.LetStr("twitter", out["twitter"].c_str());
@@ -169,14 +171,15 @@ long member_email_calls(long action, CVars in, CVars &out) {
*/
case COREGRADE_START_RESET_PASSWORD:
mode = REQ_LONG(in, "mode", 0, -1);
if (load_db_record(x, "SELECT m.firstname,p.*,m.email AS member_email FROM resetpassword p LEFT JOIN members m ON m.id=p.member_id WHERE p.id=%lu ", in["reset_id"].Long())) {
if (load_db_record(x, "SELECT m.firstname,p.*,m.email AS member_email, created AS lost_added FROM password_reset p LEFT JOIN members m ON m.id=p.member_id WHERE p.id=%lu ", in["reset_id"].Long())) {
vars2form(x, form);
form.LetStr("subject", "Reset Password");
form.LetStr("email", x["member_email"].c_str());
form.LetStr( "server_name", server_name );
switch (mode) {
case RESET_START:
form.Email("member/reset_password.mailfile");
form.Email("start_losspass.mailfile");
break;
case RESET_CONFIRM:
www/application/controllers/Auth.php
+77 -1
View File
@@ -106,7 +106,7 @@ class Auth extends Start_Controller {
public function resetpass() {
$data = array();
$out = array();
$data["next_page"] = 0;
$data["next_page"] = 50;
$data["error_message"] = "";
if ($_POST) {
$data['username'] = trim($this->input->post('username'));
@@ -128,4 +128,80 @@ class Auth extends Start_Controller {
$this->index();
}
public function passreset() {
$data = array();
$out = array();
$data["next_page"] = 0;
$data["error_message"] = '';
if ($_GET) {
$data['reset_key'] = trim($this->input->get('rlink'));
$data["mode"] = RESET_CONFIRM;
if ($data['reset_key'] != '') {
$this->coregrade_webapi(COREGRADE_START_RESET_PASSWORD, $data, $out);
// print_r($out);
if (isset($out["reset_id"]) && isset($out["reset_id"]) > 0) {
$data["next_page"] = 5500;
$data["reset_id"] = $out["reset_id"];
$data["username"] = $out["username"];
}
} else {
$data["error_message"] = "Please enter a valis username to continue";
}
}
$this->load->view('auth/view_head');
$this->load->view('auth/view_reset_password', $data);
$this->load->view('auth/view_foot');
}
public function completereset() {
$data = array();
$out = array();
$data["next_page"] = 5500;
$data["error_message"] = '';
if ($_POST) {
$data['reset_key'] = trim($this->input->post('rlink'));
$data['reset_id'] = trim($this->input->post('reset_id'));
$data['username'] = trim($this->input->post('username'));
$data['pass1'] = trim($this->input->post('pass1'));
$data['pass2'] = trim($this->input->post('pass2'));
$allow_next = false;
if ( strlen($data['pass1']) >7 && $data['pass1'] == $data['pass2']){
$allow_next = true;
}
else{
$data["error_message"] = "Please enter a valis username to continue";
}
$data["mode"] = RESET_COMPLETE;
if ($data['reset_key'] != '' && isset($out["reset_id"]) && isset($out["reset_id"]) > 0 && $allow_next == true) {
$this->coregrade_webapi(COREGRADE_START_RESET_PASSWORD, $data, $out);
// print_r($out);
if (0) {
$data["next_page"] = 5500;
$data["reset_id"] = $out["reset_id"];
$data["username"] = $out["username"];
}
} else {
$data["error_message"] = "Please enter a valid username to continue";
}
}
$this->load->view('auth/view_head');
$this->load->view('auth/view_reset_password', $data);
$this->load->view('auth/view_foot');
}
}
www/application/views/auth/view_reset_password.php
+41 -9
View File
@@ -1,5 +1,5 @@
<?php
$next_page = isset($next_page) ? $next_page : 0;
$next_page = isset($next_page) ? $next_page : 50;
?>
<body class="vertical-layout vertical-menu-modern 1-column navbar-floating footer-static bg-full-screen-image blank-page blank-page" data-open="click" data-menu="vertical-menu-modern" data-col="1-column">
@@ -29,7 +29,7 @@ $next_page = isset($next_page) ? $next_page : 0;
<div class="card-content">
<div class="card-body pt-1">
<?
if ($next_page == 0) {
if ($next_page == 50) {
?>
<p class="px-2">Please tell us your username.</p>
<form method="POST" action="/auth/resetpass">
@@ -72,7 +72,8 @@ $next_page = isset($next_page) ? $next_page : 0;
<?= $error_message ?>
</fieldset>
<div class="row pt-2">
<div class="col-12 col-md-6 mb-1">
</div>
<div class="col-12 col-md-6 mb-1">
<button type="submit" class="btn btn-primary btn-block px-0">Return Home</button>
</div>
@@ -80,23 +81,30 @@ $next_page = isset($next_page) ? $next_page : 0;
</form>
<?php
} else {
} else if ($next_page == 5500) {
?>
<form>
<form method="POST" action='/auth/completereset'>
<input type='hidden' name='reset_id' value='<?= $reset_id ?>'>
<input type='hidden' name='reset_key' value='<?= $reset_key ?>'>
<input type='hidden' name='username' value='<?= $username ?>'>
<fieldset class="form-label-group">
<input type="text" class="form-control" id="user-email" placeholder="Email" required>
<label for="user-email">Email</label>
<input type="text" class="form-control" id="user-email" placeholder="Email" value="<?= $username ?>" readonly required>
<label for="user-email">Username</label>
</fieldset>
<fieldset class="form-label-group">
<input type="password" class="form-control" id="user-password" placeholder="Password" required>
<input type="password" class="form-control" id="user-password" name='pass1' placeholder="Password" required>
<label for="user-password">Password</label>
</fieldset>
<fieldset class="form-label-group">
<input type="password" class="form-control" id="user-confirm-password" placeholder="Confirm Password" required>
<input type="password" class="form-control" id="user-confirm-password" name='pass2' placeholder="Confirm Password" required>
<label for="user-confirm-password">Confirm Password</label>
</fieldset>
<fieldset class="form-label-group">
<span style='color:red;'><?= $error_message ?></span>
</fieldset>
<div class="row pt-2">
<div class="col-12 col-md-6 mb-1">
<a href="/auth" class="btn btn-outline-primary btn-block px-0">Go Back to Login</a>
@@ -107,6 +115,30 @@ $next_page = isset($next_page) ? $next_page : 0;
</div>
</form>
<?php
} else {
?>
<form method="POST" action="/">
<fieldset class="form-label-group">
Something went wrong
</fieldset>
<fieldset class="form-label-group">
<span style="color:red;">We have an error, it is possible that the link expired before you attempted the reset. Simply start the process again or contact us..</span>
</fieldset>
<fieldset class="form-label-group">
<?= $error_message ?>
</fieldset>
<div class="row pt-2">
<div class="col-12 col-md-6 mb-1">
</div>
<div class="col-12 col-md-6 mb-1">
<button type="submit" class="btn btn-primary btn-block px-0">Return Home</button>
</div>
</div>
</form>
<?php
}
?>
www/application/views/home/home.php
+5 -4
View File
@@ -81,7 +81,7 @@
<li><a href="#pricing" class="smoothscroll">PLANS</a></li>
<li><a href="#download" class="smoothscroll">APP</a></li>
<li><a href="#contact" class="smoothscroll">CONTACT</a></li>
<li style="background-color: #FC6443;" onclick="viewLogin(); return;"><a href="/auth" >START</a></li>
<li style="background-color: #7367f0;" onclick="viewLogin(); return;"><a href="/auth" >START</a></li>
</ul>
</div>
</div>
@@ -205,8 +205,9 @@
<li data-value="tutor"><span>Parents</span></li>
-->
</ul>
<p class="wow fadeIn">Thus much I thought proper to tell you in relation to yourself, and to the trust I reposed in you.</p>
<p class="fade-text wow fadeIn">Have a bigger team? <a href="#">Lets talk</a></p>
<p class="wow fadeIn">A Modern, intuitive, effective digital learning <p >experience that minimizes complexity and </p><p>enables personalized learning at a convenience.</p>
<p class="fade-text wow fadeIn">Let Us Be Your Companion <a href="#">Lets talk</a></p>
</div>
</div>
<div class="col-xs-12 col-md-7">
@@ -232,7 +233,7 @@
<li><p>Flexible Learning</p></li>
<li><p>Personal Assistant</p></li>
</ul>
<a href="/auth/newuser" class="btn btn-default btn-outline">Make me a Pro</a>
<a href="/auth/newuser" class="btn btn-default btn-outline">Upgrade</a>
</li>
<!--
<li id="tutor">