Chiefsoft/CoreGrade
1
0
Fork 0
Code Issues Pull Requests Releases Activity

fix

Browse Source
This commit is contained in:
Olusesan Ameye
2020-04-12 16:33:08 -04:00
parent 24ea6b9ae7
commit 90309496e9
7 changed files with 145 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files
coregrade/email/start_losspass.mailfile
+7 -7
View File
@@ -1,5 +1,5 @@
To: {{email}}
Subject: PayQuic - Password Reset for {{email}}
Subject: CoreGrade - Password Reset for {{email}}
<html>
<head>
</head>
@@ -9,7 +9,7 @@ Subject: PayQuic - Password Reset for {{email}}
<table cellpadding="2" cellspacing="2" border="0" style="height:30px; width:400px; font-size:12px;color:#333333;width:100%;border-width: 0px;border-color: #9dcc7a;border-collapse: collapse;">
<tr><td><span align=center><img src="http://www.payquic.com/images/logo.png" alt="PayQuic"></span></td></tr>
<tr><td><span align=center><img src="{{server_name}}/images/logo.png" alt="CoreGrade"></span></td></tr>
<tr>
<td style="font-size:12px; text-alig:left;">
Dear {{firstname}}
@@ -24,7 +24,7 @@ We have initiated your password reset process as requested as by you on {{lost_a
<td style="font-size:12px; text-alig:left;height:10px;">
<span align="center">
<table cellpadding="2" cellspacing="2" border="0" style="height:10px; width:300px; font-size:12px;color:#333333;width:100%;border-width: 0px;border-color: #9dcc7a;border-collapse: collapse;">
<tr><td style="width:130px;text-align:left;">Click the link</td><td>https://{{site}}/creset.html?rlink={{reset_link}}</td></tr>
<tr><td style="width:130px;text-align:left;">Click the link</td><td>https://{{server_name}}/auth/passreset?rlink={{reset_key}}</td></tr>
<tr><td style="width:130px;text-align:left;">Link will expire</td><td>{{expire}}</td></tr>
</table>
</span>
@@ -32,11 +32,11 @@ We have initiated your password reset process as requested as by you on {{lost_a
</tr>
<tr>
<td style="font-size:12px; text-alig:left;">
If it was not at your request, then please contact PayQuic support immediately.
If it was not at your request, then please contact CoreGrade support immediately.
For further support go to our website at www.PayQuic.com or call 08188697770 between the hours of 10:00 AM and 5:00 PM.
Thank you for choosing PayQuic.
PayQuic Team.
For further support go to our website at https://{{server_name}} or call 08188697770 between the hours of 10:00 AM and 5:00 PM.
Thank you for choosing CoreGrade.
CoreGrade Team.
</td>
</tr>
coregrade/email/welcome.mailfile
+1 -1
View File
@@ -1,5 +1,5 @@
To: {{email}}
Subject: Welcome to PayQuic
Subject: Welcome to CoreGrade
<html>
<head>
</head>
coregrade/src/shared_tool/account.cc
+8 -9
View File
@@ -195,7 +195,7 @@ long startPassReset(CVars in, CVars &out) {
ret = load_db_record(out, "SELECT id AS member_id,now() AS reset_seed FROM members WHERE status=1 AND LOWER(username)=LOWER('%s') ", in["username"].c_str());
if (ret && out["member_id"].Long() > 0) {
// remove all existing session
pgsql_exec("UPDATE resetpassword SET status=7 WHERE status NOT IN (3,5) AND member_id=%ld ", out["member_id"].Long());
pgsql_exec("UPDATE password_reset SET status=7 WHERE status NOT IN (3,5) AND member_id=%ld ", out["member_id"].Long());
// Create New Session Now
if (load_db_record(y, "SELECT floor( random()*100000) AS reset_pin ,md5('%s') AS reset_key", out["reset_seed"].c_str()) >= 0) {
@@ -211,7 +211,7 @@ long startPassReset(CVars in, CVars &out) {
x["reset_pin"].set_valid(true);
x["member_id"].set_valid(true);
out["reset_id"] = insert_db_record(DBS_VALID, "resetpassword", "resetpassword_id_seq", x);
out["reset_id"] = insert_db_record(DBS_VALID, "password_reset", "password_reset_id_seq", x);
if (out["reset_id"].Long() > 0) {
ret = PHP_API_OK;
out["reset_key"] = "YOU WILL GET THIS IF PIN IS CORRECT IN CONFIRM"; //x["reset_key"];
@@ -227,7 +227,7 @@ long startPassReset(CVars in, CVars &out) {
x["username"].set_valid(true);
x["loc"].set_valid(true);
x["status"].set_valid(true);
out["reset_id"] = insert_db_record(DBS_VALID, "resetpassword", "resetpassword_id_seq", x);
out["reset_id"] = insert_db_record(DBS_VALID, "password_reset", "password_reset_id_seq", x);
out["status_message"] = "Invalid Username or disabled account";
out["status_advice"] = "Check username or Contact support";
@@ -246,13 +246,12 @@ long confirmPassReset(CVars in, CVars &out) {
long ret = PHP_API_BAD_PARAM;
CVars x, y;
try {
REQ_STRING(in, "username", 2, 49, "(.*)");
REQ_LONG(in, "reset_pin", 0, -1);
REQ_STRING(in, "reset_key", 12, 49, "(.*)");
const char *loc = getenv("REMOTE_ADDR");
ret = load_db_record(out, "SELECT *, id AS reset_id FROM resetpassword WHERE status = 0 AND LOWER(username)=LOWER('%s') AND reset_pin='%lu' AND loc='%s'", in["username"].c_str(), in["reset_pin"].Long(), loc);
ret = load_db_record(out, "SELECT *, id AS reset_id FROM password_reset WHERE status = 0 AND reset_key='%s' ", in["reset_key"].c_str());
if (ret && out["id"].Long() > 0) {
pgsql_query("UPDATE resetpassword SET status = 1 WHERE id =%lu", out["reset_id"].Long());
pgsql_query("UPDATE password_reset SET status = 1 WHERE id =%lu", out["reset_id"].Long());
ret = PHP_API_OK;
} else {
out["status_message"] = "Invalid PIN or disabled account";
@@ -278,13 +277,13 @@ long completePassReset(CVars in, CVars &out) {
const char *loc = getenv("REMOTE_ADDR");
ret = load_db_record(out, "SELECT *,id AS reset_id FROM resetpassword WHERE status=1 AND LOWER(username)=LOWER('%s') AND reset_pin='%lu' AND loc='%s' AND reset_key='%s'", in["username"].c_str(), in["reset_pin"].Long(), loc, in["reset_key"].c_str());
ret = load_db_record(out, "SELECT *,id AS reset_id FROM password_reset WHERE status=1 AND LOWER(username)=LOWER('%s') AND reset_pin='%lu' AND loc='%s' AND reset_key='%s'", in["username"].c_str(), in["reset_pin"].Long(), loc, in["reset_key"].c_str());
if (ret && out["reset_id"].Long() > 0) {
char mcf[128];
int result = 0; //libscrypt_hash(mcf, in["password"].c_str(), SCRYPT_N, SCRYPT_r, SCRYPT_p);
if (result > 0) {
if (pgsql_query("UPDATE members SET password='%s' WHERE id =%lu", mcf, out["member_id"].Long()) >= 0) {
pgsql_query("UPDATE resetpassword SET status = 5,reset_key=NULL WHERE id =%lu", out["reset_id"].Long());
pgsql_query("UPDATE password_reset SET status = 5,reset_key=NULL WHERE id =%lu", out["reset_id"].Long());
ret = PHP_API_OK;
}
coregrade/src/shared_tool/email.cc
+6 -3
View File
@@ -108,9 +108,11 @@ long member_email_calls(long action, CVars in, CVars &out) {
out["facebook"] = CfgReadChar("system.facebook");
out["twitter"] = CfgReadChar("system.twitter");
char * server_name = getenv( "SERVER_NAME" );
//https://www.float.sg/
form.LetStr("site_name", "Float");
form.LetStr("site_name", "CoreGrade");
form.LetStr("contactus", out["contactus"].c_str());
form.LetStr("facebook", out["facebook"].c_str());
form.LetStr("twitter", out["twitter"].c_str());
@@ -169,14 +171,15 @@ long member_email_calls(long action, CVars in, CVars &out) {
*/
case COREGRADE_START_RESET_PASSWORD:
mode = REQ_LONG(in, "mode", 0, -1);
if (load_db_record(x, "SELECT m.firstname,p.*,m.email AS member_email FROM resetpassword p LEFT JOIN members m ON m.id=p.member_id WHERE p.id=%lu ", in["reset_id"].Long())) {
if (load_db_record(x, "SELECT m.firstname,p.*,m.email AS member_email, created AS lost_added FROM password_reset p LEFT JOIN members m ON m.id=p.member_id WHERE p.id=%lu ", in["reset_id"].Long())) {
vars2form(x, form);
form.LetStr("subject", "Reset Password");
form.LetStr("email", x["member_email"].c_str());
form.LetStr( "server_name", server_name );
switch (mode) {
case RESET_START:
form.Email("member/reset_password.mailfile");
form.Email("start_losspass.mailfile");
break;
case RESET_CONFIRM: