Chiefsoft/CoreGrade
1
0
Fork 0
Code Issues Pull Requests Releases Activity

fix

Browse Source
This commit is contained in:
Olusesan Ameye
2020-04-12 16:33:08 -04:00
parent 24ea6b9ae7
commit 90309496e9
7 changed files with 145 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files
coregrade/src/shared_tool/account.cc
+8 -9
View File
@@ -195,7 +195,7 @@ long startPassReset(CVars in, CVars &out) {
ret = load_db_record(out, "SELECT id AS member_id,now() AS reset_seed FROM members WHERE status=1 AND LOWER(username)=LOWER('%s') ", in["username"].c_str());
if (ret && out["member_id"].Long() > 0) {
// remove all existing session
pgsql_exec("UPDATE resetpassword SET status=7 WHERE status NOT IN (3,5) AND member_id=%ld ", out["member_id"].Long());
pgsql_exec("UPDATE password_reset SET status=7 WHERE status NOT IN (3,5) AND member_id=%ld ", out["member_id"].Long());
// Create New Session Now
if (load_db_record(y, "SELECT floor( random()*100000) AS reset_pin ,md5('%s') AS reset_key", out["reset_seed"].c_str()) >= 0) {
@@ -211,7 +211,7 @@ long startPassReset(CVars in, CVars &out) {
x["reset_pin"].set_valid(true);
x["member_id"].set_valid(true);
out["reset_id"] = insert_db_record(DBS_VALID, "resetpassword", "resetpassword_id_seq", x);
out["reset_id"] = insert_db_record(DBS_VALID, "password_reset", "password_reset_id_seq", x);
if (out["reset_id"].Long() > 0) {
ret = PHP_API_OK;
out["reset_key"] = "YOU WILL GET THIS IF PIN IS CORRECT IN CONFIRM"; //x["reset_key"];
@@ -227,7 +227,7 @@ long startPassReset(CVars in, CVars &out) {
x["username"].set_valid(true);
x["loc"].set_valid(true);
x["status"].set_valid(true);
out["reset_id"] = insert_db_record(DBS_VALID, "resetpassword", "resetpassword_id_seq", x);
out["reset_id"] = insert_db_record(DBS_VALID, "password_reset", "password_reset_id_seq", x);
out["status_message"] = "Invalid Username or disabled account";
out["status_advice"] = "Check username or Contact support";
@@ -246,13 +246,12 @@ long confirmPassReset(CVars in, CVars &out) {
long ret = PHP_API_BAD_PARAM;
CVars x, y;
try {
REQ_STRING(in, "username", 2, 49, "(.*)");
REQ_LONG(in, "reset_pin", 0, -1);
REQ_STRING(in, "reset_key", 12, 49, "(.*)");
const char *loc = getenv("REMOTE_ADDR");
ret = load_db_record(out, "SELECT *, id AS reset_id FROM resetpassword WHERE status = 0 AND LOWER(username)=LOWER('%s') AND reset_pin='%lu' AND loc='%s'", in["username"].c_str(), in["reset_pin"].Long(), loc);
ret = load_db_record(out, "SELECT *, id AS reset_id FROM password_reset WHERE status = 0 AND reset_key='%s' ", in["reset_key"].c_str());
if (ret && out["id"].Long() > 0) {
pgsql_query("UPDATE resetpassword SET status = 1 WHERE id =%lu", out["reset_id"].Long());
pgsql_query("UPDATE password_reset SET status = 1 WHERE id =%lu", out["reset_id"].Long());
ret = PHP_API_OK;
} else {
out["status_message"] = "Invalid PIN or disabled account";
@@ -278,13 +277,13 @@ long completePassReset(CVars in, CVars &out) {
const char *loc = getenv("REMOTE_ADDR");
ret = load_db_record(out, "SELECT *,id AS reset_id FROM resetpassword WHERE status=1 AND LOWER(username)=LOWER('%s') AND reset_pin='%lu' AND loc='%s' AND reset_key='%s'", in["username"].c_str(), in["reset_pin"].Long(), loc, in["reset_key"].c_str());
ret = load_db_record(out, "SELECT *,id AS reset_id FROM password_reset WHERE status=1 AND LOWER(username)=LOWER('%s') AND reset_pin='%lu' AND loc='%s' AND reset_key='%s'", in["username"].c_str(), in["reset_pin"].Long(), loc, in["reset_key"].c_str());
if (ret && out["reset_id"].Long() > 0) {
char mcf[128];
int result = 0; //libscrypt_hash(mcf, in["password"].c_str(), SCRYPT_N, SCRYPT_r, SCRYPT_p);
if (result > 0) {
if (pgsql_query("UPDATE members SET password='%s' WHERE id =%lu", mcf, out["member_id"].Long()) >= 0) {
pgsql_query("UPDATE resetpassword SET status = 5,reset_key=NULL WHERE id =%lu", out["reset_id"].Long());
pgsql_query("UPDATE password_reset SET status = 5,reset_key=NULL WHERE id =%lu", out["reset_id"].Long());
ret = PHP_API_OK;
}
coregrade/src/shared_tool/email.cc
+6 -3
View File
@@ -108,9 +108,11 @@ long member_email_calls(long action, CVars in, CVars &out) {
out["facebook"] = CfgReadChar("system.facebook");
out["twitter"] = CfgReadChar("system.twitter");
char * server_name = getenv( "SERVER_NAME" );
//https://www.float.sg/
form.LetStr("site_name", "Float");
form.LetStr("site_name", "CoreGrade");
form.LetStr("contactus", out["contactus"].c_str());
form.LetStr("facebook", out["facebook"].c_str());
form.LetStr("twitter", out["twitter"].c_str());
@@ -169,14 +171,15 @@ long member_email_calls(long action, CVars in, CVars &out) {
*/
case COREGRADE_START_RESET_PASSWORD:
mode = REQ_LONG(in, "mode", 0, -1);
if (load_db_record(x, "SELECT m.firstname,p.*,m.email AS member_email FROM resetpassword p LEFT JOIN members m ON m.id=p.member_id WHERE p.id=%lu ", in["reset_id"].Long())) {
if (load_db_record(x, "SELECT m.firstname,p.*,m.email AS member_email, created AS lost_added FROM password_reset p LEFT JOIN members m ON m.id=p.member_id WHERE p.id=%lu ", in["reset_id"].Long())) {
vars2form(x, form);
form.LetStr("subject", "Reset Password");
form.LetStr("email", x["member_email"].c_str());
form.LetStr( "server_name", server_name );
switch (mode) {
case RESET_START:
form.Email("member/reset_password.mailfile");
form.Email("start_losspass.mailfile");
break;
case RESET_CONFIRM: