fix

2020-04-12 17:36:51 -04:00
parent 0e55c3b953
commit bf3e60730a
6 changed files with 617 additions and 669 deletions
@@ -269,20 +269,21 @@ long completePassReset(CVars in, CVars &out) {
    logfmt(logINFO, "completePassReset()");
    long ret = PHP_API_BAD_PARAM;
    CVars x, y;
+    out["reset_complete"] = "0";
    try {
        REQ_STRING(in, "username", 2, 49, "(.*)");
-        REQ_STRING(in, "newpass", 5, 15, "(.*)");
-        REQ_LONG(in, "reset_pin", 0, -1);
+        REQ_STRING(in, "new_pass", 5, 15, "(.*)");
+        REQ_LONG(in, "reset_id", 0, -1);
        REQ_STRING(in, "reset_key", 2, 49, "(.*)");

        const char *loc = getenv("REMOTE_ADDR");

-        ret = load_db_record(out, "SELECT *,id AS reset_id FROM password_reset WHERE status=1 AND LOWER(username)=LOWER('%s') AND reset_pin='%lu' AND loc='%s' AND reset_key='%s'", in["username"].c_str(), in["reset_pin"].Long(), loc, in["reset_key"].c_str());
+        ret = load_db_record(out, "SELECT *,id AS reset_id FROM password_reset WHERE status=1 AND LOWER(username)=LOWER('%s') AND id='%lu' AND loc='%s' AND reset_key='%s'", in["username"].c_str(), in["reset_id"].Long(), loc, in["reset_key"].c_str());
        if (ret && out["reset_id"].Long() > 0) {
            char mcf[128];
-            int result = 0; //libscrypt_hash(mcf, in["password"].c_str(), SCRYPT_N, SCRYPT_r, SCRYPT_p);
+            int result = 100; //libscrypt_hash(mcf, in["password"].c_str(), SCRYPT_N, SCRYPT_r, SCRYPT_p);
            if (result > 0) {
-                if (pgsql_query("UPDATE members SET password='%s' WHERE id =%lu", mcf, out["member_id"].Long()) >= 0) {
+                if (pgsql_query("UPDATE members SET password=md5('%s') WHERE id =%lu", in["new_pass"].c_str(), out["member_id"].Long()) >= 0) {
                    pgsql_query("UPDATE password_reset SET status = 5,reset_key=NULL WHERE id =%lu", out["reset_id"].Long());
                    ret = PHP_API_OK;
                }
@@ -290,6 +291,7 @@ long completePassReset(CVars in, CVars &out) {
                out["reset_key"] = "YOU WILL GET THIS IF PIN IS CORRECT IN CONFIRM"; //x["reset_key"];
                out["mode"] = RESET_COMPLETE;
                member_email_calls(in["action"].Long(), out, x); // note the use of out to send in
+                out["reset_complete"] = out["reset_id"];
            } else {
                logfmt(logINFO, "ERROR create hash using SCRYPT");
            }