From 3688897dbf58f75bc64258a93d1a4f93f31e5e43 Mon Sep 17 00:00:00 2001 From: Olu Amey Date: Wed, 3 May 2023 07:21:57 -0400 Subject: [PATCH] Pass reset filter --- wrenchboard/src/shared_tool/wrenchboard_api_main.cc | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/wrenchboard/src/shared_tool/wrenchboard_api_main.cc b/wrenchboard/src/shared_tool/wrenchboard_api_main.cc index 78ac75c9..392b2579 100644 --- a/wrenchboard/src/shared_tool/wrenchboard_api_main.cc +++ b/wrenchboard/src/shared_tool/wrenchboard_api_main.cc @@ -394,15 +394,17 @@ long wrenchboard_api_main(CVars in, CVars &out) { REQ_STRING(in, "reset_link", 1, 100, "(.*)"); REQ_STRING(in, "newpass", 1, 20, "(.*)"); if (load_db_record(out, "SELECT l.id AS lostpass_id,c.firstname,c.lastname,c.email,l.customer_id,c.username FROM lostpass l LEFT JOIN customer c ON c.id = l.customer_id WHERE l.reset_link = '%s' AND l.status IN (1,3)", in["reset_link"].c_str())) { - pgsql_exec("UPDATE lostpass SET status = 5 WHERE status IN (1,3) AND customer_id=%lu AND id = %lu ", out["customer_id"].Long(), out["lostpass_id"].Long()); + if (out["lostpass_id"].Long() > 0){ + pgsql_exec("UPDATE lostpass SET status = 5 WHERE status IN (1,3) AND customer_id=%lu AND id = %lu ", out["customer_id"].Long(), out["lostpass_id"].Long()); + pgsql_exec("UPDATE customer SET pass =md5('%s') WHERE id = %lu ", in["newpass"].c_str(), out["customer_id"].Long()); + CompletePassResetEmail(out); + }else{ + out["status_message"] = "Invalid Request"; + } - pgsql_exec("UPDATE customer SET pass =md5('%s') WHERE id = %lu ", in["newpass"].c_str(), out["customer_id"].Long()); - //complete_losspass.mailfile - CompletePassResetEmail(out); } else { out["status_message"] = "Pass Reset Failed"; } - break; case WRENCHBOARD_START_PASSWORDRESET: