This commit is contained in:
CHIEFSOFT\ameye
2023-08-04 21:21:03 -04:00
parent 0431b83a27
commit 8a22474d6b
@@ -426,6 +426,7 @@ long wrenchboard_api_main(CVars in, CVars &out) {
if (load_db_record(out, "SELECT p.id AS lostpass_id,p.member_id, p.uid AS pending_uid,m.uid AS m_uid FROM password_reset p LEFT JOIN members m ON m.id = p.member_id WHERE p.pass_link ='%s' AND p.status IN (0,1)", in["reset_link"].c_str())) {
if (out["lostpass_id"].Long() > 0){
pgsql_exec("UPDATE password_reset SET status = 3,expired = now() + '5 minutes' WHERE status IN (0, 1) AND member_id=%lu AND id = %lu ", out["member_id"].Long(), out["lostpass_id"].Long());
retval = PHP_API_OK;
}else{
out["status_message"] = "Invalid Request";
}
@@ -439,13 +440,34 @@ long wrenchboard_api_main(CVars in, CVars &out) {
case WRENCHBOARD_COMPLETE_PASSWORDRESET:
if ( in["channel"]=="MOBILE"){
REQ_STRING(in, "reset_uid", 1, 100, "(.*)");
REQ_STRING(in, "m_uid", 1, 100, "(.*)");
REQ_STRING(in, "reset_pin", 1, 15, "(.*)");
CVars xx;
if (load_db_record(xx, "SELECT p.id AS lostpass_id,p.member_id, p.uid AS pending_uid "
" FROM password_reset p LEFT JOIN members m ON m.id = p.member_id "
" WHERE p.uid ='%s' AND p.reset_pin='%s' AND p.status = 3 AND m.uid='%s'", in["reset_uid"].c_str(), in["reset_pin"].c_str(), in["m_uid"].c_str())) {
in["reset_link"] = xx["pass_link"]; in["reset_link"] .set_valid( true );
}
else{
out["status"] = "Invalid";
out["status_msg"] = "invalid_password_reset_action";
return -1;
}
}
REQ_STRING(in, "reset_link", 1, 100, "(.*)");
REQ_STRING(in, "newpass", 5, 20, "(.*)");
if (load_db_record(out, "SELECT p.id AS lostpass_id,p.member_id, m.* FROM password_reset p LEFT JOIN members m ON m.id = p.member_id WHERE p.pass_link ='%s' AND p.status IN (0,1)", in["reset_link"].c_str())) {
if (load_db_record(out, "SELECT p.id AS lostpass_id,p.member_id, m.* FROM password_reset p LEFT JOIN members m ON m.id = p.member_id WHERE p.pass_link ='%s' AND p.status = 3 ", in["reset_link"].c_str())) {
if (out["lostpass_id"].Long() > 0){
pgsql_exec("UPDATE password_reset SET status = 5 WHERE status IN (3) AND member_id=%lu AND id = %lu ", out["member_id"].Long(), out["lostpass_id"].Long());
pgsql_exec("UPDATE password_reset SET status = 5, expired = now() WHERE status IN (3) AND member_id=%lu AND id = %lu ", out["member_id"].Long(), out["lostpass_id"].Long());
pgsql_exec("UPDATE members SET password =md5('%s') WHERE id = %lu ", in["newpass"].c_str(), out["member_id"].Long());
CompletePassResetEmail(out);
retval = PHP_API_OK;
}else{
out["status_message"] = "Invalid Request";
}
@@ -456,6 +478,7 @@ long wrenchboard_api_main(CVars in, CVars &out) {
break;
case WRENCHBOARD_START_PASSWORDRESET:
/*
REQ_STRING(in, "email", 1, 100, "(.*)");
if (load_db_record(out, "SELECT id as customer_id,* FROM customer WHERE LOWER(email)=LOWER('%s') AND status=1", in["email"].c_str())) {
xx["customer_id"] = out["id"];
@@ -475,6 +498,7 @@ long wrenchboard_api_main(CVars in, CVars &out) {
StartPassResetEmail(out);
}
}
*/
break;
case WRENCHBOARD_BULKTOPUP_ORDER: