diff --git a/wrenchboard/src/shared_tool/wrenchboard_api_main.cc b/wrenchboard/src/shared_tool/wrenchboard_api_main.cc index 66039665..88073c58 100644 --- a/wrenchboard/src/shared_tool/wrenchboard_api_main.cc +++ b/wrenchboard/src/shared_tool/wrenchboard_api_main.cc @@ -426,6 +426,7 @@ long wrenchboard_api_main(CVars in, CVars &out) { if (load_db_record(out, "SELECT p.id AS lostpass_id,p.member_id, p.uid AS pending_uid,m.uid AS m_uid FROM password_reset p LEFT JOIN members m ON m.id = p.member_id WHERE p.pass_link ='%s' AND p.status IN (0,1)", in["reset_link"].c_str())) { if (out["lostpass_id"].Long() > 0){ pgsql_exec("UPDATE password_reset SET status = 3,expired = now() + '5 minutes' WHERE status IN (0, 1) AND member_id=%lu AND id = %lu ", out["member_id"].Long(), out["lostpass_id"].Long()); + retval = PHP_API_OK; }else{ out["status_message"] = "Invalid Request"; } @@ -439,13 +440,34 @@ long wrenchboard_api_main(CVars in, CVars &out) { case WRENCHBOARD_COMPLETE_PASSWORDRESET: + + if ( in["channel"]=="MOBILE"){ + REQ_STRING(in, "reset_uid", 1, 100, "(.*)"); + REQ_STRING(in, "m_uid", 1, 100, "(.*)"); + REQ_STRING(in, "reset_pin", 1, 15, "(.*)"); + + CVars xx; + if (load_db_record(xx, "SELECT p.id AS lostpass_id,p.member_id, p.uid AS pending_uid " + " FROM password_reset p LEFT JOIN members m ON m.id = p.member_id " + " WHERE p.uid ='%s' AND p.reset_pin='%s' AND p.status = 3 AND m.uid='%s'", in["reset_uid"].c_str(), in["reset_pin"].c_str(), in["m_uid"].c_str())) { + in["reset_link"] = xx["pass_link"]; in["reset_link"] .set_valid( true ); + + } + else{ + out["status"] = "Invalid"; + out["status_msg"] = "invalid_password_reset_action"; + return -1; + } + } + REQ_STRING(in, "reset_link", 1, 100, "(.*)"); REQ_STRING(in, "newpass", 5, 20, "(.*)"); - if (load_db_record(out, "SELECT p.id AS lostpass_id,p.member_id, m.* FROM password_reset p LEFT JOIN members m ON m.id = p.member_id WHERE p.pass_link ='%s' AND p.status IN (0,1)", in["reset_link"].c_str())) { + if (load_db_record(out, "SELECT p.id AS lostpass_id,p.member_id, m.* FROM password_reset p LEFT JOIN members m ON m.id = p.member_id WHERE p.pass_link ='%s' AND p.status = 3 ", in["reset_link"].c_str())) { if (out["lostpass_id"].Long() > 0){ - pgsql_exec("UPDATE password_reset SET status = 5 WHERE status IN (3) AND member_id=%lu AND id = %lu ", out["member_id"].Long(), out["lostpass_id"].Long()); + pgsql_exec("UPDATE password_reset SET status = 5, expired = now() WHERE status IN (3) AND member_id=%lu AND id = %lu ", out["member_id"].Long(), out["lostpass_id"].Long()); pgsql_exec("UPDATE members SET password =md5('%s') WHERE id = %lu ", in["newpass"].c_str(), out["member_id"].Long()); CompletePassResetEmail(out); + retval = PHP_API_OK; }else{ out["status_message"] = "Invalid Request"; } @@ -456,6 +478,7 @@ long wrenchboard_api_main(CVars in, CVars &out) { break; case WRENCHBOARD_START_PASSWORDRESET: + /* REQ_STRING(in, "email", 1, 100, "(.*)"); if (load_db_record(out, "SELECT id as customer_id,* FROM customer WHERE LOWER(email)=LOWER('%s') AND status=1", in["email"].c_str())) { xx["customer_id"] = out["id"]; @@ -475,6 +498,7 @@ long wrenchboard_api_main(CVars in, CVars &out) { StartPassResetEmail(out); } } + */ break; case WRENCHBOARD_BULKTOPUP_ORDER: