reset pass
This commit is contained in:
@@ -1369,18 +1369,12 @@ long CompletePassResetEmail(CVars in) {
|
||||
const char * server_name = getenv("SERVER_NAME");
|
||||
CVars out;
|
||||
CVars x;
|
||||
load_db_record(x, "SELECT * FROM customer WHERE id = %lu", in["customer_id"].Long());
|
||||
load_db_record(x, "SELECT * FROM members WHERE id = %lu", in["member_id"].Long());
|
||||
vars2form(x, form);
|
||||
|
||||
|
||||
out["server_name"] = CfgReadChar("system.server_name");
|
||||
form.LetStr("server_name", out["server_name"].c_str());
|
||||
|
||||
|
||||
form.LetStr("email", x["email"].c_str());
|
||||
form.Email("complete_losspass.mailfile"); //customer notification
|
||||
|
||||
|
||||
return 0;
|
||||
//start_losspass.mailfile
|
||||
}
|
||||
|
||||
@@ -392,11 +392,11 @@ long wrenchboard_api_main(CVars in, CVars &out) {
|
||||
|
||||
case WRENCHBOARD_COMPLETE_PASSWORDRESET:
|
||||
REQ_STRING(in, "reset_link", 1, 100, "(.*)");
|
||||
REQ_STRING(in, "newpass", 1, 20, "(.*)");
|
||||
if (load_db_record(out, "SELECT l.id AS lostpass_id,c.firstname,c.lastname,c.email,l.customer_id,c.username FROM lostpass l LEFT JOIN customer c ON c.id = l.customer_id WHERE l.reset_link = '%s' AND l.status IN (1,3)", in["reset_link"].c_str())) {
|
||||
REQ_STRING(in, "newpass", 5, 20, "(.*)");
|
||||
if (load_db_record(out, "SELECT p.id AS lostpass_id, m.* FROM password_reset p LEFT JOIN members m ON m.id = p.member_id WHERE p.pass_link ='%s' AND p.status IN (0,1)", in["reset_link"].c_str())) {
|
||||
if (out["lostpass_id"].Long() > 0){
|
||||
pgsql_exec("UPDATE lostpass SET status = 5 WHERE status IN (1,3) AND customer_id=%lu AND id = %lu ", out["customer_id"].Long(), out["lostpass_id"].Long());
|
||||
pgsql_exec("UPDATE customer SET pass =md5('%s') WHERE id = %lu ", in["newpass"].c_str(), out["customer_id"].Long());
|
||||
pgsql_exec("UPDATE password_reset SET status = 5 WHERE status IN (0, 1,3) AND member_id=%lu AND id = %lu ", out["member_id"].Long(), out["lostpass_id"].Long());
|
||||
pgsql_exec("UPDATE members SET password =md5('%s') WHERE id = %lu ", in["newpass"].c_str(), out["member_id"].Long());
|
||||
CompletePassResetEmail(out);
|
||||
}else{
|
||||
out["status_message"] = "Invalid Request";
|
||||
|
||||
Reference in New Issue
Block a user