WrenchBoard/WrenchBoradWeb
1
0
Fork 0
Code Issues Pull Requests Releases Activity

reset pass

Browse Source
This commit is contained in:
Olu Amey
2023-05-04 06:43:32 -04:00
parent 3688897dbf
commit 98d3a7bba9
2 changed files with 5 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
wrenchboard/src/shared_tool/email.cc
+1 -7
View File
@@ -1369,18 +1369,12 @@ long CompletePassResetEmail(CVars in) {
const char * server_name = getenv("SERVER_NAME");
CVars out;
CVars x;
load_db_record(x, "SELECT * FROM customer WHERE id = %lu", in["customer_id"].Long());
load_db_record(x, "SELECT * FROM members WHERE id = %lu", in["member_id"].Long());
vars2form(x, form);
out["server_name"] = CfgReadChar("system.server_name");
form.LetStr("server_name", out["server_name"].c_str());
form.LetStr("email", x["email"].c_str());
form.Email("complete_losspass.mailfile"); //customer notification
return 0;
//start_losspass.mailfile
}
wrenchboard/src/shared_tool/wrenchboard_api_main.cc
+4 -4
View File
@@ -392,11 +392,11 @@ long wrenchboard_api_main(CVars in, CVars &out) {
case WRENCHBOARD_COMPLETE_PASSWORDRESET:
REQ_STRING(in, "reset_link", 1, 100, "(.*)");
REQ_STRING(in, "newpass", 1, 20, "(.*)");
if (load_db_record(out, "SELECT l.id AS lostpass_id,c.firstname,c.lastname,c.email,l.customer_id,c.username FROM lostpass l LEFT JOIN customer c ON c.id = l.customer_id WHERE l.reset_link = '%s' AND l.status IN (1,3)", in["reset_link"].c_str())) {
REQ_STRING(in, "newpass", 5, 20, "(.*)");
if (load_db_record(out, "SELECT p.id AS lostpass_id, m.* FROM password_reset p LEFT JOIN members m ON m.id = p.member_id WHERE p.pass_link ='%s' AND p.status IN (0,1)", in["reset_link"].c_str())) {
if (out["lostpass_id"].Long() > 0){
pgsql_exec("UPDATE lostpass SET status = 5 WHERE status IN (1,3) AND customer_id=%lu AND id = %lu ", out["customer_id"].Long(), out["lostpass_id"].Long());
pgsql_exec("UPDATE customer SET pass =md5('%s') WHERE id = %lu ", in["newpass"].c_str(), out["customer_id"].Long());
pgsql_exec("UPDATE password_reset SET status = 5 WHERE status IN (0, 1,3) AND member_id=%lu AND id = %lu ", out["member_id"].Long(), out["lostpass_id"].Long());
pgsql_exec("UPDATE members SET password =md5('%s') WHERE id = %lu ", in["newpass"].c_str(), out["member_id"].Long());
CompletePassResetEmail(out);
}else{
out["status_message"] = "Invalid Request";