Reset pass

wrenchboard/src/include/wrenchboard_api.h

@@ -384,10 +384,11 @@ enum { PARTNER_STRIPE };
 
 #define WRENCHBOARD_ADD_MONEYRECIPIENT		600
 
-#define WRENCHBOARD_CREATE_USER_ACCOUNT  700
-#define WRENCHBOARD_USER_ACCOUNT_LOGIN   710
-#define WRENCHBOARD_START_PASSWORDRESET  720
-#define WRENCHBOARD_COMPLETE_PASSWORDRESET 730 
+#define WRENCHBOARD_CREATE_USER_ACCOUNT      700
+#define WRENCHBOARD_USER_ACCOUNT_LOGIN       710
+#define WRENCHBOARD_START_PASSWORDRESET      720
+#define WRENCHBOARD_VERIFY_PASSWD_RESETLINK  725
+#define WRENCHBOARD_COMPLETE_PASSWORDRESET   730
 
 #define	WRENCHBOARD_START_ADDMONEY  770 
 #define	WRENCHBOARD_COMPLETE_ADDMONEY	775 

wrenchboard/src/shared_tool/account.cc

@@ -1127,6 +1127,8 @@ long WrenchResetMemberPass(CVars in, CVars &out) {
             xx["loc"].set_valid(true);
             xx["reset_pin"] = reset_pin;
             xx["reset_pin"].set_valid(true);
+            xx["reset_pin"] = xx["reset_pin"].substr(xx["reset_pin"].length() - 6, 6);
+            // v["digits"] = in["cardnumber"].substr(in["cardnumber"].length() - 4, 4);
 
             out["password_reset_id"] = insert_db_record(DBS_VALID, "password_reset", "password_reset_id_seq", xx);
 

wrenchboard/src/shared_tool/wrenchboard_api_main.cc

@@ -396,6 +396,44 @@ long wrenchboard_api_main(CVars in, CVars &out) {
 
             break;
 
+        case WRENCHBOARD_VERIFY_PASSWD_RESETLINK:
+            OPTIONAL(in, "channel") REQ_STRING(in, "channel", 3, 15, "(.*)");
+
+
+            if ( in["channel"]=="MOBILE"){
+              REQ_STRING(in, "reset_uid", 1, 100, "(.*)");
+              REQ_STRING(in, "m_uid", 1, 100, "(.*)");
+              REQ_STRING(in, "reset_pin", 1, 15, "(.*)");
+
+              CVars xx;
+                  if (load_db_record(xx, "SELECT p.id AS lostpass_id,p.member_id, p.uid AS pending_uid "
+                                         " FROM password_reset p LEFT JOIN members m ON m.id = p.member_id "
+                                         " WHERE p.uid ='%s' AND p.reset_pin='%s' AND p.status IN (0,1) AND m.uid='%s'", in["reset_uid"].c_str(), in["reset_pin"].c_str(), in["m_uid"].c_str())) {
+                                         in["reset_link"] = xx["pass_link"];  in["reset_link"] .set_valid( true );
+
+                  }
+                  else{
+                      out["status"] = "Invalid";
+                      out["status_msg"] = "invalid_password_link_verification";
+                      return -1;
+                  }
+            }
+
+            REQ_STRING(in, "reset_link", 1, 100, "(.*)");
+            if (load_db_record(out, "SELECT p.id AS lostpass_id,p.member_id, p.uid AS pending_uid FROM password_reset p LEFT JOIN members m ON m.id = p.member_id WHERE p.pass_link ='%s' AND p.status IN (0,1)", in["reset_link"].c_str())) {
+                if (out["lostpass_id"].Long() > 0){
+                        pgsql_exec("UPDATE password_reset SET status = 3 WHERE status IN (0, 1) AND member_id=%lu AND id = %lu ", out["member_id"].Long(), out["lostpass_id"].Long());
+                        CompletePassResetEmail(out);
+                }else{
+                     out["status_message"] = "Invalid Request";
+                }
+
+            } else {
+                out["status_message"] = "Pass Reset Failed";
+                return -1;
+            }
+            break;
+
 
 
         case WRENCHBOARD_COMPLETE_PASSWORDRESET:
@@ -403,7 +441,7 @@ long wrenchboard_api_main(CVars in, CVars &out) {
             REQ_STRING(in, "newpass", 5, 20, "(.*)");
             if (load_db_record(out, "SELECT p.id AS lostpass_id,p.member_id, m.* FROM password_reset p LEFT JOIN members m ON m.id = p.member_id WHERE p.pass_link ='%s' AND p.status IN (0,1)", in["reset_link"].c_str())) {
                 if (out["lostpass_id"].Long() > 0){
-                        pgsql_exec("UPDATE password_reset SET status = 5 WHERE status IN (0, 1,3) AND member_id=%lu AND id = %lu ", out["member_id"].Long(), out["lostpass_id"].Long());
+                        pgsql_exec("UPDATE password_reset SET status = 5 WHERE status IN (3) AND member_id=%lu AND id = %lu ", out["member_id"].Long(), out["lostpass_id"].Long());
                         pgsql_exec("UPDATE members SET password =md5('%s')  WHERE id = %lu  ", in["newpass"].c_str(), out["member_id"].Long());
                         CompletePassResetEmail(out);
                 }else{

www-api/app/Config/Constants.php

@@ -362,8 +362,10 @@ define('WRENCHBOARD_ADD_MONEYRECIPIENT', 600);
 
 define('WRENCHBOARD_CREATE_USER_ACCOUNT', 700);
 define('WRENCHBOARD_USER_ACCOUNT_LOGIN', 710);
-define('WRENCHBOARD_START_PASSWORDRESET', 720);
-define('WRENCHBOARD_COMPLETE_PASSWORDRESET', 730);
+
+const WRENCHBOARD_START_PASSWORDRESET = 720;
+const WRENCHBOARD_VERIFY_PASSWD_RESETLINK = 725;
+const WRENCHBOARD_COMPLETE_PASSWORDRESET = 730;
 
 //#define	WRENCHBOARD_START_ADDMONEY',  770 );
 //#define	WRENCHBOARD_COMPLETE_ADDMONEY'	775 );

www-api/app/Controllers/WrenchApi.php

@@ -136,6 +136,9 @@ class WrenchApi extends BaseController
                 if($in['step']==300){
                     $in["action"] =  WRENCHBOARD_COMPLETE_PASSWORDRESET;
                 }
+                if($in['step']==200){
+                    $in["action"] =  WRENCHBOARD_VERIFY_PASSWD_RESETLINK;
+                }
                 break;
             case 'starttopup':
                 $in["action"] =  WRENCHBOARD_ACCOUNT_PREPARE_TOPUP;