diff --git a/wrenchboard/src/include/wrenchboard_api.h b/wrenchboard/src/include/wrenchboard_api.h index 1b4d7e24..d3524b8f 100644 --- a/wrenchboard/src/include/wrenchboard_api.h +++ b/wrenchboard/src/include/wrenchboard_api.h @@ -384,10 +384,11 @@ enum { PARTNER_STRIPE }; #define WRENCHBOARD_ADD_MONEYRECIPIENT 600 -#define WRENCHBOARD_CREATE_USER_ACCOUNT 700 -#define WRENCHBOARD_USER_ACCOUNT_LOGIN 710 -#define WRENCHBOARD_START_PASSWORDRESET 720 -#define WRENCHBOARD_COMPLETE_PASSWORDRESET 730 +#define WRENCHBOARD_CREATE_USER_ACCOUNT 700 +#define WRENCHBOARD_USER_ACCOUNT_LOGIN 710 +#define WRENCHBOARD_START_PASSWORDRESET 720 +#define WRENCHBOARD_VERIFY_PASSWD_RESETLINK 725 +#define WRENCHBOARD_COMPLETE_PASSWORDRESET 730 #define WRENCHBOARD_START_ADDMONEY 770 #define WRENCHBOARD_COMPLETE_ADDMONEY 775 diff --git a/wrenchboard/src/shared_tool/account.cc b/wrenchboard/src/shared_tool/account.cc index a1a8468f..1ac35658 100644 --- a/wrenchboard/src/shared_tool/account.cc +++ b/wrenchboard/src/shared_tool/account.cc @@ -1127,6 +1127,8 @@ long WrenchResetMemberPass(CVars in, CVars &out) { xx["loc"].set_valid(true); xx["reset_pin"] = reset_pin; xx["reset_pin"].set_valid(true); + xx["reset_pin"] = xx["reset_pin"].substr(xx["reset_pin"].length() - 6, 6); + // v["digits"] = in["cardnumber"].substr(in["cardnumber"].length() - 4, 4); out["password_reset_id"] = insert_db_record(DBS_VALID, "password_reset", "password_reset_id_seq", xx); diff --git a/wrenchboard/src/shared_tool/wrenchboard_api_main.cc b/wrenchboard/src/shared_tool/wrenchboard_api_main.cc index 4319c070..4449dd37 100644 --- a/wrenchboard/src/shared_tool/wrenchboard_api_main.cc +++ b/wrenchboard/src/shared_tool/wrenchboard_api_main.cc @@ -396,6 +396,44 @@ long wrenchboard_api_main(CVars in, CVars &out) { break; + case WRENCHBOARD_VERIFY_PASSWD_RESETLINK: + OPTIONAL(in, "channel") REQ_STRING(in, "channel", 3, 15, "(.*)"); + + + if ( in["channel"]=="MOBILE"){ + REQ_STRING(in, "reset_uid", 1, 100, "(.*)"); + REQ_STRING(in, "m_uid", 1, 100, "(.*)"); + REQ_STRING(in, "reset_pin", 1, 15, "(.*)"); + + CVars xx; + if (load_db_record(xx, "SELECT p.id AS lostpass_id,p.member_id, p.uid AS pending_uid " + " FROM password_reset p LEFT JOIN members m ON m.id = p.member_id " + " WHERE p.uid ='%s' AND p.reset_pin='%s' AND p.status IN (0,1) AND m.uid='%s'", in["reset_uid"].c_str(), in["reset_pin"].c_str(), in["m_uid"].c_str())) { + in["reset_link"] = xx["pass_link"]; in["reset_link"] .set_valid( true ); + + } + else{ + out["status"] = "Invalid"; + out["status_msg"] = "invalid_password_link_verification"; + return -1; + } + } + + REQ_STRING(in, "reset_link", 1, 100, "(.*)"); + if (load_db_record(out, "SELECT p.id AS lostpass_id,p.member_id, p.uid AS pending_uid FROM password_reset p LEFT JOIN members m ON m.id = p.member_id WHERE p.pass_link ='%s' AND p.status IN (0,1)", in["reset_link"].c_str())) { + if (out["lostpass_id"].Long() > 0){ + pgsql_exec("UPDATE password_reset SET status = 3 WHERE status IN (0, 1) AND member_id=%lu AND id = %lu ", out["member_id"].Long(), out["lostpass_id"].Long()); + CompletePassResetEmail(out); + }else{ + out["status_message"] = "Invalid Request"; + } + + } else { + out["status_message"] = "Pass Reset Failed"; + return -1; + } + break; + case WRENCHBOARD_COMPLETE_PASSWORDRESET: @@ -403,7 +441,7 @@ long wrenchboard_api_main(CVars in, CVars &out) { REQ_STRING(in, "newpass", 5, 20, "(.*)"); if (load_db_record(out, "SELECT p.id AS lostpass_id,p.member_id, m.* FROM password_reset p LEFT JOIN members m ON m.id = p.member_id WHERE p.pass_link ='%s' AND p.status IN (0,1)", in["reset_link"].c_str())) { if (out["lostpass_id"].Long() > 0){ - pgsql_exec("UPDATE password_reset SET status = 5 WHERE status IN (0, 1,3) AND member_id=%lu AND id = %lu ", out["member_id"].Long(), out["lostpass_id"].Long()); + pgsql_exec("UPDATE password_reset SET status = 5 WHERE status IN (3) AND member_id=%lu AND id = %lu ", out["member_id"].Long(), out["lostpass_id"].Long()); pgsql_exec("UPDATE members SET password =md5('%s') WHERE id = %lu ", in["newpass"].c_str(), out["member_id"].Long()); CompletePassResetEmail(out); }else{ diff --git a/www-api/app/Config/Constants.php b/www-api/app/Config/Constants.php index 71ac22ce..61359cb4 100644 --- a/www-api/app/Config/Constants.php +++ b/www-api/app/Config/Constants.php @@ -362,8 +362,10 @@ define('WRENCHBOARD_ADD_MONEYRECIPIENT', 600); define('WRENCHBOARD_CREATE_USER_ACCOUNT', 700); define('WRENCHBOARD_USER_ACCOUNT_LOGIN', 710); -define('WRENCHBOARD_START_PASSWORDRESET', 720); -define('WRENCHBOARD_COMPLETE_PASSWORDRESET', 730); + +const WRENCHBOARD_START_PASSWORDRESET = 720; +const WRENCHBOARD_VERIFY_PASSWD_RESETLINK = 725; +const WRENCHBOARD_COMPLETE_PASSWORDRESET = 730; //#define WRENCHBOARD_START_ADDMONEY', 770 ); //#define WRENCHBOARD_COMPLETE_ADDMONEY' 775 ); diff --git a/www-api/app/Controllers/WrenchApi.php b/www-api/app/Controllers/WrenchApi.php index ed6ecc3b..051e1084 100644 --- a/www-api/app/Controllers/WrenchApi.php +++ b/www-api/app/Controllers/WrenchApi.php @@ -136,6 +136,9 @@ class WrenchApi extends BaseController if($in['step']==300){ $in["action"] = WRENCHBOARD_COMPLETE_PASSWORDRESET; } + if($in['step']==200){ + $in["action"] = WRENCHBOARD_VERIFY_PASSWD_RESETLINK; + } break; case 'starttopup': $in["action"] = WRENCHBOARD_ACCOUNT_PREPARE_TOPUP;