From 82d234c4d559a80ab33b682e004e5991f65a8017 Mon Sep 17 00:00:00 2001 From: canyonknight Date: Wed, 23 May 2012 15:30:21 -0400 Subject: passreset.php: Pull out DB code * Move DB code in passreset.php to new functions in acctfuncs.inc.php * Centralization of DB code important in a future transition to PDO interface Signed-off-by: canyonknight Signed-off-by: Lukas Fleischer --- web/lib/acctfuncs.inc.php | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) (limited to 'web/lib/acctfuncs.inc.php') diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php index ecb9f99..31c43db 100644 --- a/web/lib/acctfuncs.inc.php +++ b/web/lib/acctfuncs.inc.php @@ -580,6 +580,40 @@ function add_tu_proposal($agenda, $user, $votelength, $submitteruid, $dbh=NULL) } +# Add a reset key for a specific user +function create_resetkey($resetkey, $uid, $dbh=NULL) { + if(!$dbh) { + $dbh = db_connect(); + } + $q = "UPDATE Users "; + $q.= "SET ResetKey = '" . $resetkey . "' "; + $q.= "WHERE ID = " . $uid; + db_query($q, $dbh); +} + +# Change a password and save the salt only if reset key and email are correct +function password_reset($hash, $salt, $resetkey, $email, $dbh=NULL) { + if(!$dbh) { + $dbh = db_connect(); + } + $q = "UPDATE Users "; + $q.= "SET Passwd = '$hash', "; + $q.= "Salt = '$salt', "; + $q.= "ResetKey = '' "; + $q.= "WHERE ResetKey != '' "; + $q.= "AND ResetKey = '".db_escape_string($resetkey)."' "; + $q.= "AND Email = '".db_escape_string($email)."'"; + $result = db_query($q, $dbh); + + if (!mysql_affected_rows($dbh)) { + $error = __('Invalid e-mail and reset key combination.'); + return $error; + } else { + header('Location: passreset.php?step=complete'); + exit(); + } +} + function good_passwd($passwd) { if ( strlen($passwd) >= PASSWD_MIN_LEN ) { return true; -- cgit v1.2.3-70-g09d2