This commit is contained in:
@@ -15,13 +15,15 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD, $DB_DATABASE);
|
||||
|
||||
$token = $_POST['token'];
|
||||
$token_hash = auth_token_hash($token);
|
||||
$user_id="";
|
||||
$valid_until=0;
|
||||
$password = $_POST['password'];
|
||||
$confirmPassword = $_POST['confirm_password'];
|
||||
$sql="SELECT user_id, valid_until FROM reset_tokens WHERE auth_token=?;";
|
||||
check_rate_limit($conn, 'reset_pw', 5, 60 * 60, $token_hash);
|
||||
$stmt = mysqli_prepare($conn, $sql);
|
||||
mysqli_stmt_bind_param($stmt, 's', $token);
|
||||
mysqli_stmt_bind_param($stmt, 's', $token_hash);
|
||||
mysqli_stmt_execute($stmt);
|
||||
mysqli_stmt_store_result($stmt);
|
||||
mysqli_stmt_bind_result($stmt, $user_id,$valid_until);
|
||||
@@ -47,6 +49,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
if ($update_stmt = $conn->prepare($update_sql)) {
|
||||
$update_stmt->bind_param("ssi", $hashed_password, $new_pepper, $user_id);
|
||||
if ($update_stmt->execute()) {
|
||||
clear_rate_limit($conn, 'reset_pw', $token_hash);
|
||||
echo json_encode(['status' => 'success','success' => true, 'message' => 'Password updated successfully.']);
|
||||
} else {
|
||||
echo json_encode(['success' => false, 'message' => 'Failed to update password.']);
|
||||
@@ -62,7 +65,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
//remove token
|
||||
$sql="DELETE FROM reset_tokens WHERE auth_token = ?;";
|
||||
$stmt = mysqli_prepare($conn, $sql);
|
||||
mysqli_stmt_bind_param($stmt, 's', $token);
|
||||
mysqli_stmt_bind_param($stmt, 's', $token_hash);
|
||||
mysqli_stmt_execute($stmt);
|
||||
mysqli_stmt_close($stmt);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user