This commit is contained in:
@@ -11,12 +11,13 @@ if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
||||
include "../../config/config.php";
|
||||
include "../utils/get_location.php";
|
||||
$username=$_SESSION["username"] ?? "";
|
||||
$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD, $DB_DATABASE);
|
||||
check_rate_limit($conn, 'send_reset_link', 3, 60 * 60, $username);
|
||||
if ($username === "") {
|
||||
echo json_encode(['success' => false, 'message' => 'Missing username.']);
|
||||
exit;
|
||||
}
|
||||
$sql="SELECT id, email, telegram_id FROM users WHERE username = ?;";
|
||||
$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD, $DB_DATABASE);
|
||||
$mail="";
|
||||
$id="";
|
||||
$telegram_id="";
|
||||
@@ -40,6 +41,7 @@ $ip=trim(explode(",",$forwarded_for)[0]);
|
||||
$location=get_location_from_ip($ip);
|
||||
$date=date('Y-m-d H:i:s');
|
||||
$token=bin2hex(random_bytes(128));
|
||||
$token_hash=auth_token_hash($token);
|
||||
$link="https://auth.jakach.ch/login/reset_pw.php?token=$token";
|
||||
|
||||
$message = "*Password reset token*\n\n"
|
||||
@@ -648,7 +650,7 @@ if(!empty($mail)){
|
||||
$valid_until=time()+(12 * 60 * 60);
|
||||
$sql="INSERT INTO reset_tokens (auth_token, user_id,valid_until) VALUES (?,?,?);";
|
||||
$stmt = mysqli_prepare($conn, $sql);
|
||||
mysqli_stmt_bind_param($stmt, 'sii', $token,$id,$valid_until);
|
||||
mysqli_stmt_bind_param($stmt, 'sii', $token_hash,$id,$valid_until);
|
||||
mysqli_stmt_execute($stmt);
|
||||
mysqli_stmt_close($stmt);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user