gama.io
/
UnPS-API
mirror of https://github.com/gamaio/UnPS-API.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add username check to reset pass 

This feels slightly more secure
    - Can be direct session username (change password while logged on)
    - Generate key, link it to username, email key for verification
	of lost password
This commit is contained in:
Arctic Code 2013-07-26 23:47:51 -05:00
parent 688a56d184
commit 5b33d2a443
2 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
api.backend.php
View File

@ -361,7 +361,7 @@ class api{
return "APIKey reset. Key: $key";
}
function resetPass($apidb, $apikey, $udb, $email, $newpass){
function resetPass($apidb, $apikey, $udb, $username, $email, $newpass){
$apisql = "SELECT * FROM `users` WHERE `key` = '$apikey' LIMIT 1;";
if(!$result = $apidb->query($apisql)) return 'ERROR: ['.$apidb->error.']';
if($row = $result->fetch_assoc()){
@ -374,7 +374,7 @@ class api{
if(!$result = $apidb->query($apisql)) return 'ERROR: ['.$apidb->error.']';
}
$sql = "SELECT * FROM `users` WHERE `email` = '$email'";
$sql = "SELECT * FROM `users` WHERE `email` = '$email' AND `username` = '$username' LIMIT 1;";
if(!$result = $udb->query($sql)) return 'ERROR: ['.$udb->error.']';
$iterations = mt_rand(11, 51);

3
api.test.php
View File

@ -15,6 +15,7 @@ $unpsAPI = new api();
//echo $unpsAPI->regUser($apidb, '580658027', $udb, 'David', 'password123', 'tehfoxy.c0de@gmail.com'); // Register users
//echo $unpsAPI->regAPI($apidb, '580658027', 'UnPS-GAMA Link Shortener', 'tehfoxy.c0de@gmail.com', '1,0,0,0'); // Register API user
echo $unpsAPI->resetAPI($apidb, '580658027', 'UnPS-GAMA Link Shortener', 'tehfoxy.c0de@gmail.com', '279qit9');
//echo $unpsAPI->resetAPI($apidb, '580658027', 'UnPS-GAMA Link Shortener', 'tehfoxy.c0de@gmail.com', '279qit9'); // test reset api key
echo $unpsAPI->resetPass($apidb, '580658027', $udb, 'David', 'tefoxy.c0de@gmail.com', 'password1234s'); // Test change password
?>