gama.io/UnPS-API
1
0
Fork 0
mirror of https://github.com/gamaio/UnPS-API.git synced 2025-08-13 02:08:45 +00:00
Code Issues Projects Releases Wiki Activity

Add username check to reset pass

Browse Source 
This feels slightly more secure
    - Can be direct session username (change password while logged on)
    - Generate key, link it to username, email key for verification
	of lost password
This commit is contained in:
Arctic Code
2013-07-26 23:47:51 -05:00
parent 688a56d184
commit 5b33d2a443
2 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
api.backend.php
View File

@@ -361,7 +361,7 @@ class api{
return "APIKey reset. Key: $key";
}
function resetPass($apidb, $apikey, $udb, $email, $newpass){
function resetPass($apidb, $apikey, $udb, $username, $email, $newpass){
$apisql = "SELECT * FROM `users` WHERE `key` = '$apikey' LIMIT 1;";
if(!$result = $apidb->query($apisql)) return 'ERROR: ['.$apidb->error.']';
if($row = $result->fetch_assoc()){
@@ -374,7 +374,7 @@ class api{
if(!$result = $apidb->query($apisql)) return 'ERROR: ['.$apidb->error.']';
}
$sql = "SELECT * FROM `users` WHERE `email` = '$email'";
$sql = "SELECT * FROM `users` WHERE `email` = '$email' AND `username` = '$username' LIMIT 1;";
if(!$result = $udb->query($sql)) return 'ERROR: ['.$udb->error.']';
$iterations = mt_rand(11, 51);