gama.io
/
UnPS-API
mirror of https://github.com/gamaio/UnPS-API.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add ability to reset password 

This is really insecure... only checks for email address
Maybe I'll design a key generation and email thing
 - (generate random pass, email to user, next login, change password)
 - Or something. This is why I don't normally include a reset password
 -- function
This commit is contained in:
Arctic Code 2013-07-24 21:34:05 -05:00
parent 3f366ff313
commit d591e1cac7
1 changed files with 27 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
api.backend.php
View File

@ -358,6 +358,33 @@ class api{
if(!$result = $apidb->query($apisql)) return 'ERROR: ['.$apidb->error.']';
return "APIKey reset. Key: $key";
}
function resetPass($apidb, $apikey, $email, $newpass){
$apisql = "SELECT * FROM `users` WHERE `key` = '$apikey' LIMIT 1;";
if(!$result = $apidb->query($apisql)) return 'ERROR: ['.$apidb->error.']';
if($row = $result->fetch_assoc()){
$canUser = 1;
$name = $row['name'];
$ip = $_SERVER['REMOTE_ADDR'];
$apisql = "INSERT INTO `apiuse` (time, name, apikey, ip, type, allowed, misc) VALUES (NOW(), '$name', '$apikey', '$ip', 'Reset User Password', '$canUser', '$email')";
if(!$result = $apidb->query($apisql)) return 'ERROR: ['.$apidb->error.']';
}
$sql = "SELECT * FROM `users` WHERE `email` = '$email'";
if(!$result = $apidb->query($apisql)) return 'ERROR: ['.$apidb->error.']';
$iterations = mt_rand(11, 51);
$password = explode("/", hashpass($password, NULL, $iterations));
$salt = $password[1];
$password = $password[0];
$sql = "UPDATE `users` (password, salt, iterations) VALUES ('$password', '$salt', '$iterations') WHERE `email` = '$email';";
if(!$result = $apidb->query($apisql)) return 'ERROR: ['.$apidb->error.']';
return "Password changed";
}
}
?>