From d591e1cac7b586bc7f68df76238df3098599dd79 Mon Sep 17 00:00:00 2001
From: Arctic Code <tehfoxy.c0de@gmail.com>
Date: Wed, 24 Jul 2013 21:34:05 -0500
Subject: [PATCH] Add ability to reset password

This is really insecure... only checks for email address
Maybe I'll design a key generation and email thing
 - (generate random pass, email to user, next login, change password)
 - Or something. This is why I don't normally include a reset password
 -- function
---
 api.backend.php | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/api.backend.php b/api.backend.php
index 87893d9..ab0c6ee 100644
--- a/api.backend.php
+++ b/api.backend.php
@@ -358,6 +358,33 @@ class api{
 		if(!$result = $apidb->query($apisql)) return 'ERROR: ['.$apidb->error.']';
 		return "APIKey reset. Key: $key";
 	}
+
+	function resetPass($apidb, $apikey, $email, $newpass){
+		$apisql = "SELECT * FROM `users` WHERE `key` = '$apikey' LIMIT 1;";
+		if(!$result = $apidb->query($apisql)) return 'ERROR: ['.$apidb->error.']';
+		if($row = $result->fetch_assoc()){
+			$canUser = 1;
+			$name = $row['name'];
+			
+			$ip = $_SERVER['REMOTE_ADDR'];
+
+			$apisql = "INSERT INTO `apiuse` (time, name, apikey, ip, type, allowed, misc) VALUES (NOW(), '$name', '$apikey', '$ip', 'Reset User Password', '$canUser', '$email')";
+			if(!$result = $apidb->query($apisql)) return 'ERROR: ['.$apidb->error.']';
+		}
+		
+		$sql = "SELECT * FROM `users` WHERE `email` = '$email'";
+		if(!$result = $apidb->query($apisql)) return 'ERROR: ['.$apidb->error.']';
+
+		$iterations = mt_rand(11, 51);
+		$password = explode("/", hashpass($password, NULL, $iterations));
+		$salt = $password[1];
+		$password = $password[0];
+
+		$sql = "UPDATE `users` (password, salt, iterations) VALUES ('$password', '$salt', '$iterations') WHERE `email` = '$email';";
+		if(!$result = $apidb->query($apisql)) return 'ERROR: ['.$apidb->error.']';
+		return "Password changed";
+
+	}
 }
 
 ?>
\ No newline at end of file