Author
|
zPlus <->
2016-07-14 09:38:25
|
Committer
|
zPlus <->
2016-07-14 09:38:25
|
Commit
|
677914e
(patch)
|
Tree
|
1a1e171
|
Parent(s)
|
|
Fix password reset: the new password did not replace the old one
commits diff:
e9dff48..677914e
2 files changed,
3 insertions,
6 deletions
—
download
Diffstat
Diff options
+2/-5
M database.php
1210
|
1210
|
|
|
1211
|
1211
|
|
$this->database->beginTransaction();
|
1212
|
1212
|
|
|
1213
|
|
- |
// Get the user
|
1214
|
|
- |
$user = self::get_post ($user_hash_id);
|
1215
|
|
- |
|
1216
|
1213
|
|
// Generate a new secret token (used for validation)
|
1217
|
1214
|
|
$token = self::get_random_string (32);
|
1218
|
1215
|
|
|
1232
|
1229
|
|
|
1233
|
1230
|
|
$query->execute (array ($token, $user_hash_id));
|
1234
|
1231
|
|
|
1235
|
|
- |
$affected_rows = $query->rowCount();
|
|
1232
|
+ |
$affected_rows = $query->rowCount ();
|
1236
|
1233
|
|
|
1237
|
1234
|
|
$this->database->commit ();
|
1238
|
1235
|
|
|
1257
|
1254
|
|
|
1258
|
1255
|
|
$query = $this->database->prepare (
|
1259
|
1256
|
|
'UPDATE `user`' .
|
1260
|
|
- |
'SET `password` = SHA2(CONCAT(?, `salt`), 512), `passwordResetToken` = "", `passwordResetTokenExpire` = NULL ' .
|
|
1257
|
+ |
'SET `password` = SHA2(CONCAT(?, `salt`), 512), `passwordResetToken` = NULL, `passwordResetTokenExpire` = NULL ' .
|
1261
|
1258
|
|
'WHERE `passwordResetToken` = ? AND `passwordResetTokenExpire` > NOW()');
|
1262
|
1259
|
|
|
1263
|
1260
|
|
$query->execute (array ($new_password, $token));
|
+1/-1
M template/login_reset.twig
2
|
2
|
|
|
3
|
3
|
|
<div class="login">
|
4
|
4
|
|
{% if feedback %}
|
5
|
|
- |
<div class="feedback">
|
|
5
|
+ |
<div class="alert bg-danger">
|
6
|
6
|
|
{{ feedback }}
|
7
|
7
|
|
</div>
|
8
|
8
|
|
{% endif %}
|