From 82d234c4d559a80ab33b682e004e5991f65a8017 Mon Sep 17 00:00:00 2001
From: canyonknight <canyonknight@gmail.com>
Date: Wed, 23 May 2012 15:30:21 -0400
Subject: passreset.php: Pull out DB code

* Move DB code in passreset.php to new functions in acctfuncs.inc.php
* Centralization of DB code important in a future transition to PDO interface

Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
---
 web/lib/acctfuncs.inc.php | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

(limited to 'web/lib/acctfuncs.inc.php')

diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
index ecb9f99c..31c43dbf 100644
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@@ -580,6 +580,40 @@ function add_tu_proposal($agenda, $user, $votelength, $submitteruid, $dbh=NULL)
 
 }
 
+# Add a reset key for a specific user
+function create_resetkey($resetkey, $uid, $dbh=NULL) {
+	if(!$dbh) {
+		$dbh = db_connect();
+	}
+	$q = "UPDATE Users ";
+	$q.= "SET ResetKey = '" . $resetkey . "' ";
+	$q.= "WHERE ID = " . $uid;
+	db_query($q, $dbh);
+}
+
+# Change a password and save the salt only if reset key and email are correct
+function password_reset($hash, $salt, $resetkey, $email, $dbh=NULL) {
+	if(!$dbh) {
+		$dbh = db_connect();
+	}
+	$q = "UPDATE Users ";
+	$q.= "SET Passwd = '$hash', ";
+	$q.= "Salt = '$salt', ";
+	$q.= "ResetKey = '' ";
+	$q.= "WHERE ResetKey != '' ";
+	$q.= "AND ResetKey = '".db_escape_string($resetkey)."' ";
+	$q.= "AND Email = '".db_escape_string($email)."'";
+	$result = db_query($q, $dbh);
+
+	if (!mysql_affected_rows($dbh)) {
+		$error = __('Invalid e-mail and reset key combination.');
+		return $error;
+	} else {
+		header('Location: passreset.php?step=complete');
+		exit();
+	}
+}
+
 function good_passwd($passwd) {
 	if ( strlen($passwd) >= PASSWD_MIN_LEN ) {
 		return true;
-- 
cgit v1.2.3-24-g4f1b