AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix Client Self Service Password Reset due to new mail queue system change

This commit is contained in:
johnnyq 2023-12-27 22:06:19 -05:00
parent a966fc9395
commit 58c7dfe2c8
1 changed files with 8 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
portal/login_reset.php
View File

@ -57,7 +57,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
$row = mysqli_fetch_assoc($sql);
$id = intval($row['contact_id']);
$name = $row['contact_name'];
$name = sanitizeInput($row['contact_name']);
$client = intval($row['contact_client_id']);
if ($row['contact_email'] == $email) {
@ -68,8 +68,8 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
// Send reset email
$subject = "Password reset for $company_name ITFlow Portal";
$body = "Hello, $name<br><br>Someone (probably you) has requested a new password for your account on $company_name's ITFlow Client Portal. <br><br><b>Please <a href='$url'>click here</a> to reset your password.</b> <br><br>Alternatively, copy and paste this URL into your browser:<br> $url<br><br><i>If you didn't request this change, you can safely ignore this email.</i><br><br>~<br>$company_name<br>Support Department<br>$config_mail_from_email";
$subject = mysqli_real_escape_string($mysqli, "Password reset for $company_name ITFlow Portal");
$body = mysqli_real_escape_string($mysqli, "Hello, $name<br><br>Someone (probably you) has requested a new password for your account on $company_name's ITFlow Client Portal. <br><br><b>Please <a href='$url'>click here</a> to reset your password.</b> <br><br>Alternatively, copy and paste this URL into your browser:<br> $url<br><br><i>If you didn't request this change, you can safely ignore this email.</i><br><br>~<br>$company_name<br>Support Department<br>$config_mail_from_email");
$data = [
[
@ -113,19 +113,19 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_password_reset_token = '$token' AND contact_client_id = $client AND contact_auth_method = 'local' LIMIT 1");
$contact_row = mysqli_fetch_array($sql);
$contact_id = intval($contact_row['contact_id']);
$name = $contact_row['contact_name'];
$name = sanitizeInput($contact_row['contact_name']);
// Ensure the token is correct
if (sha1($contact_row['contact_password_reset_token']) == sha1($token)) {
// Set password, invalidate token, logging
$password = mysqli_real_escape_string($mysqli, password_hash($_POST['new_password'], PASSWORD_DEFAULT));
$password = password_hash($_POST['new_password'], PASSWORD_DEFAULT);
mysqli_query($mysqli, "UPDATE contacts SET contact_password_hash = '$password', contact_password_reset_token = NULL WHERE contact_id = $contact_id LIMIT 1");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = 'Reset portal password for $email.', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client");
// Send confirmation email
$subject = "Password reset confirmation for $company_name ITFlow Portal";
$body = "Hello, $name<br><br>Your password for your account on $company_name's ITFlow Client Portal was successfully reset. You should be all set! <br><br><b>If you didn't reset your password, please get in touch ASAP.</b><br><br>~<br>$company_name<br>Support Department<br>$config_mail_from_email";
$subject = mysqli_real_escape_string($mysqli, "Password reset confirmation for $company_name ITFlow Portal");
$body = mysqli_real_escape_string($mysqli, "Hello, $name<br><br>Your password for your account on $company_name's ITFlow Client Portal was successfully reset. You should be all set! <br><br><b>If you didn't reset your password, please get in touch ASAP.</b><br><br>~<br>$company_name<br>Support Department<br>$config_mail_from_email");
$data = [
@ -137,7 +137,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
'subject' => $subject,
'body' => $body
]
];
];
$mail = addToMailQueue($mysqli, $data);
@ -156,7 +156,6 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
$_SESSION['login_message'] = WORDING_ERROR;
}
}