AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Do not allow archived client contacts to reset their passwords

This commit is contained in:
johnnyq 2023-12-28 22:25:57 -05:00
parent c4e4dc3a44
commit b2dc9a123c
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
portal/login_reset.php
View File

@ -53,7 +53,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
$email = sanitizeInput($_POST['email']);
$sql = mysqli_query($mysqli, "SELECT contact_id, contact_name, contact_email, contact_client_id FROM contacts WHERE contact_email = '$email' AND contact_auth_method = 'local' LIMIT 1");
$sql = mysqli_query($mysqli, "SELECT contact_id, contact_name, contact_email, contact_client_id FROM contacts WHERE contact_email = '$email' AND contact_auth_method = 'local' AND contact_archived_at IS NULL LIMIT 1");
$row = mysqli_fetch_assoc($sql);
$id = intval($row['contact_id']);
@ -110,7 +110,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
$client = intval($_POST['client']);
// Query user
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_password_reset_token = '$token' AND contact_client_id = $client AND contact_auth_method = 'local' LIMIT 1");
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_password_reset_token = '$token' AND contact_client_id = $client AND contact_auth_method = 'local' AND contact_archived_at IS NULL LIMIT 1");
$contact_row = mysqli_fetch_array($sql);
$contact_id = intval($contact_row['contact_id']);
$name = sanitizeInput($contact_row['contact_name']);