CMXX - Changed history to equipment_history

2024-12-02 15:40:05 +01:00
parent 868d73c6b5
commit ad51669e32
17 changed files with 103 additions and 68 deletions
--- a/api/v1/authorization.php
+++ b/api/v1/authorization.php
@@ -114,16 +114,34 @@ if ($stmt->rowCount() == 1) {
    }
 } elseif (array_key_exists('resetkey', $user_credentials)) {
    if ($user_credentials['resetkey'] != ''){
-    //UPDATE PASSWORD BASED ON RESETKEY
-    $password = $user_credentials['password'];
-    $passwordvalid = password_hash($password, PASSWORD_DEFAULT);
-    $stmt = $pdo->prepare('UPDATE users SET password = ? WHERE resetkey = ? ');
-    $stmt->execute([$passwordvalid, $user_credentials['resetkey']]);

-    //
-    } else {
+        //check if resetkey is still valid
+        $is_resetkey_valid = is_jwt_valid($user_credentials['resetkey']);
+    
+        if($is_resetkey_valid) {
+            $password = $user_credentials['password'];
+    
+            if (strlen(trim($password)) < 6){
+                //Return bad request
+                http_response_code(400);    
+            } 
+            else {
+                //UPDATE PASSWORD BASED ON RESETKEY
+                $passwordvalid = password_hash($password, PASSWORD_DEFAULT);
+                $stmt = $pdo->prepare('UPDATE users SET password = ? WHERE resetkey = ? ');
+                $stmt->execute([$passwordvalid, $user_credentials['resetkey']]);
+            }
+    
+        } else {
+            http_response_code(403);//Not authorized
+        }
+    
+        //
+    } else 
+    {
        http_response_code(403);//Not authorized
    }
+
 }
 else 
 {