/**
* Verify the credentials given
* @param mysqli $db
* @param string $username
* @param string $resettoken
*/
function verifyResetToken($db, $username, $resettoken)
{
if ($stmt = checkprepare($db, 'SELECT UNIX_TIMESTAMP()-UNIX_TIMESTAMP(`resettime`) AS `age` FROM `users` WHERE `user`=? AND `resettoken`=?')) {
checkBindParam($db, $stmt, "ss", $username, $resettoken);
checkBindResult($db, $stmt, $age);
if (checkExecute($db, $stmt)) {
$result = $stmt->fetch();
$stmt->close();
if ($result === True) {
return $age < MAX_RESET_VALIDITY;
} else {
return False;
}
}
$stmt->close();
return False;
}
}
$secure = $host != 'localhost';
if (!$secure) {
$host = NULL;
}
} else {
$host = 'darwin.bournemouth.ac.uk';
$secure = TRUE;
}
// Actually unset the cookie
setrawcookie($DARWINCOOKIENAME, '', $cookieexpire, '/', $host, $secure);
if (isset($authtoken)) {
$db = getAuthDb();
$requestip = $_SERVER["REMOTE_ADDR"];
$stmt = checkPrepare($db, 'DELETE FROM `tokens` WHERE `ip`=? AND `token`=?');
checkBindParam($db, $stmt, "ss", $requestip, $authtoken);
checkExecute($db, $stmt);
$stmt->close();
$db->commit();
cleanTokens($db);
$db->close();
}
// Whatever happens set the user for the rest of the page to null.
setDarwinUser(NULL);
if (isset($_REQUEST['redirect'])) {
header('Location: ' . $_REQUEST['redirect']);
exit;
// Finished
} else {
if ($htmloutput) {
showSuccessScreen();
} else {
