Exemplo n.º 1
0
/**
 * Verify the credentials given
 * @param mysqli $db
 * @param string $username
 * @param string $resettoken
 */
function verifyResetToken($db, $username, $resettoken)
{
    if ($stmt = checkprepare($db, 'SELECT UNIX_TIMESTAMP()-UNIX_TIMESTAMP(`resettime`) AS `age` FROM `users` WHERE `user`=? AND `resettoken`=?')) {
        checkBindParam($db, $stmt, "ss", $username, $resettoken);
        checkBindResult($db, $stmt, $age);
        if (checkExecute($db, $stmt)) {
            $result = $stmt->fetch();
            $stmt->close();
            if ($result === True) {
                return $age < MAX_RESET_VALIDITY;
            } else {
                return False;
            }
        }
        $stmt->close();
        return False;
    }
}
Exemplo n.º 2
0
     $secure = $host != 'localhost';
     if (!$secure) {
         $host = NULL;
     }
 } else {
     $host = 'darwin.bournemouth.ac.uk';
     $secure = TRUE;
 }
 // Actually unset the cookie
 setrawcookie($DARWINCOOKIENAME, '', $cookieexpire, '/', $host, $secure);
 if (isset($authtoken)) {
     $db = getAuthDb();
     $requestip = $_SERVER["REMOTE_ADDR"];
     $stmt = checkPrepare($db, 'DELETE FROM `tokens` WHERE `ip`=? AND `token`=?');
     checkBindParam($db, $stmt, "ss", $requestip, $authtoken);
     checkExecute($db, $stmt);
     $stmt->close();
     $db->commit();
     cleanTokens($db);
     $db->close();
 }
 // Whatever happens set the user for the rest of the page to null.
 setDarwinUser(NULL);
 if (isset($_REQUEST['redirect'])) {
     header('Location: ' . $_REQUEST['redirect']);
     exit;
     // Finished
 } else {
     if ($htmloutput) {
         showSuccessScreen();
     } else {