/**
* @param mysqli $db
*/
function updateauthtoken($db)
{
if (isset($_COOKIE['DWNID'])) {
$cookie = $_COOKIE['DWNID'];
if ($stmt = checkPrepare($db, "UPDATE `tokens` SET `epoch`=UNIX_TIMESTAMP() WHERE token=?")) {
checkBindParam($db, $stmt, "s", $cookie);
if ($stmt->execute()) {
$db->commit();
} else {
$db->rollback();
}
$stmt->close();
}
}
}
if (isset($_SERVER['HTTP_HOST'])) {
$host = $_SERVER['HTTP_HOST'];
$secure = $host != 'localhost';
if (!$secure) {
$host = NULL;
}
} else {
$host = 'darwin.bournemouth.ac.uk';
$secure = TRUE;
}
// Actually unset the cookie
setrawcookie($DARWINCOOKIENAME, '', $cookieexpire, '/', $host, $secure);
if (isset($authtoken)) {
$db = getAuthDb();
$requestip = $_SERVER["REMOTE_ADDR"];
$stmt = checkPrepare($db, 'DELETE FROM `tokens` WHERE `ip`=? AND `token`=?');
checkBindParam($db, $stmt, "ss", $requestip, $authtoken);
checkExecute($db, $stmt);
$stmt->close();
$db->commit();
cleanTokens($db);
$db->close();
}
// Whatever happens set the user for the rest of the page to null.
setDarwinUser(NULL);
if (isset($_REQUEST['redirect'])) {
header('Location: ' . $_REQUEST['redirect']);
exit;
// Finished
} else {
if ($htmloutput) {
if ($resettime !== NULL && $resettime < MIN_RESET_DELAY) {
$db->close();
handleError("Only one reset attempt allowed per " . MIN_RESET_DELAY . "seconds");
}
$db->autocommit(FALSE);
$fp = fopen('/dev/urandom', 'rb');
if ($fp !== FALSE) {
$token = bin2hex(fread($fp, 10));
// 20 characters
fclose($fp);
} else {
$db->close();
handleError("urandom not available");
$token = bin2hex(mt_rand());
}
$stmt = checkPrepare($db, "UPDATE `users` SET `resettoken`=?, `resettime`=NOW() WHERE `user`=?");
checkBindParam($db, $stmt, "ss", $token, $user);
checkExecute($db, $stmt);
if ($stmt->affected_rows != 1) {
$stmt->close();
$db->rollback();
$db->close();
handleError("Updating reset token affected " . $stmt->affected_rows . " rows");
exit;
} else {
$db->commit();
}
$db->close();
$reseturl = 'https://darwin.bournemouth.ac.uk/accounts/chpasswd?user='******'&resettoken=' . $token;
$mailbody = "<html><head><title>Darwin account password reset</title></head><body>\n" . '<p>Please visit <a href="' . $reseturl . '">' . $reseturl . "</a> to reset your password.</p>\n" . '<p>This token will be valid for 30 minutes. If you didn' . "'t initiate the reset,\n you can safely ignore this message</p>\n</body></html>";
if (mail($user . "@bournemouth.ac.uk", 'Darwin account password reset', $mailbody, "From: Darwin Automated Admin<*****@*****.**>\nContent-Type: text/html; charset=utf8")) {
