1
0
mirror of https://github.com/delight-im/PHP-Auth.git synced 2025-07-10 19:16:22 +02:00

Postpone validation of new password in 'Auth#resetPassword'

This commit is contained in:
Marco
2016-08-20 21:48:53 +02:00
parent 53e1a5c1fc
commit c5e3bd191d

View File

@ -781,8 +781,6 @@ class Auth {
$this->throttle(self::THROTTLE_ACTION_CONSUME_TOKEN);
$this->throttle(self::THROTTLE_ACTION_CONSUME_TOKEN, $selector);
$newPassword = self::validatePassword($newPassword);
$stmt = $this->db->prepare("SELECT id, user, token, expires FROM users_resets WHERE selector = :selector");
$stmt->bindValue(':selector', $selector, \PDO::PARAM_STR);
if ($stmt->execute()) {
@ -791,6 +789,8 @@ class Auth {
if ($resetData !== false) {
if (password_verify($token, $resetData['token'])) {
if ($resetData['expires'] >= time()) {
$newPassword = self::validatePassword($newPassword);
$this->updatePassword($resetData['user'], $newPassword);
$stmt = $this->db->prepare("DELETE FROM users_resets WHERE id = :id");