The password reset had better work now

CosmoQuestX · Feb 18, 2020 · fb07751 · fb07751
1 parent b199570
commit fb07751
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/csb-accounts/auth-login.php b/csb-accounts/auth-login.php
@@ -77,16 +77,16 @@
             $_SESSION['errMsg'] = "found $name. ";
             rescueUser($db, "name", $name);
         } elseif ($db->checkUser('email', $email)) {
-            echo "found email $email";
             $_SESSION['errMsg'] = "found $email. ";
-            die("STILL BEING IMPLEMENTED"); // will go to rescueUser($db, "email", $email);
+            rescueUser($db, "email", $email);
         } else {
             $_SESSION['errMsg'] = "No username or email matched: $name";
             header("Location: " . $ACC_URL."/rescue.php");
         }
     } elseif ($_POST['go'] == 'passwordReset') {
         $hashed = password_hash($_POST['password'], PASSWORD_DEFAULT);
-        $query = "UPDATE users SET password ='".$hashed."',  WHERE email = '".$_POST['email']."'";
+
+        $query = "UPDATE users SET password ='".$hashed."'  WHERE email = '".$_POST['email']."'";
         $db->runQuery($query);
         header("Location: " . $ACC_URL."/rescue.php?go=success");
 

diff --git a/csb-content/templates/rescue-template.php b/csb-content/templates/rescue-template.php
@@ -32,7 +32,7 @@
             <h1>Please enter your password</h1>
             <form action="<?php echo($ACC_URL."auth-login.php"); ?>" method="post">
                 <input type="hidden" name="go" value="passwordReset">
-                <input type="hidden" name="email" value="<?php echo $_POST['email']; ?>">
+                <input type="hidden" name="email" value="<?php echo $_GET['go']; ?>">
                 <div class="error-msg"><?php if (isset($_SESSION['errMsg'])) {
                         echo "<span style=\"color: red;\">" . $_SESSION['errMsg'] . "</span>";
                         unset($_SESSION['errMsg']);