myron/tomtomgames
1
0
Fork 0
mirror of https://github.com/myronblair/tomtomgames synced 2026-06-30 17:51:08 -05:00
Code Issues Packages Projects Releases Wiki Activity

Fix broken password reset INSERT — SQL syntax error and wrong token value

Browse Source 
The INSERT had two compounding bugs:
1. ".?" in the VALUES clause — a PHP dot inside a double-quoted string
   is a literal character, not concatenation. MySQL saw it as a syntax
   error and the INSERT always failed silently (no try/catch).
2. The token column had the literal string __reset__ hardcoded instead
   of a ? placeholder, so even if the INSERT had run, the real random
   token would never have been stored — the reset link always invalid.

Fix: VALUES ("__reset__","",?,?,?,?) with execute(alias,email,token,exp)
giving 4 placeholders for 4 params, all columns correctly bound.
This commit is contained in:
Myron Blair
2026-06-03 03:54:16 +00:00
parent ad57071f97
commit 18ec3a7143
1 changed files with 2 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
api/admin.php
+2 -3
View File
@@ -368,13 +368,12 @@ switch ($action) {
// Generate reset token — reuse pending_registrations pattern
$token = bin2hex(random_bytes(32));
$exp = date('Y-m-d H:i:s', time() + 3600); // 1 hour
db()->prepare("INSERT INTO pending_registrations (username,password,alias,email,token,expires_at) VALUES ('__reset__','',''.?,?,'__reset__',?) ON DUPLICATE KEY UPDATE token=VALUES(token),expires_at=VALUES(expires_at)")->execute([$user['alias'],$user['email'],$token,$exp]);
db()->prepare("INSERT INTO pending_registrations (username,password,alias,email,token,expires_at) VALUES ('__reset__','',?,?,?,?) ON DUPLICATE KEY UPDATE token=VALUES(token),expires_at=VALUES(expires_at)")->execute([$user['alias'],$user['email'],$token,$exp]);
// Simple reset email
$resetUrl = rtrim(SITE_URL,'/') . '/reset_password.php?token=' . urlencode($token);
$subject = SITE_NAME . ' — Password Reset Request';
$body = "Hi {$user['alias']},\n\nA password reset was requested for your account.\n\nClick here to reset: {$resetUrl}\n\nExpires in 1 hour. If you didn't request this, ignore this email.\n\n" . SITE_NAME;
$headers = "From: " . MAIL_FROM_NAME . " <" . MAIL_FROM . ">\r\nReply-To: " . MAIL_REPLY_TO;
mail($user['email'], $subject, $body, $headers, '-f' . MAIL_FROM);
cybermailSend($user['email'], $user['alias'], $subject, $body, '', ['password-reset']);
echo json_encode(['success'=>true]);
break;