Commit Graph

4 Commits

Author SHA1 Message Date
myron 497071e1b7 Fix pending_signups stat pollution and use branded reset email
- pending_signups stat and list queries now filter username != __reset__
  so active password-reset rows no longer inflate the signup counter or
  appear in the admin pending-signups list
- send_password_reset now calls sendPasswordResetEmail() from mailer.php
  instead of building a plain-text cybermailSend() call inline; the
  wrapper sends a branded dark-theme HTML email matching the verification
  email style
2026-06-03 06:01:49 +00:00
myron 5b364db2a5 Surface cybermailSend failure to admin on password reset
Previously the endpoint always returned success:true regardless of
whether the email was actually delivered. Now captures the bool return
value and returns success:false with an error message if CyberMail
fails, so the admin knows to retry rather than assuming delivery.
2026-06-03 03:57:22 +00:00
myron 18ec3a7143 Fix broken password reset INSERT — SQL syntax error and wrong token value
The INSERT had two compounding bugs:
1. ".?" in the VALUES clause — a PHP dot inside a double-quoted string
   is a literal character, not concatenation. MySQL saw it as a syntax
   error and the INSERT always failed silently (no try/catch).
2. The token column had the literal string __reset__ hardcoded instead
   of a ? placeholder, so even if the INSERT had run, the real random
   token would never have been stored — the reset link always invalid.

Fix: VALUES ("__reset__","",?,?,?,?) with execute(alias,email,token,exp)
giving 4 placeholders for 4 params, all columns correctly bound.
2026-06-03 03:54:16 +00:00
myron 2e587941c2 Initial commit 2026-05-22 12:52:50 +00:00