From 8e1ccf7c1b58e41fe8c1e8724e43a45414d5efa5 Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Wed, 29 Nov 2023 21:45:42 +0900
Subject: [PATCH] Separate procMemberResetPassword action from
 procMemberModifyPassword

---
 modules/member/conf/module.xml                |   3 +-
 modules/member/member.controller.php          | 102 +++++++++++-------
 modules/member/queries/deleteAuthMail.xml     |   3 +-
 modules/member/queries/getAuthMail.xml        |   4 +-
 .../member/skins/default/reset_password.html  |   4 +-
 5 files changed, 73 insertions(+), 43 deletions(-)

diff --git a/modules/member/conf/module.xml b/modules/member/conf/module.xml
index b3e730222..419b5d809 100644
--- a/modules/member/conf/module.xml
+++ b/modules/member/conf/module.xml
@@ -49,7 +49,8 @@
 		<action name="procMemberConfirmVerificationSMS" type="controller" />
 		<action name="procMemberModifyInfoBefore" type="controller" permission="member" ruleset="recheckedPassword" />
 		<action name="procMemberModifyInfo" type="controller" permission="member" />
-		<action name="procMemberModifyPassword" type="controller" permission="guest" ruleset="modifyPassword" />
+		<action name="procMemberModifyPassword" type="controller" permission="member" ruleset="modifyPassword" />
+		<action name="procMemberResetPassword" type="controller" />
 		<action name="procMemberModifyEmailAddress" type="controller" permission="member" ruleset="modifyEmailAddress" />
 		<action name="procMemberLeave" type="controller" permission="member" ruleset="leaveMember" />
 		<action name="procMemberInsertProfileImage" type="controller" permission="member" ruleset="insertProfileImage" />
diff --git a/modules/member/member.controller.php b/modules/member/member.controller.php
index 292553d12..bc2025f78 100644
--- a/modules/member/member.controller.php
+++ b/modules/member/member.controller.php
@@ -1146,28 +1146,11 @@ class MemberController extends Member
 	 *
 	 * @return void|Object (void : success, Object : fail)
 	 */
-	function procMemberModifyPassword()
+	public function procMemberModifyPassword()
 	{
-		// Check if this request comes from password reset
 		$config = MemberModel::getMemberConfig();
 		$vars = Context::getRequestVars();
-		$is_password_reset = (($config->password_reset_method ?? 1) == 2 && !empty($vars->auth_key) && !empty($vars->member_srl) && $vars->auth_key === $vars->current_password);
-		if ($is_password_reset)
-		{
-			$output = executeQuery('member.getAuthMail', ['member_srl' => $vars->member_srl, 'auth_key' => $vars->auth_key]);
-			if(!$output->toBool() || $output->data->auth_key !== $vars->auth_key)
-			{
-				executeQuery('member.deleteAuthMail', ['member_srl' => $vars->member_srl, 'auth_key' => $vars->auth_key]);
-				throw new Rhymix\Framework\Exception('msg_invalid_auth_key');
-			}
-			$expires = (intval($config->authmail_expires) * intval($config->authmail_expires_unit)) ?: 86400;
-			if(ztime($output->data->regdate) < time() - $expires)
-			{
-				executeQuery('member.deleteAuthMail', ['member_srl' => $vars->member_srl, 'auth_key' => $vars->auth_key]);
-				throw new Rhymix\Framework\Exception('msg_expired_auth_key');
-			}
-		}
-		if (!$is_password_reset && !$this->user->member_srl)
+		if (!$this->user->member_srl)
 		{
 			throw new Rhymix\Framework\Exceptions\MustLogin;
 		}
@@ -1177,23 +1160,13 @@ class MemberController extends Member
 		$password = trim($vars->password1);
 
 		// Get information of logged-in user
-		if ($is_password_reset)
-		{
-			$member_srl = $vars->member_srl;
-		}
-		else
-		{
-			$member_srl = $this->user->member_srl;
-		}
+		$member_srl = $this->user->member_srl;
 		$member_info = MemberModel::getMemberInfoByMemberSrl($member_srl);
 
 		// Verify the current password
-		if (!$is_password_reset)
+		if (!MemberModel::isValidPassword($member_info->password, $current_password, $member_srl))
 		{
-			if (!MemberModel::isValidPassword($member_info->password, $current_password, $member_srl))
-			{
-				throw new Rhymix\Framework\Exception('invalid_current_password');
-			}
+			throw new Rhymix\Framework\Exception('invalid_current_password');
 		}
 
 		// Check if a new password is as same as the previous password
@@ -1225,10 +1198,6 @@ class MemberController extends Member
 		{
 			$returnUrl = Context::get('success_return_url');
 		}
-		elseif ($is_password_reset)
-		{
-			$returnUrl = getNotEncodedUrl('', 'mid', Context::get('mid'), 'act', 'dispMemberLoginForm');
-		}
 		else
 		{
 			$returnUrl = getNotEncodedUrl('', 'mid', Context::get('mid'), 'act', 'dispMemberInfo');
@@ -1236,6 +1205,67 @@ class MemberController extends Member
 		$this->setRedirectUrl($returnUrl);
 	}
 
+	/**
+	 * Change password using auth_key instead of current password
+	 */
+	public function procMemberResetPassword()
+	{
+		$config = MemberModel::getMemberConfig();
+		$vars = Context::getRequestVars();
+
+		// Check auth_key
+		if (empty($vars->auth_key))
+		{
+			throw new Rhymix\Framework\Exceptions\InvalidRequest;
+		}
+
+		$output = executeQuery('member.getAuthMail', ['auth_key' => $vars->auth_key]);
+		if(!$output->toBool() || $output->data->auth_key !== $vars->auth_key)
+		{
+			executeQuery('member.deleteAuthMail', ['auth_key' => $vars->auth_key]);
+			throw new Rhymix\Framework\Exception('msg_invalid_auth_key');
+		}
+
+		$expires = (intval($config->authmail_expires) * intval($config->authmail_expires_unit)) ?: 86400;
+		if(ztime($output->data->regdate) < time() - $expires)
+		{
+			executeQuery('member.deleteAuthMail', ['auth_key' => $vars->auth_key]);
+			throw new Rhymix\Framework\Exception('msg_expired_auth_key');
+		}
+
+		// Extract the necessary information in advance
+		$member_srl = $output->data->member_srl;
+
+		// Update the password
+		$args = new stdClass;
+		$args->member_srl = $member_srl;
+		$args->password = trim($vars->password1);
+		$output = $this->updateMemberPassword($args);
+		if (!$output->toBool())
+		{
+			return $output;
+		}
+
+		// Log out all other sessions.
+		if ($config->password_change_invalidate_other_sessions === 'Y')
+		{
+			Rhymix\Framework\Session::destroyOtherSessions($member_srl);
+		}
+
+		$this->add('member_srl', $member_srl);
+		$this->setMessage('member.msg_password_changed');
+
+		if (Context::get('success_return_url'))
+		{
+			$returnUrl = Context::get('success_return_url');
+		}
+		else
+		{
+			$returnUrl = getNotEncodedUrl('', 'mid', Context::get('mid'), 'act', 'dispMemberLoginForm');
+		}
+		$this->setRedirectUrl($returnUrl);
+	}
+
 	/**
 	 * Membership withdrawal
 	 *
diff --git a/modules/member/queries/deleteAuthMail.xml b/modules/member/queries/deleteAuthMail.xml
index c5138d55e..97bb4f6b7 100644
--- a/modules/member/queries/deleteAuthMail.xml
+++ b/modules/member/queries/deleteAuthMail.xml
@@ -3,6 +3,7 @@
         <table name="member_auth_mail" />
     </tables>
     <conditions>
-        <condition operation="equal" column="member_srl" var="member_srl" notnull="notnull" />
+		<condition operation="equal" column="member_srl" var="member_srl" />
+        <condition operation="equal" column="auth_key" var="auth_key" />
     </conditions>
 </query>
diff --git a/modules/member/queries/getAuthMail.xml b/modules/member/queries/getAuthMail.xml
index 400c048fc..f12ef3f6a 100644
--- a/modules/member/queries/getAuthMail.xml
+++ b/modules/member/queries/getAuthMail.xml
@@ -6,7 +6,7 @@
         <column name="*" />
     </columns>
     <conditions>
-        <condition operation="equal" column="member_srl" var="member_srl" notnull="notnull" />
-        <condition operation="equal" column="auth_key" var="auth_key" pipe="and" />
+        <condition operation="equal" column="member_srl" var="member_srl" />
+        <condition operation="equal" column="auth_key" var="auth_key" />
     </conditions>
 </query>
diff --git a/modules/member/skins/default/reset_password.html b/modules/member/skins/default/reset_password.html
index ad060867e..3445052f5 100644
--- a/modules/member/skins/default/reset_password.html
+++ b/modules/member/skins/default/reset_password.html
@@ -7,12 +7,10 @@
 </div>
 <form action="./" method="post" class="rx_ajax">
 	<input type="hidden" name="module" value="member" />
-	<input type="hidden" name="act" value="procMemberModifyPassword" />
+	<input type="hidden" name="act" value="procMemberResetPassword" />
     <input type="hidden" name="mid" value="{$member_config->mid ?? ''}" />
     <input type="hidden" name="xe_validator_id" value="modules/member/skins" />
 	<input type="hidden" name="auth_key" value="{$auth_key}" />
-	<input type="hidden" name="member_srl" value="{$member_srl}" />
-	<input type="hidden" name="current_password" value="{$auth_key}" />
 	<div>
 		<input type="password" name="password1" id="npw1" required placeholder="{$lang->password1}" title="{$lang->password1}" />
 		<span class="help-inline">{$lang->about_password_strength[$member_config->password_strength]}</span>