initial work on password reset, not working fully yet
This commit is contained in:
Sebastian Grewe
parent
1bdf5e3156
commit
128e09cd5d
@ -11,10 +11,11 @@ class User {
|
||||
private $user = array();
|
||||
private $tableAccountBalance = 'accountBalance';
|
||||
|
||||
public function __construct($debug, $mysqli, $salt) {
|
||||
public function __construct($debug, $mysqli, $salt, $config) {
|
||||
$this->debug = $debug;
|
||||
$this->mysqli = $mysqli;
|
||||
$this->salt = $salt;
|
||||
$this->config = $config;
|
||||
$this->debug->append("Instantiated User class", 2);
|
||||
}
|
||||
|
||||
@ -34,6 +35,23 @@ class User {
|
||||
return $this->getSingle($username, 'id', 'username', 's');
|
||||
}
|
||||
|
||||
public function getUserEmail($username) {
|
||||
return $this->getSingle($username, 'email', 'username', 's');
|
||||
}
|
||||
|
||||
public function getUserToken($id) {
|
||||
return $this->getSingle($id, 'token', 'id');
|
||||
}
|
||||
|
||||
public function setUserToken($id) {
|
||||
$field = array(
|
||||
'name' => 'token',
|
||||
'type' => 's',
|
||||
'value' => hash('sha256', $id.time().$this->salt)
|
||||
);
|
||||
return $this->updateSingle($id, $field);
|
||||
}
|
||||
|
||||
/**
|
||||
* Check user login
|
||||
* @param username string Username
|
||||
@ -142,15 +160,12 @@ class User {
|
||||
* @param field string Field to update
|
||||
* @return bool
|
||||
**/
|
||||
private function updateSingle($userID, $field) {
|
||||
private function updateSingle($id, $field) {
|
||||
$this->debug->append("STA " . __METHOD__, 4);
|
||||
$stmt = $this->mysqli->prepare("UPDATE $this->table SET " . $field['name'] . " = ? WHERE userId = ? LIMIT 1");
|
||||
if ($this->checkStmt($stmt)) {
|
||||
$stmt->bind_param($field['type'].'i', $field['value'], $userID);
|
||||
$stmt->execute();
|
||||
$stmt->close();
|
||||
$stmt = $this->mysqli->prepare("UPDATE $this->table SET " . $field['name'] . " = ? WHERE id = ? LIMIT 1");
|
||||
if ($this->checkStmt($stmt) && $stmt->bind_param($field['type'].'i', $field['value'], $id) && $stmt->execute())
|
||||
return true;
|
||||
}
|
||||
$this->debug->append("Unable to update " . $field['name'] . " with " . $field['value'] . " for ID $id");
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -306,6 +321,34 @@ class User {
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
public function resetPassword($username) {
|
||||
$this->debug->append("STA " . __METHOD__, 4);
|
||||
// Fetch the users mail address
|
||||
if (!$email = $this->getUserEmail($username)) {
|
||||
$this->setErrorMessage("Unable to find a mail address for user $username");
|
||||
return false;
|
||||
}
|
||||
if (!$this->setUserToken($this->getUserId($username))) {
|
||||
$this->setErrorMessage("Unable to setup token for password reset");
|
||||
return false;
|
||||
}
|
||||
// Send password reset link
|
||||
if (!$token = $this->getUserToken($this->getUserId($username))) {
|
||||
$this->setErrorMessage("Unable fetch token for password reset");
|
||||
return false;
|
||||
}
|
||||
$subject = "[" . $this->config['website']['name'] . "] Password Reset Request";
|
||||
$header = "From: " . $this->config['website']['email'];
|
||||
$message = "Please follow the link to reset your password\n\n" . $this->config['website']['url']['password_reset'] . "/index.php?page=password&action=change&token=$token";
|
||||
if (mail($email, 'Password Reset Request', $message)) {
|
||||
return true;
|
||||
} else {
|
||||
$this->setErrorMessage("Unable to send mail to your address");
|
||||
return false;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
$user = new User($debug, $mysqli, SALT);
|
||||
$user = new User($debug, $mysqli, SALT, $config);
|
||||
|
||||
9
public/include/pages/password.inc.php
Normal file
9
public/include/pages/password.inc.php
Normal file
@ -0,0 +1,9 @@
|
||||
<?php
|
||||
|
||||
// Make sure we are called from index.php
|
||||
if (!defined('SECURITY'))
|
||||
die('Hacking attempt');
|
||||
|
||||
// Tempalte specifics
|
||||
$smarty->assign("CONTENT", "default.tpl");
|
||||
?>
|
||||
15
public/include/pages/password/reset.inc.php
Normal file
15
public/include/pages/password/reset.inc.php
Normal file
@ -0,0 +1,15 @@
|
||||
<?php
|
||||
|
||||
// Make sure we are called from index.php
|
||||
if (!defined('SECURITY'))
|
||||
die('Hacking attempt');
|
||||
|
||||
if ($user->resetPassword($_POST['username'])) {
|
||||
$_SESSION['POPUP'][] = array('CONTENT' => 'Please check your mail account to finish your password reset');
|
||||
} else {
|
||||
$_SESSION['POPUP'][] = array('CONTENT' => $user->getError(), 'TYPE' => 'errormsg');
|
||||
}
|
||||
|
||||
// Tempalte specifics, user default template by parent page
|
||||
$smarty->assign("CONTENT", "../default.tpl");
|
||||
?>
|
||||
@ -4,5 +4,5 @@
|
||||
<p><input type="password" name="password" value="" id="passForm" maxlength="20"></p>
|
||||
<center><p><input type="submit" class="submit small" value="Login"></p></center>
|
||||
</form>
|
||||
<center><p><a href="/lostPass"><font size="1">Forgot your password?</font></a></p></center>
|
||||
<center><p><a href="{$smarty.server.PHP_SELF}?page=password"><font size="1">Forgot your password?</font></a></p></center>
|
||||
{include file="global/block_footer.tpl"}
|
||||
|
||||
8
public/templates/mmcFE/password/default.tpl
Normal file
8
public/templates/mmcFE/password/default.tpl
Normal file
@ -0,0 +1,8 @@
|
||||
{include file="global/block_header.tpl" BLOCK_HEADER="Reset Password" BLOCK_STYLE="clear:none;"}
|
||||
<form action="" method="POST">
|
||||
<input type="hidden" name="page" value="password">
|
||||
<input type="hidden" name="action" value="reset">
|
||||
<p>If you have an email set for your account, enter your username to get your password reset</p>
|
||||
<p><input type="text" value="{$smarty.post.username}" name="username"><input class="submit small" type="submit" value="Reset"></p>
|
||||
</form>
|
||||
{include file="global/block_footer.tpl"}
|
||||
Loading…
Reference in New Issue
Block a user