Sebastian Grewe
commit
dadb6102c6
@ -11,10 +11,11 @@ class User {
|
||||
private $user = array();
|
||||
private $tableAccountBalance = 'accountBalance';
|
||||
|
||||
public function __construct($debug, $mysqli, $salt) {
|
||||
public function __construct($debug, $mysqli, $salt, $config) {
|
||||
$this->debug = $debug;
|
||||
$this->mysqli = $mysqli;
|
||||
$this->salt = $salt;
|
||||
$this->config = $config;
|
||||
$this->debug->append("Instantiated User class", 2);
|
||||
}
|
||||
|
||||
@ -34,6 +35,27 @@ class User {
|
||||
return $this->getSingle($username, 'id', 'username', 's');
|
||||
}
|
||||
|
||||
public function getUserEmail($username) {
|
||||
return $this->getSingle($username, 'email', 'username', 's');
|
||||
}
|
||||
|
||||
public function getUserToken($id) {
|
||||
return $this->getSingle($id, 'token', 'id');
|
||||
}
|
||||
|
||||
public function getIdFromToken($token) {
|
||||
return $this->getSingle($token, 'id', 'token', 's');
|
||||
}
|
||||
|
||||
public function setUserToken($id) {
|
||||
$field = array(
|
||||
'name' => 'token',
|
||||
'type' => 's',
|
||||
'value' => hash('sha256', $id.time().$this->salt)
|
||||
);
|
||||
return $this->updateSingle($id, $field);
|
||||
}
|
||||
|
||||
/**
|
||||
* Check user login
|
||||
* @param username string Username
|
||||
@ -142,15 +164,12 @@ class User {
|
||||
* @param field string Field to update
|
||||
* @return bool
|
||||
**/
|
||||
private function updateSingle($userID, $field) {
|
||||
private function updateSingle($id, $field) {
|
||||
$this->debug->append("STA " . __METHOD__, 4);
|
||||
$stmt = $this->mysqli->prepare("UPDATE $this->table SET " . $field['name'] . " = ? WHERE userId = ? LIMIT 1");
|
||||
if ($this->checkStmt($stmt)) {
|
||||
$stmt->bind_param($field['type'].'i', $field['value'], $userID);
|
||||
$stmt->execute();
|
||||
$stmt->close();
|
||||
$stmt = $this->mysqli->prepare("UPDATE $this->table SET " . $field['name'] . " = ? WHERE id = ? LIMIT 1");
|
||||
if ($this->checkStmt($stmt) && $stmt->bind_param($field['type'].'i', $field['value'], $id) && $stmt->execute())
|
||||
return true;
|
||||
}
|
||||
$this->debug->append("Unable to update " . $field['name'] . " with " . $field['value'] . " for ID $id");
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -306,6 +325,63 @@ class User {
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
public function useToken($token, $new1, $new2) {
|
||||
$this->debug->append("STA " . __METHOD__, 4);
|
||||
if ($id = $this->getIdFromToken($token)) {
|
||||
if ($new1 !== $new2) {
|
||||
$this->setErrorMessage( 'New passwords do not match' );
|
||||
return false;
|
||||
}
|
||||
if ( strlen($new1) < 8 ) {
|
||||
$this->setErrorMessage( 'New password is too short, please use more than 8 chars' );
|
||||
return false;
|
||||
}
|
||||
$new = hash('sha256', $new1.$this->salt);
|
||||
$stmt = $this->mysqli->prepare("UPDATE $this->table SET pass = ?, token = NULL WHERE id = ? AND token = ?");
|
||||
if ($this->checkStmt($stmt) && $stmt->bind_param('sis', $new, $id, $token) && $stmt->execute() && $stmt->affected_rows === 1) {
|
||||
return true;
|
||||
}
|
||||
} else {
|
||||
$this->setErrorMessage("Unable find user for your token");
|
||||
return false;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
public function resetPassword($username, $smarty) {
|
||||
$this->debug->append("STA " . __METHOD__, 4);
|
||||
// Fetch the users mail address
|
||||
if (!$email = $this->getUserEmail($username)) {
|
||||
$this->setErrorMessage("Unable to find a mail address for user $username");
|
||||
return false;
|
||||
}
|
||||
if (!$this->setUserToken($this->getUserId($username))) {
|
||||
$this->setErrorMessage("Unable to setup token for password reset");
|
||||
return false;
|
||||
}
|
||||
// Send password reset link
|
||||
if (!$token = $this->getUserToken($this->getUserId($username))) {
|
||||
$this->setErrorMessage("Unable fetch token for password reset");
|
||||
return false;
|
||||
}
|
||||
$smarty->assign('TOKEN', $token);
|
||||
$smarty->assign('USERNAME', $username);
|
||||
$smarty->assign('WEBSITENAME', $this->config['website']['name']);
|
||||
$headers = 'From: Website Administration <' . $this->config['website']['email'] . ">\n";
|
||||
$headers .= "MIME-Version: 1.0\n";
|
||||
$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
|
||||
if (mail($email,
|
||||
$smarty->fetch('templates/mail/subject.tpl'),
|
||||
$smarty->fetch('templates/mail/body.tpl'),
|
||||
$headers)) {
|
||||
return true;
|
||||
} else {
|
||||
$this->setErrorMessage("Unable to send mail to your address");
|
||||
return false;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
$user = new User($debug, $mysqli, SALT);
|
||||
$user = new User($debug, $mysqli, SALT, $config);
|
||||
|
||||
@ -24,6 +24,7 @@ $config = array(
|
||||
'website' => array(
|
||||
'name' => 'The Pool',
|
||||
'slogan' => 'Resistance is futile',
|
||||
'email' => 'test@example.com', // Mail address used for notifications
|
||||
),
|
||||
'fees' => 0,
|
||||
'difficulty' => '31', // Target difficulty for this pool as set in pushpoold json
|
||||
|
||||
9
public/include/pages/password.inc.php
Normal file
9
public/include/pages/password.inc.php
Normal file
@ -0,0 +1,9 @@
|
||||
<?php
|
||||
|
||||
// Make sure we are called from index.php
|
||||
if (!defined('SECURITY'))
|
||||
die('Hacking attempt');
|
||||
|
||||
// Tempalte specifics
|
||||
$smarty->assign("CONTENT", "default.tpl");
|
||||
?>
|
||||
17
public/include/pages/password/change.inc.php
Normal file
17
public/include/pages/password/change.inc.php
Normal file
@ -0,0 +1,17 @@
|
||||
<?php
|
||||
|
||||
// Make sure we are called from index.php
|
||||
if (!defined('SECURITY'))
|
||||
die('Hacking attempt');
|
||||
|
||||
if ($_POST['do'] == 'useToken') {
|
||||
if ($user->useToken($_POST['token'], $_POST['newPassword'], $_POST['newPassword2'])) {
|
||||
$_SESSION['POPUP'][] = array('CONTENT' => 'Password reset complete! Please login.');
|
||||
} else {
|
||||
$_SESSION['POPUP'][] = array('CONTENT' => $user->getError(), 'TYPE' => 'errormsg');
|
||||
}
|
||||
}
|
||||
|
||||
// Tempalte specifics
|
||||
$smarty->assign("CONTENT", "default.tpl");
|
||||
?>
|
||||
16
public/include/pages/password/reset.inc.php
Normal file
16
public/include/pages/password/reset.inc.php
Normal file
@ -0,0 +1,16 @@
|
||||
<?php
|
||||
|
||||
// Make sure we are called from index.php
|
||||
if (!defined('SECURITY'))
|
||||
die('Hacking attempt');
|
||||
|
||||
// Process password reset request
|
||||
if ($user->resetPassword($_POST['username'], $smarty)) {
|
||||
$_SESSION['POPUP'][] = array('CONTENT' => 'Please check your mail account to finish your password reset');
|
||||
} else {
|
||||
$_SESSION['POPUP'][] = array('CONTENT' => $user->getError(), 'TYPE' => 'errormsg');
|
||||
}
|
||||
|
||||
// Tempalte specifics, user default template by parent page
|
||||
$smarty->assign("CONTENT", "../default.tpl");
|
||||
?>
|
||||
10
public/templates/mail/body.tpl
Normal file
10
public/templates/mail/body.tpl
Normal file
@ -0,0 +1,10 @@
|
||||
<html>
|
||||
<body>
|
||||
<p>Hello {$USERNAME},</p><br />
|
||||
<p>You have requested a password reset through our online form. In order to complete the request please follow this link:</p>
|
||||
<p>http://{$smarty.server.SERVER_NAME}{$smarty.server.PHP_SELF}?page=password&action=change&token={$TOKEN}</p>
|
||||
<p>You will be asked to change your password. You can then use this new password to login to your account.</p>
|
||||
<p>Cheers,</p>
|
||||
<p>Website Administration</p>
|
||||
</body>
|
||||
</html>
|
||||
1
public/templates/mail/subject.tpl
Normal file
1
public/templates/mail/subject.tpl
Normal file
@ -0,0 +1 @@
|
||||
[ {$WEBSITENAME} ] Password Reset Request
|
||||
@ -4,5 +4,5 @@
|
||||
<p><input type="password" name="password" value="" id="passForm" maxlength="20"></p>
|
||||
<center><p><input type="submit" class="submit small" value="Login"></p></center>
|
||||
</form>
|
||||
<center><p><a href="/lostPass"><font size="1">Forgot your password?</font></a></p></center>
|
||||
<center><p><a href="{$smarty.server.PHP_SELF}?page=password"><font size="1">Forgot your password?</font></a></p></center>
|
||||
{include file="global/block_footer.tpl"}
|
||||
|
||||
12
public/templates/mmcFE/password/change/default.tpl
Normal file
12
public/templates/mmcFE/password/change/default.tpl
Normal file
@ -0,0 +1,12 @@
|
||||
{include file="global/block_header.tpl" BLOCK_HEADER="Change Password"}
|
||||
<form action="{$smarty.server.PHP_SELF}" method="post">
|
||||
<input type="hidden" name="token" value="{$smarty.request.token|escape}">
|
||||
<input type="hidden" name="page" value="{$smarty.request.page|escape}">
|
||||
<input type="hidden" name="action" value="{$smarty.request.action|escape}">
|
||||
<input type="hidden" name="do" value="useToken">
|
||||
<table>
|
||||
<tr><td>New Password: </td><td><input type="password" name="newPassword"></td></tr>
|
||||
<tr><td>New Password Repeat: </td><td><input type="password" name="newPassword2"></td></tr>
|
||||
</tbody></table>
|
||||
<input type="submit" class="submit long" value="Change Password"></form>
|
||||
{include file="global/block_footer.tpl"}
|
||||
8
public/templates/mmcFE/password/default.tpl
Normal file
8
public/templates/mmcFE/password/default.tpl
Normal file
@ -0,0 +1,8 @@
|
||||
{include file="global/block_header.tpl" BLOCK_HEADER="Reset Password" BLOCK_STYLE="clear:none;"}
|
||||
<form action="" method="POST">
|
||||
<input type="hidden" name="page" value="password">
|
||||
<input type="hidden" name="action" value="reset">
|
||||
<p>If you have an email set for your account, enter your username to get your password reset</p>
|
||||
<p><input type="text" value="{$smarty.post.username}" name="username"><input class="submit small" type="submit" value="Reset"></p>
|
||||
</form>
|
||||
{include file="global/block_footer.tpl"}
|
||||
Loading…
Reference in New Issue
Block a user