From e3db7e0a02dac4bdbc886a531e6e0aeaa20de7a7 Mon Sep 17 00:00:00 2001 From: Neozonz Date: Mon, 30 Dec 2013 03:29:20 -0500 Subject: [PATCH] Initial commit for pin reset functionality --- public/include/classes/user.class.php | 29 +++++++++++++++++++ public/include/pages/account/edit.inc.php | 10 ++++++- .../templates/mpos/account/edit/default.tpl | 23 +++++++++++++++ 3 files changed, 61 insertions(+), 1 deletion(-) diff --git a/public/include/classes/user.class.php b/public/include/classes/user.class.php index b5184924..d4ccba10 100644 --- a/public/include/classes/user.class.php +++ b/public/include/classes/user.class.php @@ -167,6 +167,35 @@ class User extends Base { return false; } +public function generatePin($userID, $current) { + $this->debug->append("STA " . __METHOD__, 4); + $username = $this->getUserName($userID); + $email = $this->getUserEmail($username); + $current = $this->getHash($current); + $newpin = intval( "0" . rand(1,9) . rand(0,9) . rand(0,9) . rand(0,9) ); + $aData['username'] = $username; + $aData['email'] = $email; + $aData['pin'] = $newpin; + $newpin = $this->getHash($newpin); + $aData['subject'] = 'PIN Reset Request'; + $stmt = $this->mysqli->prepare("UPDATE $this->table SET pin = ? WHERE ( id = ? AND pass = ? )"); + + if ($this->checkStmt($stmt) && $stmt->bind_param('sis', $newpin, $userID, $current) && $stmt->execute()) + { + if ($stmt->errno == 0 && $stmt->affected_rows === 1) { + if ($this->mail->sendMail('pin/reset', $aData)) { + return true; + } else { + $this->setErrorMessage('Unable to send mail to your address'); + return false; + } + } + $stmt->close(); + } + $this->setErrorMessage( 'Unable to generate PIN, current password incorrect?' ); + return false; +} + /** * Get all users that have auto payout setup * @param none diff --git a/public/include/pages/account/edit.inc.php b/public/include/pages/account/edit.inc.php index 3bb9c778..0ca82ef9 100644 --- a/public/include/pages/account/edit.inc.php +++ b/public/include/pages/account/edit.inc.php @@ -5,6 +5,14 @@ if (!defined('SECURITY')) die('Hacking attempt'); if ($user->isAuthenticated()) { +if (isset($_POST['do']) && $_POST['do'] == 'genPin') { + if ($user->generatePin($_SESSION['USERDATA']['id'], $_POST['currentPassword'])) { + $_SESSION['POPUP'][] = array('CONTENT' => 'Your PIN # has been sent to your email.', 'TYPE' => 'success'); + } else { + $_SESSION['POPUP'][] = array('CONTENT' => $user->getError(), 'TYPE' => 'errormsg'); + } +} +else { if ( @$_POST['do'] && (! $user->checkPin($_SESSION['USERDATA']['id'], @$_POST['authPin']))) { $_SESSION['POPUP'][] = array('CONTENT' => 'Invalid PIN. ' . ($config['maxfailed']['pin'] - $user->getUserPinFailed($_SESSION['USERDATA']['id'])) . ' attempts remaining.', 'TYPE' => 'errormsg'); } else { @@ -49,7 +57,7 @@ if ($user->isAuthenticated()) { } } } - +} // Tempalte specifics $smarty->assign("CONTENT", "default.tpl"); ?> diff --git a/public/templates/mpos/account/edit/default.tpl b/public/templates/mpos/account/edit/default.tpl index 11d82b1e..c03e80c1 100644 --- a/public/templates/mpos/account/edit/default.tpl +++ b/public/templates/mpos/account/edit/default.tpl @@ -131,3 +131,26 @@ + + +
+ + + +
+
+

Reset PIN

+
+
+
+ + +
+
+ +
+