PrivateCoffee/wishthis
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add password reset

Browse source
This commit is contained in:
Jay 2022-03-02 18:59:04 +01:00
parent e9b57e9122
commit b677f19349
3 changed files with 84 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
src/pages/install.php
View file

@ -115,11 +115,13 @@ switch ($step) {
* Users
*/
$database->query('CREATE TABLE `users` (
`id` INT PRIMARY KEY AUTO_INCREMENT,
`email` VARCHAR(64) NOT NULL UNIQUE,
`password` VARCHAR(128) NOT NULL,
`last_login` datetime NOT NULL DEFAULT NOW(),
`power` INT NOT NULL DEFAULT 0
`id` INT PRIMARY KEY AUTO_INCREMENT,
`email` VARCHAR(64) NOT NULL UNIQUE,
`password` VARCHAR(128) NOT NULL,
`password_reset_token` VARCHAR(128) NULL DEFAULT NULL,
`password_reset_valid_until` DATETIME NOT NULL DEFAULT NOW(),
`last_login` DATETIME NOT NULL DEFAULT NOW(),
`power` INT NOT NULL DEFAULT 0
);');
$database->query('CREATE INDEX `idx_password` ON `users` (`password`);');

21
src/pages/login.php
View file

@ -55,8 +55,27 @@ if (isset($_POST['reset'], $_POST['email'])) {
->fetch();
if ($user) {
$token = sha1(time() . rand(0, 999999));
$validUntil = time() + 3600;
$database
->query('UPDATE `users`
SET `password_reset_token` = "' . $token . '",
`password_reset_valid_until` = ' . $validUntil . '
WHERE `id` = ' . $user['id'] . '
;');
$mjml = file_get_contents(ROOT . '/src/mjml/password-reset.mjml');
$mjml = str_replace('wishthis.online', $_SERVER['HTTP_HOST'], $mjml);
$mjml = str_replace(
'wishthis.online',
$_SERVER['HTTP_HOST'],
$mjml
);
$mjml = str_replace(
'<mj-button href="#">',
$_SERVER['HTTP_HOST'] . '/register.php?password-reset=' . $_POST['email'] . '&token=' . $token,
$mjml
);
$emailReset = new Email($_POST['email'], 'Password reset link', $mjml);
$emailReset->send();

83
src/pages/register.php
View file

@ -46,33 +46,64 @@ if (isset($_POST['email'], $_POST['password']) && !empty($_POST['planet'])) {
}
if ($isHuman) {
if (0 === count($users)) {
$database->query('INSERT INTO `users`
(
`email`,
`password`,
`power`
) VALUES (
"' . $_POST['email'] . '",
"' . sha1($_POST['password']) . '",
100
)
;');
} else {
if (in_array($_POST['email'], $emails)) {
$page->messages[] = Page::error('An account with this email address already exists.', 'Invalid email address');
} else {
$database->query('INSERT INTO `users`
(
`email`,
`password`
) VALUES (
"' . $_POST['email'] . '",
"' . sha1($_POST['password']) . '"
)
;');
if (isset($_GET['password-reset'], $_GET['token'])) {
/**
* Password reset
*/
$user = $database
->query('SELECT * FROM `users`
WHERE `email` = "' . $_GET['password-reset'] . '"
AND `password_reset_token` = "' . $_GET['token'] . '";')
->fetch();
$page->messages[] = Page::success('Your account was successfully created.', 'Success');
if ($user) {
if (time() <= $user['password_reset_valid_until']) {
$database
->query('UPDATE `users`
SET `password` = "' . sha1($_POST['password']) . '",
`password_reset_token` = NULL,
`password_reset_valid_until` = NULL,
WHERE `id` = ' . $user['id'] . ';');
$page->messages[] = Page::success('Password has been successfully reset for <strong>' . $_GET['password-reset'] . '</strong>.', 'Success');
} else {
$page->messages[] = Page::error('This link has expired.', 'Failure');
}
} else {
$page->messages[] = Page::error('This link seems invalid.', 'Failure');
}
} else {
/**
* Register
*/
if (0 === count($users)) {
$database->query('INSERT INTO `users`
(
`email`,
`password`,
`power`
) VALUES (
"' . $_POST['email'] . '",
"' . sha1($_POST['password']) . '",
100
)
;');
} else {
if (in_array($_POST['email'], $emails)) {
$page->messages[] = Page::error('An account with this email address already exists.', 'Invalid email address');
} else {
$database->query('INSERT INTO `users`
(
`email`,
`password`
) VALUES (
"' . $_POST['email'] . '",
"' . sha1($_POST['password']) . '"
)
;');
$page->messages[] = Page::success('Your account was successfully created.', 'Success');
}
}
}
} else {