Add password reset
This commit is contained in:
Jay
parent
e9b57e9122
commit
b677f19349
3 changed files with 84 additions and 32 deletions
|
|
@ -115,11 +115,13 @@ switch ($step) {
|
||||||
* Users
|
* Users
|
||||||
*/
|
*/
|
||||||
$database->query('CREATE TABLE `users` (
|
$database->query('CREATE TABLE `users` (
|
||||||
`id` INT PRIMARY KEY AUTO_INCREMENT,
|
`id` INT PRIMARY KEY AUTO_INCREMENT,
|
||||||
`email` VARCHAR(64) NOT NULL UNIQUE,
|
`email` VARCHAR(64) NOT NULL UNIQUE,
|
||||||
`password` VARCHAR(128) NOT NULL,
|
`password` VARCHAR(128) NOT NULL,
|
||||||
`last_login` datetime NOT NULL DEFAULT NOW(),
|
`password_reset_token` VARCHAR(128) NULL DEFAULT NULL,
|
||||||
`power` INT NOT NULL DEFAULT 0
|
`password_reset_valid_until` DATETIME NOT NULL DEFAULT NOW(),
|
||||||
|
`last_login` DATETIME NOT NULL DEFAULT NOW(),
|
||||||
|
`power` INT NOT NULL DEFAULT 0
|
||||||
);');
|
);');
|
||||||
$database->query('CREATE INDEX `idx_password` ON `users` (`password`);');
|
$database->query('CREATE INDEX `idx_password` ON `users` (`password`);');
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -55,8 +55,27 @@ if (isset($_POST['reset'], $_POST['email'])) {
|
||||||
->fetch();
|
->fetch();
|
||||||
|
|
||||||
if ($user) {
|
if ($user) {
|
||||||
|
$token = sha1(time() . rand(0, 999999));
|
||||||
|
$validUntil = time() + 3600;
|
||||||
|
|
||||||
|
$database
|
||||||
|
->query('UPDATE `users`
|
||||||
|
SET `password_reset_token` = "' . $token . '",
|
||||||
|
`password_reset_valid_until` = ' . $validUntil . '
|
||||||
|
WHERE `id` = ' . $user['id'] . '
|
||||||
|
;');
|
||||||
|
|
||||||
$mjml = file_get_contents(ROOT . '/src/mjml/password-reset.mjml');
|
$mjml = file_get_contents(ROOT . '/src/mjml/password-reset.mjml');
|
||||||
$mjml = str_replace('wishthis.online', $_SERVER['HTTP_HOST'], $mjml);
|
$mjml = str_replace(
|
||||||
|
'wishthis.online',
|
||||||
|
$_SERVER['HTTP_HOST'],
|
||||||
|
$mjml
|
||||||
|
);
|
||||||
|
$mjml = str_replace(
|
||||||
|
'<mj-button href="#">',
|
||||||
|
$_SERVER['HTTP_HOST'] . '/register.php?password-reset=' . $_POST['email'] . '&token=' . $token,
|
||||||
|
$mjml
|
||||||
|
);
|
||||||
|
|
||||||
$emailReset = new Email($_POST['email'], 'Password reset link', $mjml);
|
$emailReset = new Email($_POST['email'], 'Password reset link', $mjml);
|
||||||
$emailReset->send();
|
$emailReset->send();
|
||||||
|
|
|
||||||
|
|
@ -46,33 +46,64 @@ if (isset($_POST['email'], $_POST['password']) && !empty($_POST['planet'])) {
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($isHuman) {
|
if ($isHuman) {
|
||||||
if (0 === count($users)) {
|
if (isset($_GET['password-reset'], $_GET['token'])) {
|
||||||
$database->query('INSERT INTO `users`
|
/**
|
||||||
(
|
* Password reset
|
||||||
`email`,
|
*/
|
||||||
`password`,
|
$user = $database
|
||||||
`power`
|
->query('SELECT * FROM `users`
|
||||||
) VALUES (
|
WHERE `email` = "' . $_GET['password-reset'] . '"
|
||||||
"' . $_POST['email'] . '",
|
AND `password_reset_token` = "' . $_GET['token'] . '";')
|
||||||
"' . sha1($_POST['password']) . '",
|
->fetch();
|
||||||
100
|
|
||||||
)
|
|
||||||
;');
|
|
||||||
} else {
|
|
||||||
if (in_array($_POST['email'], $emails)) {
|
|
||||||
$page->messages[] = Page::error('An account with this email address already exists.', 'Invalid email address');
|
|
||||||
} else {
|
|
||||||
$database->query('INSERT INTO `users`
|
|
||||||
(
|
|
||||||
`email`,
|
|
||||||
`password`
|
|
||||||
) VALUES (
|
|
||||||
"' . $_POST['email'] . '",
|
|
||||||
"' . sha1($_POST['password']) . '"
|
|
||||||
)
|
|
||||||
;');
|
|
||||||
|
|
||||||
$page->messages[] = Page::success('Your account was successfully created.', 'Success');
|
if ($user) {
|
||||||
|
if (time() <= $user['password_reset_valid_until']) {
|
||||||
|
$database
|
||||||
|
->query('UPDATE `users`
|
||||||
|
SET `password` = "' . sha1($_POST['password']) . '",
|
||||||
|
`password_reset_token` = NULL,
|
||||||
|
`password_reset_valid_until` = NULL,
|
||||||
|
WHERE `id` = ' . $user['id'] . ';');
|
||||||
|
|
||||||
|
$page->messages[] = Page::success('Password has been successfully reset for <strong>' . $_GET['password-reset'] . '</strong>.', 'Success');
|
||||||
|
} else {
|
||||||
|
$page->messages[] = Page::error('This link has expired.', 'Failure');
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
$page->messages[] = Page::error('This link seems invalid.', 'Failure');
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
/**
|
||||||
|
* Register
|
||||||
|
*/
|
||||||
|
if (0 === count($users)) {
|
||||||
|
$database->query('INSERT INTO `users`
|
||||||
|
(
|
||||||
|
`email`,
|
||||||
|
`password`,
|
||||||
|
`power`
|
||||||
|
) VALUES (
|
||||||
|
"' . $_POST['email'] . '",
|
||||||
|
"' . sha1($_POST['password']) . '",
|
||||||
|
100
|
||||||
|
)
|
||||||
|
;');
|
||||||
|
} else {
|
||||||
|
if (in_array($_POST['email'], $emails)) {
|
||||||
|
$page->messages[] = Page::error('An account with this email address already exists.', 'Invalid email address');
|
||||||
|
} else {
|
||||||
|
$database->query('INSERT INTO `users`
|
||||||
|
(
|
||||||
|
`email`,
|
||||||
|
`password`
|
||||||
|
) VALUES (
|
||||||
|
"' . $_POST['email'] . '",
|
||||||
|
"' . sha1($_POST['password']) . '"
|
||||||
|
)
|
||||||
|
;');
|
||||||
|
|
||||||
|
$page->messages[] = Page::success('Your account was successfully created.', 'Success');
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue