106 lines
3.6 KiB
PHP
106 lines
3.6 KiB
PHP
|
<?php
|
||
|
|
||
|
namespace Controllers;
|
||
|
|
||
|
class Password
|
||
|
{
|
||
|
public function getReset()
|
||
|
{
|
||
|
return view('password.reset');
|
||
|
}
|
||
|
|
||
|
public function getCreate()
|
||
|
{
|
||
|
if ($this->hasToken() && $this->tokenValid()) {
|
||
|
return view('password.create');
|
||
|
}
|
||
|
header('HTTP/1.0 403 Forbidden');
|
||
|
die();
|
||
|
return false;
|
||
|
}
|
||
|
|
||
|
public function reset()
|
||
|
{
|
||
|
if ($id = $this->getUserId()) {
|
||
|
$db = db();
|
||
|
$forget_token = \Illuminate\Support\Str::random(40);
|
||
|
$sql = 'INSERT INTO forget_tokens VALUES (:id, :token)';
|
||
|
$query = $db->prepare($sql);
|
||
|
$query->bindValue(':id', $id, \PDO::PARAM_INT);
|
||
|
$query->bindValue(':token', $forget_token);
|
||
|
$query->execute();
|
||
|
send_mail([
|
||
|
'email' => $_POST['email'],
|
||
|
'title' => '[Blog App] A Password Reset Requested!',
|
||
|
'body' => 'Click <a href="http://localhost' . port() . '/user/password/create?id=' . $id .
|
||
|
'&forget_token=' . $forget_token . '">here</a> to confirm that ' .
|
||
|
'you really want to reset your password.'
|
||
|
]);
|
||
|
$sql = 'SET global event_scheduler = 1;' .
|
||
|
'DROP EVENT IF EXISTS clear_forget_token_:id;' .
|
||
|
'CREATE EVENT clear_forget_token_:id ' .
|
||
|
'ON SCHEDULE AT CURRENT_TIMESTAMP + INTERVAL 1 HOUR ' .
|
||
|
'DO DELETE FROM forget_tokens WHERE id=:id';
|
||
|
$query = $db->prepare($sql);
|
||
|
$query->bindValue(':id', $id, \PDO::PARAM_INT);
|
||
|
$query->execute();
|
||
|
$message = 'Check your email inbox. We have sent you a confirmation mail.';
|
||
|
return view('redirect', ['message' => $message]);
|
||
|
}
|
||
|
$_SESSION['errors'] = ['This E-mail is not registered or is already requested.'];
|
||
|
header('Location: /user/password/reset');
|
||
|
return false;
|
||
|
}
|
||
|
|
||
|
public function create()
|
||
|
{
|
||
|
if (! valid_password($_POST['password'], $_POST['confirm-password'])) {
|
||
|
$_SESSION['errors'] = ['Invalid password.'];
|
||
|
header("Location: /user/password/create?id={$_POST['id']}&forget_token={$_POST['forget_token']}");
|
||
|
return false;
|
||
|
}
|
||
|
$sql = 'UPDATE users SET password=? WHERE id=?';
|
||
|
$db = db();
|
||
|
$query = $db->prepare($sql);
|
||
|
$query->execute([
|
||
|
password_hash($_POST['password'], PASSWORD_DEFAULT),
|
||
|
$_POST['id']
|
||
|
]);
|
||
|
$sql = 'DELETE FROM forget_tokens WHERE id=?';
|
||
|
$db = db();
|
||
|
$query = $db->prepare($sql);
|
||
|
$query->execute([$_POST['id']]);
|
||
|
header('Location: /user/login');
|
||
|
return false;
|
||
|
}
|
||
|
|
||
|
private function hasToken()
|
||
|
{
|
||
|
return (isset($_GET['id']) &&
|
||
|
isset($_GET['forget_token']));
|
||
|
}
|
||
|
|
||
|
private function tokenValid()
|
||
|
{
|
||
|
$sql = 'SELECT * FROM (users AS u JOIN ' .
|
||
|
'forget_tokens AS t ON u.id=t.id) WHERE u.id=? AND token=?';
|
||
|
$query = db()->prepare($sql);
|
||
|
$query->execute([$_GET['id'], $_GET['forget_token']]);
|
||
|
$user = $query->fetchAll(\PDO::FETCH_CLASS, 'Core\\Record');
|
||
|
return (count($user) != 0);
|
||
|
}
|
||
|
|
||
|
private function getUserId()
|
||
|
{
|
||
|
$sql = 'SELECT u.id FROM users AS u WHERE email=? AND NOT EXISTS (' .
|
||
|
'SELECT * FROM forget_tokens AS t WHERE u.id=t.id)';
|
||
|
$query = db()->prepare($sql);
|
||
|
$query->execute([$_POST['email']]);
|
||
|
$user = $query->fetchAll(\PDO::FETCH_CLASS, 'Core\\Record');
|
||
|
if (count($user) != 0) {
|
||
|
return $user[0]->id;
|
||
|
}
|
||
|
return null;
|
||
|
}
|
||
|
}
|