From 827be406469a4139ccd42a556bab655a170b84d6 Mon Sep 17 00:00:00 2001 From: Marijn Jansen Date: Wed, 25 Jan 2017 12:02:31 +0100 Subject: [PATCH 1/3] Email confirm on settings page and emailconfirm fix (: --- website/queries/emailconfirm.php | 7 +++---- website/queries/settings.php | 10 +++++++--- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/website/queries/emailconfirm.php b/website/queries/emailconfirm.php index 583a47b..0b3224f 100644 --- a/website/queries/emailconfirm.php +++ b/website/queries/emailconfirm.php @@ -25,7 +25,9 @@ function sendConfirmEmail(int $userID) { WHERE `userID` = :userID "); + $stmt->bindParam(":userID", $userID); + $stmt->execute(); $user = $stmt->fetch(); $email = $user["email"]; @@ -34,10 +36,7 @@ function sendConfirmEmail(int $userID) { $confirmLink = "https://myhyvesbookplus.nl/emailconfirm.php?u=$userID&h=$hash"; $subject = "Bevestig uw emailadres"; - $body = "Hallo $fname,\r\n\r\n - Klik op de onderstaande link om uw emailadres te bevestigen.\r\n\r\n - $confirmLink\r\n\r\n - Groeten MyHyvesbook+"; + $body = "Hallo $fname,\r\n\r\nKlik op de onderstaande link om uw emailadres te bevestigen.\r\n\r\n$confirmLink\r\n\r\nGroeten MyHyvesbook+"; $header = "From: MyHyvesbook+ "; mail($email, $subject, $body, $header); } \ No newline at end of file diff --git a/website/queries/settings.php b/website/queries/settings.php index d3985c7..0bf8791 100644 --- a/website/queries/settings.php +++ b/website/queries/settings.php @@ -1,4 +1,6 @@ bindParam(":email", $email); $stmt->bindParam(":userID", $_SESSION["userID"]); $stmt->execute(); -// return $stmt->rowCount(); if ($stmt->rowCount()) { + sendConfirmEmail($_SESSION["userID"]); + session_destroy(); throw new HappyAlert("Emailadres is veranderd."); } else { throw new AngryAlert(); From 185874d23f216ee8e1d0dd485fbfec488715e861 Mon Sep 17 00:00:00 2001 From: Marijn Jansen Date: Wed, 25 Jan 2017 12:06:13 +0100 Subject: [PATCH 2/3] Cleanup at logout.php --- website/public/logout.php | 17 +++-------------- 1 file changed, 3 insertions(+), 14 deletions(-) diff --git a/website/public/logout.php b/website/public/logout.php index 6a2ba5d..de4d7c2 100644 --- a/website/public/logout.php +++ b/website/public/logout.php @@ -1,15 +1,4 @@ - - - - - - +session_start(); +session_destroy(); +header("Location: login.php"); \ No newline at end of file From 1b2a1a518033c09373fca11422870479942044e2 Mon Sep 17 00:00:00 2001 From: Marijn Jansen Date: Wed, 25 Jan 2017 15:46:20 +0100 Subject: [PATCH 3/3] Almost request password --- website/public/resetpassword.php | 49 ++++++++++++++++++++++ website/public/styles/resetpassword.css | 17 ++++++++ website/queries/requestpassword.php | 55 +++++++++++++++++++++++++ website/views/resetpassword.php | 47 +++++++++++++++++++++ 4 files changed, 168 insertions(+) create mode 100644 website/public/resetpassword.php create mode 100644 website/public/styles/resetpassword.css create mode 100644 website/queries/requestpassword.php create mode 100644 website/views/resetpassword.php diff --git a/website/public/resetpassword.php b/website/public/resetpassword.php new file mode 100644 index 0000000..c2f9221 --- /dev/null +++ b/website/public/resetpassword.php @@ -0,0 +1,49 @@ +prepare(" + UPDATE + `user` + SET + `password` = :password + WHERE + `userID` = :userID + "); + $stmt->bindParam(":password", $_POST["password"]); + $stmt->bindParam(":userID", $_POST["u"]); + $stmt->execute(); +} + +function verifyLink(int $userID, string $hash) { + $stmt = $GLOBALS["db"]->prepare(" + SELECT + `password` + FROM + `user` + WHERE + `userID` = :userID + "); + $stmt->bindParam(":userID", $userID); + $password = $stmt->fetch()["password"]; + return password_verify($password, $hash); +} \ No newline at end of file diff --git a/website/public/styles/resetpassword.css b/website/public/styles/resetpassword.css new file mode 100644 index 0000000..a3d7942 --- /dev/null +++ b/website/public/styles/resetpassword.css @@ -0,0 +1,17 @@ +.password-change { + height: 100%; + background-color: #FBC02D; + margin: auto; +} + +.top-logo { + text-align: center; +} + +.item-box { + margin: 30px auto auto; + display: block; +} +.password-change img { + width: 50%; +} diff --git a/website/queries/requestpassword.php b/website/queries/requestpassword.php new file mode 100644 index 0000000..4044058 --- /dev/null +++ b/website/queries/requestpassword.php @@ -0,0 +1,55 @@ +prepare(" + SELECT + `userID`, + `username` + FROM + `user` + WHERE + `email` = :email + "); + $stmt->bindParm("email", $email); + $stmt->execute(); + if (!$stmt->rowCount()) { + // TODO: Just stop. + return; + } + $result = $stmt->fetch(); + $userID = $result["userID"]; + $username = $result["username"]; + $hash = md5(random_int(0, 1000000)); + $hashedHash = password_hash($hash, PASSWORD_DEFAULT); + setHashToDatabase($userID, $hash); + doSendPasswordRecovery($userID, $email, $username, $hashedHash); + + + } else { + // TODO: Be angry! + } +} + +function doSendPasswordRecovery(int $userID, string $email, string $username, string $hash) { + $resetLink = "https://myhyvesbookplus.nl/resetpassword.php?u=$userID&h=$hash"; + + $subject = "Reset uw wachtwoord"; + $body = "Hallo $username,\r\n\r\nKlik op de onderstaande link om uw wachtwoord te resetten.\r\n\r\n$resetLink\r\n\r\nGroeten MyHyvesbook+"; + $header = "From: MyHyvesbook+ "; + mail($email, $subject, $body, $header); +} + +function setHashToDatabase(int $userID, string $hash) { + $stmt = $GLOBALS["db"]->prepare(" + UPDATE + `user` + SET + `password` = $hash + WHERE + `userID` = $userID + "); + $stmt->execute(); + return $stmt->rowCount(); +} \ No newline at end of file diff --git a/website/views/resetpassword.php b/website/views/resetpassword.php new file mode 100644 index 0000000..24d3aaf --- /dev/null +++ b/website/views/resetpassword.php @@ -0,0 +1,47 @@ + + + + + + +
+ + +
+
Voer een nieuw wachtwoord in
+ " + > + " + > +
    +
  • + + +
    • +
  • + + +
    • +
  • + + +
    • +
+
+
+ + \ No newline at end of file