Merge branch 'marijn-settings' into joey-testing

website/public/logout.php

@@ -1,15 +1,4 @@
-<!DOCTYPE html>
-<html>
-<?php
-    include("../views/login_head.php");
-    require_once("../queries/connect.php");
-    include_once("../queries/login.php");
-?>
-<body>
 <?php
 session_start();
-    unset($_SESSION["userID"]);
+session_destroy();
 header("Location: login.php");
-?>
-</body>
-</html>

website/public/resetpassword.php

@@ -0,0 +1,49 @@
+<?php
+include_once("../queries/connect.php");
+if ($_SERVER["REQUEST_METHOD"] == "GET") {
+    if (array_key_exists("u", $_GET) and array_key_exists("h", $_GET)) {
+        if (verifyLink($_GET["u"], $_GET["h"])) {
+            include "../views/resetpassword.php";
+        } else {
+            echo "Ongeldige link.";
+        }
+    } else {
+        echo "Ongeldige link";
+    }
+} elseif ($_SERVER["REQUEST_METHOD"] == "POST") {
+    if (verifyLink($_POST["u"], $_POST["h"])) {
+        if ($_POST["password"] == $_POST["password-confirm"]) {
+            changePassword();
+        }
+    }
+} else {
+    echo "Ongeldige link";
+}
+
+function changePassword() {
+    $stmt = $GLOBALS["db"]->prepare("
+        UPDATE
+            `user`
+        SET
+            `password` = :password
+        WHERE
+            `userID` = :userID
+    ");
+    $stmt->bindParam(":password", $_POST["password"]);
+    $stmt->bindParam(":userID", $_POST["u"]);
+    $stmt->execute();
+}
+
+function verifyLink(int $userID, string $hash) {
+    $stmt = $GLOBALS["db"]->prepare("
+        SELECT
+            `password`
+        FROM 
+            `user`
+        WHERE
+            `userID` = :userID
+        ");
+    $stmt->bindParam(":userID", $userID);
+    $password = $stmt->fetch()["password"];
+    return password_verify($password, $hash);
+}

website/public/styles/resetpassword.css

@@ -0,0 +1,17 @@
+.password-change {
+    height: 100%;
+    background-color: #FBC02D;
+    margin: auto;
+}
+
+.top-logo {
+    text-align: center;
+}
+
+.item-box {
+    margin: 30px auto auto;
+    display: block;
+}
+.password-change img {
+    width: 50%;
+}

website/queries/emailconfirm.php

@@ -25,7 +25,9 @@ function sendConfirmEmail(int $userID) {
     WHERE
         `userID` = :userID
     ");
+
     $stmt->bindParam(":userID", $userID);
+    $stmt->execute();
     $user = $stmt->fetch();
 
     $email = $user["email"];
@@ -34,10 +36,7 @@ function sendConfirmEmail(int $userID) {
     $confirmLink = "https://myhyvesbookplus.nl/emailconfirm.php?u=$userID&h=$hash";
 
     $subject = "Bevestig uw emailadres";
-    $body = "Hallo $fname,\r\n\r\n 
+    $body = "Hallo $fname,\r\n\r\nKlik op de onderstaande link om uw emailadres te bevestigen.\r\n\r\n$confirmLink\r\n\r\nGroeten MyHyvesbook+";
-             Klik op de onderstaande link om uw emailadres te bevestigen.\r\n\r\n
-             $confirmLink\r\n\r\n
-             Groeten MyHyvesbook+";
     $header = "From: MyHyvesbook+ <noreply@myhyvesbookplus.nl>";
     mail($email, $subject, $body, $header);
 }

website/queries/requestpassword.php

@@ -0,0 +1,55 @@
+<?php
+include_once "../queries/connect.php";
+
+function sendPasswordRecovery(string $email) {
+    if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
+        $stmt = $GLOBALS["db"]->prepare("
+        SELECT 
+            `userID`,
+            `username`
+        FROM 
+            `user`
+        WHERE 
+            `email` = :email
+        ");
+        $stmt->bindParm("email", $email);
+        $stmt->execute();
+        if (!$stmt->rowCount()) {
+            // TODO: Just stop.
+            return;
+        }
+        $result = $stmt->fetch();
+        $userID = $result["userID"];
+        $username = $result["username"];
+        $hash = md5(random_int(0, 1000000));
+        $hashedHash = password_hash($hash, PASSWORD_DEFAULT);
+        setHashToDatabase($userID, $hash);
+        doSendPasswordRecovery($userID, $email, $username, $hashedHash);
+
+
+    } else {
+        // TODO: Be angry!
+    }
+}
+
+function doSendPasswordRecovery(int $userID, string $email, string $username, string $hash) {
+    $resetLink = "https://myhyvesbookplus.nl/resetpassword.php?u=$userID&h=$hash";
+
+    $subject = "Reset uw wachtwoord";
+    $body = "Hallo $username,\r\n\r\nKlik op de onderstaande link om uw wachtwoord te resetten.\r\n\r\n$resetLink\r\n\r\nGroeten MyHyvesbook+";
+    $header = "From: MyHyvesbook+ <noreply@myhyvesbookplus.nl>";
+    mail($email, $subject, $body, $header);
+}
+
+function setHashToDatabase(int $userID, string $hash) {
+    $stmt = $GLOBALS["db"]->prepare("
+    UPDATE
+        `user`
+    SET
+        `password` = $hash
+    WHERE
+        `userID` = $userID
+    ");
+    $stmt->execute();
+    return $stmt->rowCount();
+}

website/queries/settings.php

@@ -1,4 +1,6 @@
 <?php
+include_once "../queries/emailconfirm.php";
+
 abstract class AlertMessage extends Exception {
     public function __construct($message = "", $code = 0, Exception $previous = null)
     {
@@ -168,16 +170,18 @@ function doChangeEmail($email) {
     UPDATE
         `user`
     SET
-      `email` = :email
+      `email` = :email,
+      `role` = 'unconfirmed'
     WHERE
       `userID` = :userID
     ");
     $stmt->bindParam(":email", $email);
     $stmt->bindParam(":userID", $_SESSION["userID"]);
     $stmt->execute();
-//    return $stmt->rowCount();
 
     if ($stmt->rowCount()) {
+        sendConfirmEmail($_SESSION["userID"]);
+        session_destroy();
         throw new HappyAlert("Emailadres is veranderd.");
     } else {
         throw new AngryAlert();

website/views/resetpassword.php

@@ -0,0 +1,47 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <style>
+        @import url(styles/main.css);
+        @import url(styles/settings.css);
+        @import url(styles/resetpassword.css);
+    </style>
+</head>
+<body>
+<div class='password-change'>
+    <div class="top-logo"><img src="img/top-logo.png" alt="MyHyvesbook+"/></div>
+
+    <form class='settings platform item-box' method='post'>
+        <h5>Voer een nieuw wachtwoord in</h5>
+        <input type="hidden"
+               name="u"
+               value="<?=$_GET["u"]?>"
+        >
+        <input type="hidden"
+               name="h"
+               value="<?=$_GET["h"]?>"
+        >
+        <ul>
+            <li>
+                <label>Nieuw wachtwoord</label>
+                <input type='password'
+                       name='password'
+                       placeholder='Nieuw wachtwoord'
+                >
+            </li>
+            <li>
+                <label>Bevestig wachtwoord</label>
+                <input type='password'
+                       name='password-confirm'
+                       placeholder='Bevestig wachtwoord'
+                >
+            </li>
+            <li>
+                <label></label>
+                <button type='submit'>Verander wachtwoord</button>
+            </li>
+        </ul>
+    </form>
+</div>
+</body>
+</html>