MyHyvesBookPlus/WebDB
1
0
Fork 0
Code Issues 2 Pull Requests Projects Releases Wiki Activity

Merge branch 'marijn-settings' into joey-testing

Browse Source
This commit is contained in:
Joey Lai
2017-01-25 15:48:37 +01:00
parent cc08ebec3c 1b2a1a5180
commit 0b035c0583
7 changed files with 181 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
website/public/logout.php
View File

@@ -1,15 +1,4 @@
<!DOCTYPE html>
<html>
<?php
include("../views/login_head.php");
require_once("../queries/connect.php");
include_once("../queries/login.php");
?>
<body>
<?php
session_start();
unset($_SESSION["userID"]);
header("Location: login.php");
?>
</body>
</html>
session_start();
session_destroy();
header("Location: login.php");

49
website/public/resetpassword.php Normal file
View File

@@ -0,0 +1,49 @@
<?php
include_once("../queries/connect.php");
if ($_SERVER["REQUEST_METHOD"] == "GET") {
if (array_key_exists("u", $_GET) and array_key_exists("h", $_GET)) {
if (verifyLink($_GET["u"], $_GET["h"])) {
include "../views/resetpassword.php";
} else {
echo "Ongeldige link.";
}
} else {
echo "Ongeldige link";
}
} elseif ($_SERVER["REQUEST_METHOD"] == "POST") {
if (verifyLink($_POST["u"], $_POST["h"])) {
if ($_POST["password"] == $_POST["password-confirm"]) {
changePassword();
}
}
} else {
echo "Ongeldige link";
}
function changePassword() {
$stmt = $GLOBALS["db"]->prepare("
UPDATE
`user`
SET
`password` = :password
WHERE
`userID` = :userID
");
$stmt->bindParam(":password", $_POST["password"]);
$stmt->bindParam(":userID", $_POST["u"]);
$stmt->execute();
}
function verifyLink(int $userID, string $hash) {
$stmt = $GLOBALS["db"]->prepare("
SELECT
`password`
FROM
`user`
WHERE
`userID` = :userID
");
$stmt->bindParam(":userID", $userID);
$password = $stmt->fetch()["password"];
return password_verify($password, $hash);
}

17
website/public/styles/resetpassword.css Normal file
View File

@@ -0,0 +1,17 @@
.password-change {
height: 100%;
background-color: #FBC02D;
margin: auto;
}
.top-logo {
text-align: center;
}
.item-box {
margin: 30px auto auto;
display: block;
}
.password-change img {
width: 50%;
}

7
website/queries/emailconfirm.php
View File

@@ -25,7 +25,9 @@ function sendConfirmEmail(int $userID) {
WHERE
`userID` = :userID
");
$stmt->bindParam(":userID", $userID);
$stmt->execute();
$user = $stmt->fetch();
$email = $user["email"];
@@ -34,10 +36,7 @@ function sendConfirmEmail(int $userID) {
$confirmLink = "https://myhyvesbookplus.nl/emailconfirm.php?u=$userID&h=$hash";
$subject = "Bevestig uw emailadres";
$body = "Hallo $fname,\r\n\r\n
Klik op de onderstaande link om uw emailadres te bevestigen.\r\n\r\n
$confirmLink\r\n\r\n
Groeten MyHyvesbook+";
$body = "Hallo $fname,\r\n\r\nKlik op de onderstaande link om uw emailadres te bevestigen.\r\n\r\n$confirmLink\r\n\r\nGroeten MyHyvesbook+";
$header = "From: MyHyvesbook+ <noreply@myhyvesbookplus.nl>";
mail($email, $subject, $body, $header);
}

55
website/queries/requestpassword.php Normal file
View File

@@ -0,0 +1,55 @@
<?php
include_once "../queries/connect.php";
function sendPasswordRecovery(string $email) {
if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
$stmt = $GLOBALS["db"]->prepare("
SELECT
`userID`,
`username`
FROM
`user`
WHERE
`email` = :email
");
$stmt->bindParm("email", $email);
$stmt->execute();
if (!$stmt->rowCount()) {
// TODO: Just stop.
return;
}
$result = $stmt->fetch();
$userID = $result["userID"];
$username = $result["username"];
$hash = md5(random_int(0, 1000000));
$hashedHash = password_hash($hash, PASSWORD_DEFAULT);
setHashToDatabase($userID, $hash);
doSendPasswordRecovery($userID, $email, $username, $hashedHash);
} else {
// TODO: Be angry!
}
}
function doSendPasswordRecovery(int $userID, string $email, string $username, string $hash) {
$resetLink = "https://myhyvesbookplus.nl/resetpassword.php?u=$userID&h=$hash";
$subject = "Reset uw wachtwoord";
$body = "Hallo $username,\r\n\r\nKlik op de onderstaande link om uw wachtwoord te resetten.\r\n\r\n$resetLink\r\n\r\nGroeten MyHyvesbook+";
$header = "From: MyHyvesbook+ <noreply@myhyvesbookplus.nl>";
mail($email, $subject, $body, $header);
}
function setHashToDatabase(int $userID, string $hash) {
$stmt = $GLOBALS["db"]->prepare("
UPDATE
`user`
SET
`password` = $hash
WHERE
`userID` = $userID
");
$stmt->execute();
return $stmt->rowCount();
}

10
website/queries/settings.php
View File

@@ -1,4 +1,6 @@
<?php
include_once "../queries/emailconfirm.php";
abstract class AlertMessage extends Exception {
public function __construct($message = "", $code = 0, Exception $previous = null)
{
@@ -152,7 +154,7 @@ function emailIsAvailableInDatabase($email) {
`email`
FROM
`user`
WHERE
WHERE
`email` = :email
");
@@ -168,16 +170,18 @@ function doChangeEmail($email) {
UPDATE
`user`
SET
`email` = :email
`email` = :email,
`role` = 'unconfirmed'
WHERE
`userID` = :userID
");
$stmt->bindParam(":email", $email);
$stmt->bindParam(":userID", $_SESSION["userID"]);
$stmt->execute();
// return $stmt->rowCount();
if ($stmt->rowCount()) {
sendConfirmEmail($_SESSION["userID"]);
session_destroy();
throw new HappyAlert("Emailadres is veranderd.");
} else {
throw new AngryAlert();

47
website/views/resetpassword.php Normal file
View File

@@ -0,0 +1,47 @@
<!DOCTYPE html>
<html>
<head>
<style>
@import url(styles/main.css);
@import url(styles/settings.css);
@import url(styles/resetpassword.css);
</style>
</head>
<body>
<div class='password-change'>
<div class="top-logo"><img src="img/top-logo.png" alt="MyHyvesbook+"/></div>
<form class='settings platform item-box' method='post'>
<h5>Voer een nieuw wachtwoord in</h5>
<input type="hidden"
name="u"
value="<?=$_GET["u"]?>"
>
<input type="hidden"
name="h"
value="<?=$_GET["h"]?>"
>
<ul>
<li>
<label>Nieuw wachtwoord</label>
<input type='password'
name='password'
placeholder='Nieuw wachtwoord'
>
</li>
<li>
<label>Bevestig wachtwoord</label>
<input type='password'
name='password-confirm'
placeholder='Bevestig wachtwoord'
>
</li>
<li>
<label></label>
<button type='submit'>Verander wachtwoord</button>
</li>
</ul>
</form>
</div>
</body>
</html>