MyHyvesBookPlus/WebDB
1
0
Fork 0
Code Issues 2 Pull Requests Projects Releases Wiki Activity

Almost request password

Browse Source
This commit is contained in:
Marijn Jansen
2017-01-25 15:46:20 +01:00
parent 185874d23f
commit 1b2a1a5180
4 changed files with 168 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
website/public/resetpassword.php Normal file
View File

@@ -0,0 +1,49 @@
<?php
include_once("../queries/connect.php");
if ($_SERVER["REQUEST_METHOD"] == "GET") {
if (array_key_exists("u", $_GET) and array_key_exists("h", $_GET)) {
if (verifyLink($_GET["u"], $_GET["h"])) {
include "../views/resetpassword.php";
} else {
echo "Ongeldige link.";
}
} else {
echo "Ongeldige link";
}
} elseif ($_SERVER["REQUEST_METHOD"] == "POST") {
if (verifyLink($_POST["u"], $_POST["h"])) {
if ($_POST["password"] == $_POST["password-confirm"]) {
changePassword();
}
}
} else {
echo "Ongeldige link";
}
function changePassword() {
$stmt = $GLOBALS["db"]->prepare("
UPDATE
`user`
SET
`password` = :password
WHERE
`userID` = :userID
");
$stmt->bindParam(":password", $_POST["password"]);
$stmt->bindParam(":userID", $_POST["u"]);
$stmt->execute();
}
function verifyLink(int $userID, string $hash) {
$stmt = $GLOBALS["db"]->prepare("
SELECT
`password`
FROM
`user`
WHERE
`userID` = :userID
");
$stmt->bindParam(":userID", $userID);
$password = $stmt->fetch()["password"];
return password_verify($password, $hash);
}

17
website/public/styles/resetpassword.css Normal file
View File

@@ -0,0 +1,17 @@
.password-change {
height: 100%;
background-color: #FBC02D;
margin: auto;
}
.top-logo {
text-align: center;
}
.item-box {
margin: 30px auto auto;
display: block;
}
.password-change img {
width: 50%;
}

55
website/queries/requestpassword.php Normal file
View File

@@ -0,0 +1,55 @@
<?php
include_once "../queries/connect.php";
function sendPasswordRecovery(string $email) {
if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
$stmt = $GLOBALS["db"]->prepare("
SELECT
`userID`,
`username`
FROM
`user`
WHERE
`email` = :email
");
$stmt->bindParm("email", $email);
$stmt->execute();
if (!$stmt->rowCount()) {
// TODO: Just stop.
return;
}
$result = $stmt->fetch();
$userID = $result["userID"];
$username = $result["username"];
$hash = md5(random_int(0, 1000000));
$hashedHash = password_hash($hash, PASSWORD_DEFAULT);
setHashToDatabase($userID, $hash);
doSendPasswordRecovery($userID, $email, $username, $hashedHash);
} else {
// TODO: Be angry!
}
}
function doSendPasswordRecovery(int $userID, string $email, string $username, string $hash) {
$resetLink = "https://myhyvesbookplus.nl/resetpassword.php?u=$userID&h=$hash";
$subject = "Reset uw wachtwoord";
$body = "Hallo $username,\r\n\r\nKlik op de onderstaande link om uw wachtwoord te resetten.\r\n\r\n$resetLink\r\n\r\nGroeten MyHyvesbook+";
$header = "From: MyHyvesbook+ <noreply@myhyvesbookplus.nl>";
mail($email, $subject, $body, $header);
}
function setHashToDatabase(int $userID, string $hash) {
$stmt = $GLOBALS["db"]->prepare("
UPDATE
`user`
SET
`password` = $hash
WHERE
`userID` = $userID
");
$stmt->execute();
return $stmt->rowCount();
}

47
website/views/resetpassword.php Normal file
View File

@@ -0,0 +1,47 @@
<!DOCTYPE html>
<html>
<head>
<style>
@import url(styles/main.css);
@import url(styles/settings.css);
@import url(styles/resetpassword.css);
</style>
</head>
<body>
<div class='password-change'>
<div class="top-logo"><img src="img/top-logo.png" alt="MyHyvesbook+"/></div>
<form class='settings platform item-box' method='post'>
<h5>Voer een nieuw wachtwoord in</h5>
<input type="hidden"
name="u"
value="<?=$_GET["u"]?>"
>
<input type="hidden"
name="h"
value="<?=$_GET["h"]?>"
>
<ul>
<li>
<label>Nieuw wachtwoord</label>
<input type='password'
name='password'
placeholder='Nieuw wachtwoord'
>
</li>
<li>
<label>Bevestig wachtwoord</label>
<input type='password'
name='password-confirm'
placeholder='Bevestig wachtwoord'
>
</li>
<li>
<label></label>
<button type='submit'>Verander wachtwoord</button>
</li>
</ul>
</form>
</div>
</body>
</html>