function verify_user($userArray)
{
if (!(isset($userArray['user_id']) || (isset($userArray['username']) || isset($userArray['email'])) && (isset($userArray['password']) || isset($userArray['token'])))) {
throw new Exception("Must provide (username or email) and password.");
}
//set variables
$user_id = isset($userArray['user_id']) ? $userArray['user_id'] : NULL;
$username = isset($userArray['username']) ? $userArray['username'] : NULL;
$email = isset($userArray['email']) ? $userArray['email'] : NULL;
$password = isset($userArray['password']) ? $userArray['password'] : NULL;
$token = isset($userArray['token']) ? $userArray['token'] : NULL;
if (isset($token)) {
$user_id = VerifyToken($token, $user_id, $username);
if ($user_id === FALSE) {
throw new Exception("Your session has expired. Please log in again.");
}
$token = $token;
}
$dbh = new PDOConnection();
// Could not verify by token, try by username/email and password
if (empty($user_id)) {
$row = GetUserInfo($dbh, $username, $email, $password);
//user verified, return proper landing page content
$user_id = $row['id'];
$token = GenerateToken($username, $password);
StoreToken($username, $token);
}
return array_merge(GetLandingPageContent($dbh, $user_id), array('token' => $token));
}
function update_user($user)
{
if (!(isset($user['email']) || isset($user['username']) || isset($user['password']))) {
throw new Exception("Nothing changed!");
}
$dbh = new PDOConnection();
$query = "SELECT id,username,email,password,token,last_updated FROM users WHERE id = :id";
$sth = $dbh->prepare($query);
$id = $user['user_id'];
$sth->bindParam(':id', $id, PDO::PARAM_INT);
if (!$sth->execute()) {
throw new Exception($sth->errorInfo()[2]);
}
if (!($oldValues = $sth->fetch())) {
throw new Exception("User id: '" . $id . "' not found!");
}
// if you change username you must provide password
if (isset($user['username']) && !isset($user['password'])) {
throw new Exception("Must provide password to change username.");
}
$email = isset($user['email']) ? $user['email'] : $oldValues['email'];
$username = isset($user['username']) ? $user['username'] : $oldValues['username'];
$password = isset($user['password']) ? hash_password($user['password'], $username) : $oldValues['password'];
$token = $oldValues['token'];
$query = "UPDATE users \n SET username = :username, email = :email, password = :password \n WHERE id = :id";
$sth = $dbh->prepare($query);
$sth->bindParam(':id', $id, PDO::PARAM_INT);
$sth->bindParam(':username', $username);
$sth->bindParam(':email', $email);
$sth->bindParam(':password', $password);
if (!$sth->execute()) {
throw new Exception($sth->errorInfo()[2]);
}
if (isset($user['password'])) {
$token = GenerateToken($username, $user['password']);
StoreToken($username, $token);
}
return array('id' => $id, 'email' => $email, 'username' => $username, 'token' => $token);
}
<?php
/**
* Generate Token Utility
* Will provide a new token for any sensor id
* ADMIN ONLY
*
* Generate Token Utility
* gentoken.php?sid=0
*/
if (isset($_GET['sid'])) {
include_once '../config.php';
include_once '../dbfunctions.php';
$sid = $_GET['sid'];
$conn = OrclConnect();
$token = GenerateToken($conn, $sid);
if ($token == false) {
echo "Gen Token Failed";
} else {
echo "Sensor ID : ", $sid, "<br>\n";
echo "Token : ", $token, "<br>";
}
oci_close($conn);
}
function sendmail($info, $subject, $vue)
{
$destinataire = $info['email'];
$token = GenerateToken();
ob_start();
require_once 'view/_required/' . $vue;
$message = ob_get_contents();
ob_end_clean();
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=utf-8' . "\r\n";
$headers .= 'From: Admin@MySporTeam.com' . "\r\n";
if (mail($destinataire, $subject, $message, $headers)) {
return $token;
} else {
return '';
}
}
