function verify_user($userArray) { if (!(isset($userArray['user_id']) || (isset($userArray['username']) || isset($userArray['email'])) && (isset($userArray['password']) || isset($userArray['token'])))) { throw new Exception("Must provide (username or email) and password."); } //set variables $user_id = isset($userArray['user_id']) ? $userArray['user_id'] : NULL; $username = isset($userArray['username']) ? $userArray['username'] : NULL; $email = isset($userArray['email']) ? $userArray['email'] : NULL; $password = isset($userArray['password']) ? $userArray['password'] : NULL; $token = isset($userArray['token']) ? $userArray['token'] : NULL; if (isset($token)) { $user_id = VerifyToken($token, $user_id, $username); if ($user_id === FALSE) { throw new Exception("Your session has expired. Please log in again."); } $token = $token; } $dbh = new PDOConnection(); // Could not verify by token, try by username/email and password if (empty($user_id)) { $row = GetUserInfo($dbh, $username, $email, $password); //user verified, return proper landing page content $user_id = $row['id']; $token = GenerateToken($username, $password); StoreToken($username, $token); } return array_merge(GetLandingPageContent($dbh, $user_id), array('token' => $token)); }
function update_user($user) { if (!(isset($user['email']) || isset($user['username']) || isset($user['password']))) { throw new Exception("Nothing changed!"); } $dbh = new PDOConnection(); $query = "SELECT id,username,email,password,token,last_updated FROM users WHERE id = :id"; $sth = $dbh->prepare($query); $id = $user['user_id']; $sth->bindParam(':id', $id, PDO::PARAM_INT); if (!$sth->execute()) { throw new Exception($sth->errorInfo()[2]); } if (!($oldValues = $sth->fetch())) { throw new Exception("User id: '" . $id . "' not found!"); } // if you change username you must provide password if (isset($user['username']) && !isset($user['password'])) { throw new Exception("Must provide password to change username."); } $email = isset($user['email']) ? $user['email'] : $oldValues['email']; $username = isset($user['username']) ? $user['username'] : $oldValues['username']; $password = isset($user['password']) ? hash_password($user['password'], $username) : $oldValues['password']; $token = $oldValues['token']; $query = "UPDATE users \n SET username = :username, email = :email, password = :password \n WHERE id = :id"; $sth = $dbh->prepare($query); $sth->bindParam(':id', $id, PDO::PARAM_INT); $sth->bindParam(':username', $username); $sth->bindParam(':email', $email); $sth->bindParam(':password', $password); if (!$sth->execute()) { throw new Exception($sth->errorInfo()[2]); } if (isset($user['password'])) { $token = GenerateToken($username, $user['password']); StoreToken($username, $token); } return array('id' => $id, 'email' => $email, 'username' => $username, 'token' => $token); }
<?php /** * Generate Token Utility * Will provide a new token for any sensor id * ADMIN ONLY * * Generate Token Utility * gentoken.php?sid=0 */ if (isset($_GET['sid'])) { include_once '../config.php'; include_once '../dbfunctions.php'; $sid = $_GET['sid']; $conn = OrclConnect(); $token = GenerateToken($conn, $sid); if ($token == false) { echo "Gen Token Failed"; } else { echo "Sensor ID : ", $sid, "<br>\n"; echo "Token : ", $token, "<br>"; } oci_close($conn); }
function sendmail($info, $subject, $vue) { $destinataire = $info['email']; $token = GenerateToken(); ob_start(); require_once 'view/_required/' . $vue; $message = ob_get_contents(); ob_end_clean(); $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=utf-8' . "\r\n"; $headers .= 'From: Admin@MySporTeam.com' . "\r\n"; if (mail($destinataire, $subject, $message, $headers)) { return $token; } else { return ''; } }