function send_passwd($pid, $key)
{
global $db;
$query = 'first_name, last_name, mail from person where id="' . $pid . '" and passwd="' . $key . '"';
$db->select($query);
if ($db->num_rows != 1) {
return false;
}
$person = $db->data[0];
$to = $person['first_name'] . ' ' . $person['last_name'];
$tmpl = new tmpl('mail_new_passwd_subject.txt');
$subject = $tmpl->fdata;
$v['passwd'] = rand_passwd();
$tmpl = new tmpl('mail_new_passwd.txt', $v);
$data = $tmpl->fdata;
$mail = new mail($person['mail'], $to, $subject, $data, false, true);
if ($mail->sent) {
$query = 'person set passwd=old_password("' . $v['passwd'] . '") where id="' . $pid . '"';
$db->update($query);
}
return $mail->sent;
}
$app->add(new \Slim\Middleware\HttpBasicAuthentication(["path" => ["/users", "/groups"], "realm" => "Protected", "secure" => false, "environment" => "REDIRECT_HTTP_AUTHORIZATION", "authenticator" => new PdoAuthenticator(["pdo" => db::getPDO(), "table" => "users", "user" => "MtklNr", "hash" => "Password"])]));
$app->get('/', function () {
echo "RAUMSUCHE API";
});
// === USERS ===
$app->get('/users', function ($request, $response, $args) {
$users = User::getUsers();
echo json_encode($users);
});
$app->get('/users/{id}', function ($request, $response, $args) {
$user = User::getUserByMtrklNr($args['id']);
echo json_encode($user);
});
$app->put('/register', function ($request, $response, $args) {
$put = json_decode($request->getBody());
$password = rand_passwd();
// make it a PHP associative array
$putArray = get_object_vars($put);
$user = new User($putArray['mtklNr'], password_hash($password, PASSWORD_DEFAULT), $putArray['name'], $putArray['faculty']);
sendEmail($putArray['mtklNr'], $password);
$user->add();
echo json_encode($user);
});
$app->post('/users/{id}', function ($request, $response, $args) {
$server_params = $request->getServerParams();
if (preg_match("/Basic\\s+(.*)\$/i", $server_params["REDIRECT_HTTP_AUTHORIZATION"], $matches)) {
list($user, $password) = explode(":", base64_decode($matches[1]));
}
if ($args['id'] == $user) {
$post = json_decode($request->getBody());
$postArray = get_object_vars($post);
function passwordResetByEmail($userid)
{
$table = "users";
$cond = "ID=" . $userid;
$newPassword = rand_passwd();
$fieldname = "password";
$newval = "'" . md5($newPassword) . "'";
if (updaterec($table, $fieldname, $newval, $cond)) {
$fields = "username,name,email";
$rows = singlerec($fields, $table, $cond);
$row = mysql_fetch_row($rows);
$message = "Your password reset link send to your e-mail address.";
$to = $row[2];
$subject = "Total Admin - Password reset";
$from = '*****@*****.**';
$rPass = md5(time());
$body = '<span style="font-family:arial,verdana">Hi ' . $row[1] . ', <br/> <br/>Your Username is: ' . $row[0] . ' <br><br>Your password has been reset to: <b>' . $newPassword . "</b></span><br/><br/>Regards,<br/>Bajaj Admin.";
$headers = "From: " . strip_tags($from) . "\r\n";
$headers .= "Reply-To: " . strip_tags($from) . "\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
$headers .= "X-Mailer: PHP/" . phpversion();
//echo $body;
if (mail($to, $subject, $body, $headers)) {
$arr = array('status' => 1, 'message' => 'Password Reset Successful.' . $to);
} else {
$arr = array('status' => 0, 'message' => 'Password Reset Un-Successful.');
}
echo json_encode($arr);
}
}
