public function recoverByEmail($postdata) { $ip = $_SERVER["REMOTE_ADDR"]; $recoverLog = new RecoveryLog($this->db); $recoverLog->check($ip); $sth = $this->db->prepare("SELECT id, username, enabled, email, secret FROM users WHERE email = ?"); $sth->bindParam(1, $postdata["email"], PDO::PARAM_STR); $sth->execute(); $res = $sth->fetch(PDO::FETCH_ASSOC); if (!$res) { throw new Exception('Ingen användare i databasen matchar emailadressen.', 401); } if ($res["enabled"] == "no") { throw new Exception("Användarkontot är avstängt med anledning [b]" . $res["secret"] . "[/b].", 401); } $secret = md5(uniqid()); $this->db->query("UPDATE users SET secret = " . $this->db->quote($secret) . " WHERE id = " . $res["id"]); $headers = "Reply-To: " . Helper::$name . " <" . Helper::$siteMail . ">\r\n"; $headers .= "Return-Path: " . Helper::$name . " <" . Helper::$siteMail . ">\r\n"; $headers .= "From: " . Helper::$name . " <" . Helper::$siteMail . ">\r\n"; $headers .= "Organization: " . Helper::$siteName . "\r\n"; $headers .= "MIME-Version: 1.0\r\n"; $headers .= "Content-type: text/plain; charset=utf-8\r\n"; $headers .= "X-Mailer: PHP" . phpversion() . "\r\n"; $siteName = Helper::$siteName; $siteUrl = Helper::$siteUrl; $body = <<<EOD Någon, förhoppningsvis du, har försökt återställa lösenordet till kontot kopplat till denna email. Om du vill fortsätta återställa lösenordet, följ länken: {$siteUrl}/recover/{$secret} -- {$siteName} EOD; mail($res["email"], Helper::$siteName . " password reset confirmation", $body, $headers, "-f" . Helper::$siteMail); $hostname = gethostbyaddr($ip); $recoverLog->create(array("email" => $res["email"], "userid" => $res["id"], "ip" => $ip, "hostname" => $hostname)); }
public function recoverByEmail($postdata) { $ip = $_SERVER["REMOTE_ADDR"]; $recoverLog = new RecoveryLog($this->db); $recoverLog->check($ip); $hashedEmail = $this->hashEmail($postdata["email"]); $sth = $this->db->prepare("SELECT id, username, enabled, email, secret FROM users WHERE email = ?"); $sth->bindParam(1, $hashedEmail, PDO::PARAM_STR); $sth->execute(); $res = $sth->fetch(PDO::FETCH_ASSOC); if (!$res) { throw new Exception(L::get("USER_EMAIL_NO_MATCH"), 401); } if ($res["enabled"] == "no") { throw new Exception(L::get("USER_DISABLED", [$res["secret"]]), 401); } $secret = md5(uniqid()); $this->db->query("UPDATE users SET secret = " . $this->db->quote($secret) . " WHERE id = " . $res["id"]); $headers = "Reply-To: " . Config::NAME . " <" . Config::SITE_MAIL . ">\r\n"; $headers .= "Return-Path: " . Config::NAME . " <" . Config::SITE_MAIL . ">\r\n"; $headers .= "From: " . Config::NAME . " <" . Config::SITE_MAIL . ">\r\n"; $headers .= "Organization: " . Config::SITE_NAME . "\r\n"; $headers .= "MIME-Version: 1.0\r\n"; $headers .= "Content-type: text/plain; charset=utf-8\r\n"; $headers .= "X-Mailer: PHP" . phpversion() . "\r\n"; $siteName = Config::SITE_NAME; $siteUrl = Config::SITE_URL; $body = L::get("RECOVER_EMAIL", [$siteUrl, $secret, $siteName]); mail($postdata["email"], Config::SITE_NAME . " password reset confirmation", $body, $headers, "-f" . Config::SITE_MAIL); $hostname = gethostbyaddr($ip); $recoverLog->create(array("email" => $hashedEmail, "userid" => $res["id"], "ip" => $ip, "hostname" => $hostname)); }