public function recoverByEmail($postdata)
{
$ip = $_SERVER["REMOTE_ADDR"];
$recoverLog = new RecoveryLog($this->db);
$recoverLog->check($ip);
$sth = $this->db->prepare("SELECT id, username, enabled, email, secret FROM users WHERE email = ?");
$sth->bindParam(1, $postdata["email"], PDO::PARAM_STR);
$sth->execute();
$res = $sth->fetch(PDO::FETCH_ASSOC);
if (!$res) {
throw new Exception('Ingen användare i databasen matchar emailadressen.', 401);
}
if ($res["enabled"] == "no") {
throw new Exception("Användarkontot är avstängt med anledning [b]" . $res["secret"] . "[/b].", 401);
}
$secret = md5(uniqid());
$this->db->query("UPDATE users SET secret = " . $this->db->quote($secret) . " WHERE id = " . $res["id"]);
$headers = "Reply-To: " . Helper::$name . " <" . Helper::$siteMail . ">\r\n";
$headers .= "Return-Path: " . Helper::$name . " <" . Helper::$siteMail . ">\r\n";
$headers .= "From: " . Helper::$name . " <" . Helper::$siteMail . ">\r\n";
$headers .= "Organization: " . Helper::$siteName . "\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-type: text/plain; charset=utf-8\r\n";
$headers .= "X-Mailer: PHP" . phpversion() . "\r\n";
$siteName = Helper::$siteName;
$siteUrl = Helper::$siteUrl;
$body = <<<EOD
Någon, förhoppningsvis du, har försökt återställa lösenordet till kontot kopplat till denna email.
Om du vill fortsätta återställa lösenordet, följ länken:
{$siteUrl}/recover/{$secret}
--
{$siteName}
EOD;
mail($res["email"], Helper::$siteName . " password reset confirmation", $body, $headers, "-f" . Helper::$siteMail);
$hostname = gethostbyaddr($ip);
$recoverLog->create(array("email" => $res["email"], "userid" => $res["id"], "ip" => $ip, "hostname" => $hostname));
}
break;
case validateRoute('PATCH', 'reports/\\d+'):
$reports = new Reports($db, $user);
httpResponse($reports->update((int) $params[1], $postdata));
break;
case validateRoute('DELETE', 'reports/\\d+'):
$reports = new Reports($db, $user);
httpResponse($reports->delete((int) $params[1]));
break;
case validateRoute('GET', 'adminlogs'):
$adminlogs = new AdminLogs($db, $user);
list($result, $totalCount) = $adminlogs->query(array("limit" => $_GET["limit"], "index" => $_GET["index"], "search" => $_GET["searchText"]));
httpResponse($result, $totalCount);
break;
case validateRoute('GET', 'recovery-logs'):
$recoveryLog = new RecoveryLog($db, $user);
list($result, $totalCount) = $recoveryLog->query(array("limit" => $_GET["limit"], "index" => $_GET["index"]));
httpResponse($result, $totalCount);
break;
case validateRoute('GET', 'sqlerrors'):
$sqlerrors = new SqlErrors($db, $user);
list($result, $totalCount) = $sqlerrors->query(array("limit" => $_GET["limit"], "index" => $_GET["index"]));
httpResponse($result, $totalCount);
break;
case validateRoute('GET', 'cheatlogs'):
$cheatlogs = new CheatLogs($db, $user);
list($result, $totalCount) = $cheatlogs->query(array("limit" => $_GET["limit"], "index" => $_GET["index"], "userid" => $_GET["userid"]));
httpResponse($result, $totalCount);
break;
case validateRoute('GET', 'admin-mailbox'):
$adminMailbox = new AdminMailbox($db, $user);
public function recoverByEmail($postdata)
{
$ip = $_SERVER["REMOTE_ADDR"];
$recoverLog = new RecoveryLog($this->db);
$recoverLog->check($ip);
$hashedEmail = $this->hashEmail($postdata["email"]);
$sth = $this->db->prepare("SELECT id, username, enabled, email, secret FROM users WHERE email = ?");
$sth->bindParam(1, $hashedEmail, PDO::PARAM_STR);
$sth->execute();
$res = $sth->fetch(PDO::FETCH_ASSOC);
if (!$res) {
throw new Exception(L::get("USER_EMAIL_NO_MATCH"), 401);
}
if ($res["enabled"] == "no") {
throw new Exception(L::get("USER_DISABLED", [$res["secret"]]), 401);
}
$secret = md5(uniqid());
$this->db->query("UPDATE users SET secret = " . $this->db->quote($secret) . " WHERE id = " . $res["id"]);
$headers = "Reply-To: " . Config::NAME . " <" . Config::SITE_MAIL . ">\r\n";
$headers .= "Return-Path: " . Config::NAME . " <" . Config::SITE_MAIL . ">\r\n";
$headers .= "From: " . Config::NAME . " <" . Config::SITE_MAIL . ">\r\n";
$headers .= "Organization: " . Config::SITE_NAME . "\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-type: text/plain; charset=utf-8\r\n";
$headers .= "X-Mailer: PHP" . phpversion() . "\r\n";
$siteName = Config::SITE_NAME;
$siteUrl = Config::SITE_URL;
$body = L::get("RECOVER_EMAIL", [$siteUrl, $secret, $siteName]);
mail($postdata["email"], Config::SITE_NAME . " password reset confirmation", $body, $headers, "-f" . Config::SITE_MAIL);
$hostname = gethostbyaddr($ip);
$recoverLog->create(array("email" => $hashedEmail, "userid" => $res["id"], "ip" => $ip, "hostname" => $hostname));
}
