public function generate_code() { global $CONFIG; global $PAGES; global $SRC; global $LIB; $email = $this->session['login-email']; $curr_user = null; foreach ($this->all_users as $user) { if ($user->email === $email) { $curr_user = $user; break; } } clear_session(); $rec_code_table = $CONFIG['db']['tables']['recovery_codes']; $return = array(); // to be turned into json and sent as response if ($curr_user != null) { $code = null; $query = sprintf('SELECT code FROM %s WHERE user_id=%s;', $rec_code_table, $curr_user->id); $result = $this->db->query($query); if ($entry = $result->fetch_assoc()) { $code = $entry['code']; } else { require_once "{$LIB}/util.php"; $code = generate_random_word_comb(); $query = sprintf('INSERT INTO %s (user_id, code) VALUES (%s, "%s");', $rec_code_table, $curr_user->id, $code); $this->db->query($query); } $recovery_string = "Please enter the following code to continue your recovery process: {$code}. If you did not initialize this process, please contact an admin."; email(array($curr_user), "House Banking Password Recovery", $recovery_string, $recovery_string); $return['success'] = '1'; } else { $return['success'] = '0'; } echo json_encode($return, JSON_FORCE_OBJECT); // should be in the view but wtvr }
private function register_code() { global $CONFIG; global $LIB; require_once "{$LIB}/util.php"; $session = $this->session; $register_code_table = $CONFIG['db']['tables']['register_codes']; if (array_key_exists('delete', $session)) { foreach ($session as $key => $value) { if (preg_match('/^select(\\w+)$/', $key, $match)) { $query = sprintf('DELETE FROM %s WHERE code=?;', $register_code_table); $stmt = $this->db->prepare($query); if (!$stmt->bind_param('s', $match[1])) { echo 'Binding parameter failed: (' . $stmt->errno . ') ' . $stmt->error; } if (!$stmt->execute()) { echo 'Execution failed: (' . $stmt->errno . ') ' . $stmt->error; } } } $this->status = 'deleted_code'; } else { if (array_key_exists('generate', $session)) { $new_code = generate_random_word_comb(); $query = sprintf('INSERT INTO %s (code) VALUES ("%s");', $register_code_table, $new_code); $this->db->query($query); $this->status = 'generated_code'; } } $this->view(); }