function send_passwd($pid, $key) { global $db; $query = 'first_name, last_name, mail from person where id="' . $pid . '" and passwd="' . $key . '"'; $db->select($query); if ($db->num_rows != 1) { return false; } $person = $db->data[0]; $to = $person['first_name'] . ' ' . $person['last_name']; $tmpl = new tmpl('mail_new_passwd_subject.txt'); $subject = $tmpl->fdata; $v['passwd'] = rand_passwd(); $tmpl = new tmpl('mail_new_passwd.txt', $v); $data = $tmpl->fdata; $mail = new mail($person['mail'], $to, $subject, $data, false, true); if ($mail->sent) { $query = 'person set passwd=old_password("' . $v['passwd'] . '") where id="' . $pid . '"'; $db->update($query); } return $mail->sent; }
$app->add(new \Slim\Middleware\HttpBasicAuthentication(["path" => ["/users", "/groups"], "realm" => "Protected", "secure" => false, "environment" => "REDIRECT_HTTP_AUTHORIZATION", "authenticator" => new PdoAuthenticator(["pdo" => db::getPDO(), "table" => "users", "user" => "MtklNr", "hash" => "Password"])])); $app->get('/', function () { echo "RAUMSUCHE API"; }); // === USERS === $app->get('/users', function ($request, $response, $args) { $users = User::getUsers(); echo json_encode($users); }); $app->get('/users/{id}', function ($request, $response, $args) { $user = User::getUserByMtrklNr($args['id']); echo json_encode($user); }); $app->put('/register', function ($request, $response, $args) { $put = json_decode($request->getBody()); $password = rand_passwd(); // make it a PHP associative array $putArray = get_object_vars($put); $user = new User($putArray['mtklNr'], password_hash($password, PASSWORD_DEFAULT), $putArray['name'], $putArray['faculty']); sendEmail($putArray['mtklNr'], $password); $user->add(); echo json_encode($user); }); $app->post('/users/{id}', function ($request, $response, $args) { $server_params = $request->getServerParams(); if (preg_match("/Basic\\s+(.*)\$/i", $server_params["REDIRECT_HTTP_AUTHORIZATION"], $matches)) { list($user, $password) = explode(":", base64_decode($matches[1])); } if ($args['id'] == $user) { $post = json_decode($request->getBody()); $postArray = get_object_vars($post);
function passwordResetByEmail($userid) { $table = "users"; $cond = "ID=" . $userid; $newPassword = rand_passwd(); $fieldname = "password"; $newval = "'" . md5($newPassword) . "'"; if (updaterec($table, $fieldname, $newval, $cond)) { $fields = "username,name,email"; $rows = singlerec($fields, $table, $cond); $row = mysql_fetch_row($rows); $message = "Your password reset link send to your e-mail address."; $to = $row[2]; $subject = "Total Admin - Password reset"; $from = '*****@*****.**'; $rPass = md5(time()); $body = '<span style="font-family:arial,verdana">Hi ' . $row[1] . ', <br/> <br/>Your Username is: ' . $row[0] . ' <br><br>Your password has been reset to: <b>' . $newPassword . "</b></span><br/><br/>Regards,<br/>Bajaj Admin."; $headers = "From: " . strip_tags($from) . "\r\n"; $headers .= "Reply-To: " . strip_tags($from) . "\r\n"; $headers .= "MIME-Version: 1.0\r\n"; $headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n"; $headers .= "X-Mailer: PHP/" . phpversion(); //echo $body; if (mail($to, $subject, $body, $headers)) { $arr = array('status' => 1, 'message' => 'Password Reset Successful.' . $to); } else { $arr = array('status' => 0, 'message' => 'Password Reset Un-Successful.'); } echo json_encode($arr); } }