function resetPasswordAction($db, $reset_key, $email_address, $password_token, $password, $user_password_repeat) { $response = $db->query('SELECT secret, request_timestamp FROM responses WHERE reset_key = :reset_key AND email_address = :email_address AND NOT used AND active', array(':reset_key' => $reset_key, ':email_address' => $email_address)); $validatedPassword = self::validateUserPassword($password, $user_password_repeat); if (!$validatedPassword) { return "INVALID PASSWORD"; } if ($response) { $created = DateTime::createFromFormat('Y-m-d G:i:s', $response[0]->request_timestamp); if ($created >= new DateTime('30 minutes ago')) { if (Password::verify($password_token, $response[0]->secret) && $password == $user_password_repeat) { $disable_token = $db->update("responses", array('used' => 1), array('reset_key' => $reset_key), array()); $hash = Password::make($password, PASSWORD_BCRYPT, array("cost" => 10)); $password_change = $db->exec('UPDATE Users SET password = :password WHERE email = :email', array(':password' => $hash, ':email' => $email_address)); return "Password Successfully Changed"; } } } else { return "INVALID RESET TOKEN"; } }
// global $db; // $app = \Slim\Slim::getInstance(); // $token = $app->request->headers->get('Authorization'); // $token = str_replace('"', "", $token); // $tokenFromDB = Users_model::get_user_by_token($db, $token); // if (!$tokenFromDB) { // echoResponse(403, "Invalid Token"); // exit(); // } // } // Users $app->post('/login', function () use($app) { global $db; $data = json_decode($app->request->getBody()); $user = Users_model::get_hash($db, $data->email); $hash = Password::make($data->password, PASSWORD_BCRYPT, array("cost" => 10)); if (Password::verify($data->password, $user[0]->password) == true) { echoResponse(200, $user[0]); } else { echoResponse(403, "Not a valid password"); } }); // 'authenticateToken', $app->get('/users', 'authenticateToken', function () use($app) { global $db; $rows = Users_model::get_users($db); // foreach (getallheaders() as $name => $value) { // var_dump(getallheaders()); // } echoResponse(200, $rows); });