Inheritance: implements IResource
Exemplo n.º 1
0
    public function recoverByEmail($postdata)
    {
        $ip = $_SERVER["REMOTE_ADDR"];
        $recoverLog = new RecoveryLog($this->db);
        $recoverLog->check($ip);
        $sth = $this->db->prepare("SELECT id, username, enabled, email, secret FROM users WHERE email = ?");
        $sth->bindParam(1, $postdata["email"], PDO::PARAM_STR);
        $sth->execute();
        $res = $sth->fetch(PDO::FETCH_ASSOC);
        if (!$res) {
            throw new Exception('Ingen användare i databasen matchar emailadressen.', 401);
        }
        if ($res["enabled"] == "no") {
            throw new Exception("Användarkontot är avstängt med anledning [b]" . $res["secret"] . "[/b].", 401);
        }
        $secret = md5(uniqid());
        $this->db->query("UPDATE users SET secret = " . $this->db->quote($secret) . " WHERE id = " . $res["id"]);
        $headers = "Reply-To: " . Helper::$name . " <" . Helper::$siteMail . ">\r\n";
        $headers .= "Return-Path: " . Helper::$name . " <" . Helper::$siteMail . ">\r\n";
        $headers .= "From: " . Helper::$name . " <" . Helper::$siteMail . ">\r\n";
        $headers .= "Organization: " . Helper::$siteName . "\r\n";
        $headers .= "MIME-Version: 1.0\r\n";
        $headers .= "Content-type: text/plain; charset=utf-8\r\n";
        $headers .= "X-Mailer: PHP" . phpversion() . "\r\n";
        $siteName = Helper::$siteName;
        $siteUrl = Helper::$siteUrl;
        $body = <<<EOD
Någon, förhoppningsvis du, har försökt återställa lösenordet till kontot kopplat till denna email.

Om du vill fortsätta återställa lösenordet, följ länken:

{$siteUrl}/recover/{$secret}

--

{$siteName}
EOD;
        mail($res["email"], Helper::$siteName . " password reset confirmation", $body, $headers, "-f" . Helper::$siteMail);
        $hostname = gethostbyaddr($ip);
        $recoverLog->create(array("email" => $res["email"], "userid" => $res["id"], "ip" => $ip, "hostname" => $hostname));
    }
Exemplo n.º 2
0
     break;
 case validateRoute('PATCH', 'reports/\\d+'):
     $reports = new Reports($db, $user);
     httpResponse($reports->update((int) $params[1], $postdata));
     break;
 case validateRoute('DELETE', 'reports/\\d+'):
     $reports = new Reports($db, $user);
     httpResponse($reports->delete((int) $params[1]));
     break;
 case validateRoute('GET', 'adminlogs'):
     $adminlogs = new AdminLogs($db, $user);
     list($result, $totalCount) = $adminlogs->query(array("limit" => $_GET["limit"], "index" => $_GET["index"], "search" => $_GET["searchText"]));
     httpResponse($result, $totalCount);
     break;
 case validateRoute('GET', 'recovery-logs'):
     $recoveryLog = new RecoveryLog($db, $user);
     list($result, $totalCount) = $recoveryLog->query(array("limit" => $_GET["limit"], "index" => $_GET["index"]));
     httpResponse($result, $totalCount);
     break;
 case validateRoute('GET', 'sqlerrors'):
     $sqlerrors = new SqlErrors($db, $user);
     list($result, $totalCount) = $sqlerrors->query(array("limit" => $_GET["limit"], "index" => $_GET["index"]));
     httpResponse($result, $totalCount);
     break;
 case validateRoute('GET', 'cheatlogs'):
     $cheatlogs = new CheatLogs($db, $user);
     list($result, $totalCount) = $cheatlogs->query(array("limit" => $_GET["limit"], "index" => $_GET["index"], "userid" => $_GET["userid"]));
     httpResponse($result, $totalCount);
     break;
 case validateRoute('GET', 'admin-mailbox'):
     $adminMailbox = new AdminMailbox($db, $user);
Exemplo n.º 3
0
 public function recoverByEmail($postdata)
 {
     $ip = $_SERVER["REMOTE_ADDR"];
     $recoverLog = new RecoveryLog($this->db);
     $recoverLog->check($ip);
     $hashedEmail = $this->hashEmail($postdata["email"]);
     $sth = $this->db->prepare("SELECT id, username, enabled, email, secret FROM users WHERE email = ?");
     $sth->bindParam(1, $hashedEmail, PDO::PARAM_STR);
     $sth->execute();
     $res = $sth->fetch(PDO::FETCH_ASSOC);
     if (!$res) {
         throw new Exception(L::get("USER_EMAIL_NO_MATCH"), 401);
     }
     if ($res["enabled"] == "no") {
         throw new Exception(L::get("USER_DISABLED", [$res["secret"]]), 401);
     }
     $secret = md5(uniqid());
     $this->db->query("UPDATE users SET secret = " . $this->db->quote($secret) . " WHERE id = " . $res["id"]);
     $headers = "Reply-To: " . Config::NAME . " <" . Config::SITE_MAIL . ">\r\n";
     $headers .= "Return-Path: " . Config::NAME . " <" . Config::SITE_MAIL . ">\r\n";
     $headers .= "From: " . Config::NAME . " <" . Config::SITE_MAIL . ">\r\n";
     $headers .= "Organization: " . Config::SITE_NAME . "\r\n";
     $headers .= "MIME-Version: 1.0\r\n";
     $headers .= "Content-type: text/plain; charset=utf-8\r\n";
     $headers .= "X-Mailer: PHP" . phpversion() . "\r\n";
     $siteName = Config::SITE_NAME;
     $siteUrl = Config::SITE_URL;
     $body = L::get("RECOVER_EMAIL", [$siteUrl, $secret, $siteName]);
     mail($postdata["email"], Config::SITE_NAME . " password reset confirmation", $body, $headers, "-f" . Config::SITE_MAIL);
     $hostname = gethostbyaddr($ip);
     $recoverLog->create(array("email" => $hashedEmail, "userid" => $res["id"], "ip" => $ip, "hostname" => $hostname));
 }