Exemplo n.º 1
0
<?php

error_reporting(0);
require_once "./vendor/autoload.php";
session_start();
if (isset($_POST['csrf'])) {
    $phpSessId = sha1(mcrypt_create_iv(22, MCRYPT_DEV_URANDOM));
    $_SESSION['phpsessid'] = $phpSessId;
    echo $phpSessId;
} elseif ($_POST['phpsessid'] == $_SESSION['phpsessid'] && isset($_POST['email']) && isset($_POST['phpsessid'])) {
    $userEmail = trim($_POST['email']);
    $valideEmail = new \Validators\ValidatorService();
    $validationStatus = $valideEmail->ValidaMail($userEmail);
    $response = new stdClass();
    if ($validationStatus === 1) {
        $response->code_operation = "recovery";
        $response->status = "false";
        echo json_encode($response);
    } elseif ($validationStatus === 0) {
        $dbConnection = new \PhpServicesKit\DbConnection\DbConnection();
        $checkUserEmailStatus = $dbConnection->checkUserEmail($userEmail);
        if ($checkUserEmailStatus === 1) {
            $response->code_operation = "recovery";
            $response->status = "false";
            echo json_encode($response);
        } elseif ($checkUserEmailStatus === 0) {
            $newRecoveryRequest = new \PhpServicesKit\PasswordRecovery\RecoveryService();
            $newPasswordRequest = $newRecoveryRequest->createNewPasswordRequest($userEmail);
            if ($newPasswordRequest === 0) {
                $response->code_operation = "recovery";
                $response->status = "true";
Exemplo n.º 2
0
<?php

error_reporting(0);
require_once "./vendor/autoload.php";
session_start();
if (isset($_POST['csrf_token']) && $_POST['csrf_token'] == "true") {
    $csrfToken = sha1(mcrypt_create_iv(22, MCRYPT_DEV_URANDOM));
    $_SESSION['csrf_token'] = $csrfToken;
    echo $csrfToken;
} elseif (isset($_POST['password']) && isset($_POST['length']) && isset($_POST['email']) && isset($_POST['csrf_token']) && $_POST['csrf_token'] == $_SESSION['csrf_token']) {
    $password = trim($_POST['password']);
    $length = trim($_POST['length']);
    $userEmail = trim($_POST['email']);
    $myValidator = new \Validators\ValidatorService();
    $validationStatus = $myValidator->loginValidator($userEmail, $password, $length);
    $response = new stdClass();
    if ($validationStatus === 1) {
        $response->code_operation = "login";
        $response->status = "false";
        $response->description = $myValidator->statusMessage;
        echo json_encode($response);
    } elseif ($validationStatus === 0) {
        $newLogin = new \PhpServicesKit\LoginKit\LogIn();
        $responseMessage = $newLogin->doLogin($userEmail, $password);
        echo json_encode($responseMessage);
    } else {
        $response->code_operation = "login";
        $response->status = "false";
        $response->description = \Messages\MessageService::DEFAULT_ERROR;
        echo json_encode($response);
    }
Exemplo n.º 3
0
<?php

error_reporting(0);
require_once "./vendor/autoload.php";
if (isset($_POST["password"]) && isset($_POST['v_password']) && isset($_POST['v_password_strength']) && isset($_POST['password_strength']) && isset($_POST['password_strength']) && isset($_POST['username']) && isset($_POST['email'])) {
    $passwordForm = trim($_POST['password']);
    $vPasswordForm = trim($_POST['v_password']);
    $vPasswordFormStrength = trim($_POST['v_password_strength']);
    $passwordFormStrength = trim($_POST['password_strength']);
    $userName = trim($_POST['username']);
    $userEmail = trim($_POST['email']);
    $myValidator = new \Validators\ValidatorService();
    $validationStatus = $myValidator->registerValidator($userName, $userEmail, $passwordForm, $vPasswordForm, $passwordFormStrength, $vPasswordFormStrength);
    $response = new stdClass();
    if ($validationStatus === 1) {
        $response->code_operation = "signup";
        $response->status = "false";
        $response->description = $myValidator->statusMessage;
        echo json_encode($response);
    } elseif ($validationStatus === 0) {
        $newSignup = new \PhpServicesKit\SignupKit\SignUp();
        $responseMessage = $newSignup->doSignup($passwordForm, $userName, $userEmail);
        echo json_encode($responseMessage);
    } else {
        $response->code_operation = "signup";
        $response->status = "false";
        $response->description = \Messages\MessageService::DEFAULT_ERROR;
        echo json_encode($response);
    }
} else {
    $response->code_operation = "signup";
Exemplo n.º 4
0
require_once './libs/csrf-magic/csrf-magic.php';
require_once './vendor/autoload.php';
//if (!isset($_SERVER['HTTPS']) || !$_SERVER['HTTPS']) {
//    // request is not using SSL, redirect to https, or fail
//    header("Location: https://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]);
//    exit();
//}else
if ($_SERVER['REQUEST_METHOD'] == 'POST' && csrf_check() === true && isset($_POST['userEmail']) && isset($_POST['newPassword']) && isset($_POST['vPassword']) && isset($_GET['token'])) {
    echo "<br>";
    echo "restoring password...";
    echo "<br>";
    $password = trim($_POST['newPassword']);
    $vPassword = trim($_POST['vPassword']);
    $userEmail = trim($_POST['userEmail']);
    $token = trim($_GET['token']);
    $passwordValidationService = new \Validators\ValidatorService();
    $validationStatus = $passwordValidationService->recoveryValidator($userEmail, $password, $vPassword);
    if ($validationStatus === 0) {
        $restoreService = new \PhpServicesKit\PasswordRecovery\RecoveryService();
        $resetPassword = $restoreService->restoreNewPassword($userEmail, $password, $token);
        if ($resetPassword === 0) {
            echo "\n            <meta name='viewport' content='width=device-width'/>\n            <p style='color: lawngreen'>Password has been restored successfully</p>\n            ";
        } else {
            echo "\n            <meta name='viewport' content='width=device-width'/>\n            <p style='color: red'>Error restoring password. Try again</p>\n            ";
        }
    } else {
        echo "\n            <meta name='viewport' content='width=device-width'/>\n            <p style='color: red'>Missing data, incorrect or password too weak. You need at least 8 char password</p>\n            ";
    }
} elseif (isset($_GET['token'])) {
    echo '
        <!DOCTYPE html>