/** * Process Login from api * * @return userID, Email and Token */ public function loginAction() { //The login request should be POST method $request = $_POST; $token = isset($request['TOKEN']) ? trim($request['TOKEN']) : null; $email = isset($request['email']) ? trim($request['email']) : null; $password = isset($request['password']) ? trim($request['password']) : null; if (!$token) { return ['STATUS_CODE' => STATUS_CODE_BAD_REQUEST, 'DATA' => buckys_api_get_error_result('Api token should not be blank')]; } if ($token != THENEWBOSTON_PUBLIC_API_KEY) { return ['STATUS_CODE' => STATUS_CODE_UNAUTHORIZED, 'DATA' => buckys_api_get_error_result('Api token is not valid.')]; } $info = buckys_get_user_by_email($email); if (buckys_not_null($info) && buckys_validate_password($password, $info['password'])) { if ($info['status'] == 0) { //Account is not verified return ['STATUS_CODE' => STATUS_CODE_OK, 'DATA' => buckys_api_get_error_result(MSG_ACCOUNT_NOT_VERIFIED)]; } else { //Remove Old Token BuckysUsersToken::removeUserToken($info['userID'], 'api'); //Create New Token $token = BuckysUsersToken::createNewToken($info['userID'], 'api'); return ['STATUS_CODE' => STATUS_CODE_OK, 'DATA' => ['STATUS' => 'SUCCESS', 'TOKEN' => $token, 'EMAIL' => $info['email'], 'USERID' => $info['userID']]]; } } else { return ['STATUS_CODE' => STATUS_CODE_OK, 'DATA' => buckys_api_get_error_result('Email or password is not correct.')]; } }
/** * Create new password and send it to user * * @param String $email */ public function resetPassword($email) { global $db; $email = trim($email); if (!$email) { buckys_redirect('/register.php?forgotpwd=1', MSG_EMPTY_EMAIL, MSG_TYPE_ERROR); return; } //Check Email Address if (!preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\\._-]+)+\$/", $email)) { buckys_redirect('/register.php?forgotpwd=1', MSG_INVALID_EMAIL, MSG_TYPE_ERROR); return false; } $query = $db->prepare("SELECT userID FROM " . TABLE_USERS . " WHERE email=%s", $email); $userID = $db->getVar($query); if (!$userID) { buckys_redirect('/register.php?forgotpwd=1', MSG_EMAIL_NOT_FOUND, MSG_TYPE_ERROR); return false; } $data = BuckysUser::getUserData($userID); //Remove Old Token BuckysUsersToken::removeUserToken($userID, 'password'); //Create New Token $token = BuckysUsersToken::createNewToken($userID, 'password'); $link = "http://" . $_SERVER['HTTP_HOST'] . "/reset_password.php?token=" . $token; //Send an email to user with the link $title = "Reset your password."; $body = "Dear " . $data['firstName'] . " " . $data['lastName'] . "\n\n" . "Please reset your password by using the below link:\n" . $link . "\n\nBuckysroom.com"; require_once DIR_FS_INCLUDES . "phpMailer/class.phpmailer.php"; buckys_sendmail($data['email'], $data['firstName'] . " " . $data['lastName'], $title, $body); buckys_redirect('/register.php', MSG_RESET_PASSWORD_EMAIL_SENT, MSG_TYPE_SUCCESS); return; }
//Account Not Verified or Banned buckys_redirect('/index.php', !$info['token'] ? MSG_ACCOUNT_BANNED : MSG_ACCOUNT_NOT_VERIFIED, MSG_TYPE_ERROR); } else { //Login Success //Clear Login Attempts BuckysTracker::clearLoginAttemps(); //Restart Session session_regenerate_id(true); $_SESSION['userID'] = $info['userID']; //Init Some Session Values $_SESSION['converation_list'] = []; //Create Login Cookie Token $login_token = hash('sha256', time() . buckys_generate_random_string(20, true) . time()); $login_token_secure = md5($login_token); //Store Login Token BuckysUsersToken::removeUserToken($info['userID'], "auth"); BuckysUsersToken::createNewToken($info['userID'], "auth", $login_token_secure); //Slice the login token to three pieces $login_token_piece1 = substr($login_token, 0, 20); $login_token_piece2 = substr($login_token, 20, 20); $login_token_piece3 = substr($login_token, 40); //If website is using SSL, use secure cookies if (SITE_USING_SSL == true) { setcookie('COOKIE_KEEP_ME_NAME1', base64_encode($login_token_piece1), time() + COOKIE_LIFETIME, "/", TNB_DOMAIN, true, true); setcookie('COOKIE_KEEP_ME_NAME2', base64_encode($login_token_piece3), time() + COOKIE_LIFETIME, "/", TNB_DOMAIN, true, true); setcookie('COOKIE_KEEP_ME_NAME3', base64_encode($login_token_piece2), time() + COOKIE_LIFETIME, "/", TNB_DOMAIN, true, true); } else { setcookie('COOKIE_KEEP_ME_NAME1', base64_encode($login_token_piece1), time() + COOKIE_LIFETIME, "/", TNB_DOMAIN); setcookie('COOKIE_KEEP_ME_NAME2', base64_encode($login_token_piece3), time() + COOKIE_LIFETIME, "/", TNB_DOMAIN); setcookie('COOKIE_KEEP_ME_NAME3', base64_encode($login_token_piece2), time() + COOKIE_LIFETIME, "/", TNB_DOMAIN); }