public function recoverByEmail($postdata) { $ip = $_SERVER["REMOTE_ADDR"]; $recoverLog = new RecoveryLog($this->db); $recoverLog->check($ip); $sth = $this->db->prepare("SELECT id, username, enabled, email, secret FROM users WHERE email = ?"); $sth->bindParam(1, $postdata["email"], PDO::PARAM_STR); $sth->execute(); $res = $sth->fetch(PDO::FETCH_ASSOC); if (!$res) { throw new Exception('Ingen användare i databasen matchar emailadressen.', 401); } if ($res["enabled"] == "no") { throw new Exception("Användarkontot är avstängt med anledning [b]" . $res["secret"] . "[/b].", 401); } $secret = md5(uniqid()); $this->db->query("UPDATE users SET secret = " . $this->db->quote($secret) . " WHERE id = " . $res["id"]); $headers = "Reply-To: " . Helper::$name . " <" . Helper::$siteMail . ">\r\n"; $headers .= "Return-Path: " . Helper::$name . " <" . Helper::$siteMail . ">\r\n"; $headers .= "From: " . Helper::$name . " <" . Helper::$siteMail . ">\r\n"; $headers .= "Organization: " . Helper::$siteName . "\r\n"; $headers .= "MIME-Version: 1.0\r\n"; $headers .= "Content-type: text/plain; charset=utf-8\r\n"; $headers .= "X-Mailer: PHP" . phpversion() . "\r\n"; $siteName = Helper::$siteName; $siteUrl = Helper::$siteUrl; $body = <<<EOD Någon, förhoppningsvis du, har försökt återställa lösenordet till kontot kopplat till denna email. Om du vill fortsätta återställa lösenordet, följ länken: {$siteUrl}/recover/{$secret} -- {$siteName} EOD; mail($res["email"], Helper::$siteName . " password reset confirmation", $body, $headers, "-f" . Helper::$siteMail); $hostname = gethostbyaddr($ip); $recoverLog->create(array("email" => $res["email"], "userid" => $res["id"], "ip" => $ip, "hostname" => $hostname)); }
break; case validateRoute('PATCH', 'reports/\\d+'): $reports = new Reports($db, $user); httpResponse($reports->update((int) $params[1], $postdata)); break; case validateRoute('DELETE', 'reports/\\d+'): $reports = new Reports($db, $user); httpResponse($reports->delete((int) $params[1])); break; case validateRoute('GET', 'adminlogs'): $adminlogs = new AdminLogs($db, $user); list($result, $totalCount) = $adminlogs->query(array("limit" => $_GET["limit"], "index" => $_GET["index"], "search" => $_GET["searchText"])); httpResponse($result, $totalCount); break; case validateRoute('GET', 'recovery-logs'): $recoveryLog = new RecoveryLog($db, $user); list($result, $totalCount) = $recoveryLog->query(array("limit" => $_GET["limit"], "index" => $_GET["index"])); httpResponse($result, $totalCount); break; case validateRoute('GET', 'sqlerrors'): $sqlerrors = new SqlErrors($db, $user); list($result, $totalCount) = $sqlerrors->query(array("limit" => $_GET["limit"], "index" => $_GET["index"])); httpResponse($result, $totalCount); break; case validateRoute('GET', 'cheatlogs'): $cheatlogs = new CheatLogs($db, $user); list($result, $totalCount) = $cheatlogs->query(array("limit" => $_GET["limit"], "index" => $_GET["index"], "userid" => $_GET["userid"])); httpResponse($result, $totalCount); break; case validateRoute('GET', 'admin-mailbox'): $adminMailbox = new AdminMailbox($db, $user);
public function recoverByEmail($postdata) { $ip = $_SERVER["REMOTE_ADDR"]; $recoverLog = new RecoveryLog($this->db); $recoverLog->check($ip); $hashedEmail = $this->hashEmail($postdata["email"]); $sth = $this->db->prepare("SELECT id, username, enabled, email, secret FROM users WHERE email = ?"); $sth->bindParam(1, $hashedEmail, PDO::PARAM_STR); $sth->execute(); $res = $sth->fetch(PDO::FETCH_ASSOC); if (!$res) { throw new Exception(L::get("USER_EMAIL_NO_MATCH"), 401); } if ($res["enabled"] == "no") { throw new Exception(L::get("USER_DISABLED", [$res["secret"]]), 401); } $secret = md5(uniqid()); $this->db->query("UPDATE users SET secret = " . $this->db->quote($secret) . " WHERE id = " . $res["id"]); $headers = "Reply-To: " . Config::NAME . " <" . Config::SITE_MAIL . ">\r\n"; $headers .= "Return-Path: " . Config::NAME . " <" . Config::SITE_MAIL . ">\r\n"; $headers .= "From: " . Config::NAME . " <" . Config::SITE_MAIL . ">\r\n"; $headers .= "Organization: " . Config::SITE_NAME . "\r\n"; $headers .= "MIME-Version: 1.0\r\n"; $headers .= "Content-type: text/plain; charset=utf-8\r\n"; $headers .= "X-Mailer: PHP" . phpversion() . "\r\n"; $siteName = Config::SITE_NAME; $siteUrl = Config::SITE_URL; $body = L::get("RECOVER_EMAIL", [$siteUrl, $secret, $siteName]); mail($postdata["email"], Config::SITE_NAME . " password reset confirmation", $body, $headers, "-f" . Config::SITE_MAIL); $hostname = gethostbyaddr($ip); $recoverLog->create(array("email" => $hashedEmail, "userid" => $res["id"], "ip" => $ip, "hostname" => $hostname)); }