124 lines
3.7 KiB
PHP
124 lines
3.7 KiB
PHP
<?php
|
|
class LoginModel{
|
|
const ID_TYPE_CUSTOMER = 2;
|
|
|
|
/**
|
|
* generatates a new password for the user given
|
|
* @param String $mail email of the user
|
|
* @return String confirtmation message
|
|
*/
|
|
public static function forgotPassword($mail) {
|
|
global $database;
|
|
$mail = $database->escapeValue($mail);
|
|
$now = new DateTime();
|
|
$now = $now->format('Y-m-d H:i:s');
|
|
|
|
$sql = "SELECT
|
|
u.username,
|
|
u.mail,
|
|
rut.idType AS idUserType,
|
|
ut.type AS type,
|
|
IF(
|
|
ADDTIME(u.tokenTS, '00:05') > '".$now."',
|
|
0,
|
|
1
|
|
) AS allowPasswordGeneration
|
|
FROM ".TABLES['users']." u
|
|
INNER JOIN ".TABLES['rel_user_type']." rut
|
|
ON rut.idUser=u.id
|
|
INNER JOIN ".TABLES['user_types']." ut
|
|
ON ut.id=rut.idType
|
|
WHERE mail = '".$mail."'";
|
|
|
|
$userInfo = $database->fetchResultArray($sql);
|
|
|
|
if(count($userInfo) == 0) {
|
|
$data['messages'][] = [
|
|
'code' => 'danger',
|
|
'message' => 'NO_USER'
|
|
];
|
|
|
|
return $data;
|
|
}
|
|
|
|
foreach ($userInfo as $info) {
|
|
if($info['allowPasswordGeneration'] == 1) {
|
|
$messageData = self::generateTokenForUserPassword(json_encode($info));
|
|
$data['messages'][] = [
|
|
'code' => 'success',
|
|
'message' => 'GENERATED_SUCCESSFULLY'
|
|
];
|
|
} else {
|
|
$data['messages'][] = [
|
|
'code' => 'warning',
|
|
'message' => 'CHANGE_LATER'
|
|
];
|
|
}
|
|
}
|
|
|
|
return $data;
|
|
}
|
|
|
|
/**
|
|
* generates a new random password for the user provided
|
|
* @param Array $userInfo contains username and password for the user of the password to change
|
|
* @return Array confirmation message
|
|
*/
|
|
public static function generateTokenForUserPassword($userInfo) {
|
|
global $database, $user;
|
|
$userInfo = (array) json_decode($userInfo);
|
|
|
|
$token = bin2hex(random_bytes(16));
|
|
$tokenTimestamp = new DateTime();
|
|
$sql = "UPDATE
|
|
".TABLES['users']." u
|
|
SET
|
|
u.token='".$token."',
|
|
u.tokenTS='".$tokenTimestamp->format('Y-m-d H:i:s')."'
|
|
WHERE u.username='".$database->escapeValue($userInfo['username'])."'";
|
|
|
|
$result = $database->query($sql);
|
|
if($database->affectedRows() == 1) {
|
|
$data['messages'][] = [
|
|
'code' => 'success',
|
|
'message' => 'PASSWORD_GENERATED'
|
|
];
|
|
} else {
|
|
$data['messages'][] = [
|
|
'code' => 'error',
|
|
'message' => 'ERROR_PASSWORD_GENERATED'
|
|
];
|
|
}
|
|
|
|
$data['messages'][] = UtilsModel::sendUserConfirmationMail($userInfo, $userInfo['mail'], 'generate', $token);
|
|
|
|
return $data;
|
|
}
|
|
|
|
/**
|
|
* change password for a user based on token
|
|
* @param String $token token required to change the password
|
|
* @param HashArray $passwords new password and confirm password array
|
|
* @return HashArray update message
|
|
*/
|
|
public function changePassword($token, $passwords){
|
|
global $user;
|
|
$data = [];
|
|
|
|
$confirmTokenMessage = $user->checkPasswordToken($token);
|
|
if($confirmTokenMessage !== 'success') {
|
|
|
|
$data['messages'][] = [
|
|
'code' => 'error',
|
|
'message' => 'INVALID_CHANGE_TOKEN'
|
|
];
|
|
|
|
return $data;
|
|
}
|
|
|
|
$data = $user->resetPassword(json_encode($passwords));
|
|
|
|
return $data;
|
|
}
|
|
}
|