From 26a4dc11c785131b956e272c8bcc0bc5807b6473 Mon Sep 17 00:00:00 2001 From: Peter Hoppe Date: Fri, 10 Feb 2023 01:15:55 +0100 Subject: [PATCH] passwort ok --- php/php-dog/classes/lib.php | 2 ++ php/php-dog/getPwToken.php | 32 +++++++++++++++++++++ php/php-dog/passwordReset.php | 48 ++++++++++++++++++++++++++++++-- php/php-dog/tstDateTime.php | 10 +++++++ php/php-dog/wantNewPw.php | 17 +++++++---- src/components/PasswordReset.tsx | 22 +++++++++++---- 6 files changed, 116 insertions(+), 15 deletions(-) create mode 100644 php/php-dog/tstDateTime.php diff --git a/php/php-dog/classes/lib.php b/php/php-dog/classes/lib.php index 5ad99b1..1f19dfe 100644 --- a/php/php-dog/classes/lib.php +++ b/php/php-dog/classes/lib.php @@ -1,4 +1,6 @@ pwtoken) @@ -48,6 +50,36 @@ try if($stmt->rowCount()) { $row = $stmt->fetch(PDO::FETCH_ASSOC); + $expire = new DateTime($row['pwt_time']); + $expire->add(new DateInterval('PT' . $G_pwtoken_time_expire . 'M')); +// var_dump($expire); + $now = new DateTime(); +// var_dump($now); + if($now > $expire) + { + $null_var = null; + $sql = "UPDATE dogs SET pwtoken=?, pwt_time=? WHERE id=?"; + $conn->prepare($sql)->execute([$null_var, $null_var, $row['id']]); + + $returnData = new CMsg( + 0, + 200, + 'Passwordtoken: '. $pwtoken . ' time expired!', + null, + $row + ); + + } + else + { + $returnData = new CMsg( + 1, + 200, + 'Passwordtoken: '. $pwtoken . ' valid!', + null, + $row + ); + } } else { diff --git a/php/php-dog/passwordReset.php b/php/php-dog/passwordReset.php index c8a4cc5..3de1442 100644 --- a/php/php-dog/passwordReset.php +++ b/php/php-dog/passwordReset.php @@ -13,9 +13,51 @@ require __DIR__.'/classes/lib.php'; $db_connection = new Database(); $conn = $db_connection->dbConnection(); -$data = json_decode(file_get_contents("php://input")); +//var_dump($_POST); -var_dump($data); -var_dump($_POST); +//IF REQUEST METHOD IS NOT EQUAL TO POST +if($_SERVER["REQUEST_METHOD"] != "POST") +{ + $returnData = new CMsg(0,404,'Page Not Found! REQUEST_METHOD'); + echo $returnData->jsonarray(); + return; +} +if( + !isset($_POST['password1']) + || !isset($_POST['id']) + || empty(trim($_POST['password1'])) + || empty(trim($_POST['id'])) + ) +{ + $fields = ['fields' => ['password','passwordToken','id']]; + $returnData = new CMsg(0,422,'Please Fill in all Required Fields!',$fields); + echo $returnData->jsonarray(); + return; +} + + +$password = $_POST['password1']; +$id = $_POST['id']; +if (strlen($password) < 8) +{ + $returnData = new CMsg(0, 422, 'Your password must be at least 8 characters long!'); + echo $returnData->jsonarray(); + return; +} + +$pwcrypt = password_hash($password, PASSWORD_DEFAULT); +$null_var = null; +try +{ + $sql = "UPDATE dogs SET password=?, pwtoken=?, pwt_time=? WHERE id=?"; + $conn->prepare($sql)->execute([$pwcrypt, $null_var, $null_var, $id]); + $returnData = new CMsg(1, 200, 'Password reset successfully!'); +} +catch(PDOException $e) +{ + $returnData = new CMsg(0, 500, $e->getMessage() ); +} + +echo $returnData->jsonarray(); ?> \ No newline at end of file diff --git a/php/php-dog/tstDateTime.php b/php/php-dog/tstDateTime.php new file mode 100644 index 0000000..bb184a3 --- /dev/null +++ b/php/php-dog/tstDateTime.php @@ -0,0 +1,10 @@ +add(new DateInterval('PT' . $G_pwtoken_time_expire . 'M')); +var_dump($expire); + +?> \ No newline at end of file diff --git a/php/php-dog/wantNewPw.php b/php/php-dog/wantNewPw.php index fdf1bf9..c933a42 100644 --- a/php/php-dog/wantNewPw.php +++ b/php/php-dog/wantNewPw.php @@ -22,18 +22,20 @@ require __DIR__.'/classes/lib.php'; $db_connection = new Database(); $conn = $db_connection->dbConnection(); - - function updatePwtoken($email, $pwtoken) { global $conn; - - $sql = "UPDATE dogs SET pwtoken=? WHERE email=?"; - $conn->prepare($sql)->execute([$pwtoken, $email]); + $now = new DateTime(); + $sql = "UPDATE dogs SET pwtoken=?, pwt_time=? WHERE email=?"; + $conn->prepare($sql)->execute([$pwtoken, $now->format('Y-m-d H:i:s'), $email]); } function sendMail($email, $pwtoken) { + global $G_pwtoken_time_expire; + $expires = new DateTime(); + $expires->add(new DateInterval('PT' . $G_pwtoken_time_expire . 'M')); + $expiresStr = $expires->format('d.m.Y H:i:s'); $mail = new CNetcupMailer(); $mail->CharSet = "UTF-8"; @@ -45,7 +47,10 @@ function sendMail($email, $pwtoken) //Content $mail->Subject = 'Passwort zurücksetzen!'; - $mail->Body = '

Neues Passwort setzen

Setzen'; + $mail->Body = +"

Neues Passwort setzen

+

Gültig bis $expiresStr

+Setzen"; return $mail->send(); } diff --git a/src/components/PasswordReset.tsx b/src/components/PasswordReset.tsx index 31dd110..93688e1 100644 --- a/src/components/PasswordReset.tsx +++ b/src/components/PasswordReset.tsx @@ -15,7 +15,7 @@ export default function PasswordReset() password2:'' }); - const { data, error, isLoading } = useSWR({'ptoken': passwordToken}, getPwToken); + const { data, error, isLoading } = useSWR({'pwtoken': passwordToken}, getPwToken); // data ist dogdata, logindata holt sich getProfilData.php aus $_SESSION if (error) return (
failed to load
); if (isLoading) return (
loading...
); @@ -27,6 +27,16 @@ export default function PasswordReset() }) } + if(!data.success) + { + return( +
+ +

Email nicht mehr gültig!

+
+ ) + } + const submitForm = async (e: React.FormEvent) => { e.preventDefault(); @@ -53,17 +63,17 @@ export default function PasswordReset() sendData.append(key, values[index]); } - sendData.append('passwordToken', passwordToken!); + sendData.append('id', data.data.id); - const data = await passwordReset(sendData); - if(data.success) + const dataRes = await passwordReset(sendData); + if(dataRes.success) { toast.success('Erfolgreich Passwort geändert!'); e.currentTarget.reset(); } - else if(!data.success && data.message) + else if(!dataRes.success && dataRes.message) { - toast.error(data.message); + toast.error(dataRes.message); } }