passwort ok

php/php-dog/classes/lib.php

@@ -1,4 +1,6 @@
 <?php
+
+$G_pwtoken_time_expire = 30; // 30 min
 class  CMsg
 {
     var $success;

php/php-dog/getPwToken.php

@@ -25,6 +25,8 @@ if($_SERVER["REQUEST_METHOD"] != "POST")
     return;
 }
 
+//var_dump($data);
+
 // CHECKING EMPTY FIELDS
 if(
     !isset($data->pwtoken) 
@@ -48,6 +50,36 @@ try
     if($stmt->rowCount())
     {
         $row = $stmt->fetch(PDO::FETCH_ASSOC);
+        $expire = new DateTime($row['pwt_time']);
+        $expire->add(new DateInterval('PT' . $G_pwtoken_time_expire . 'M'));
+//        var_dump($expire);
+        $now = new DateTime();
+//        var_dump($now);
+        if($now > $expire)
+        {
+            $null_var = null;
+            $sql = "UPDATE dogs SET pwtoken=?, pwt_time=? WHERE id=?";
+            $conn->prepare($sql)->execute([$null_var, $null_var, $row['id']]);
+        
+            $returnData = new CMsg(
+                0,
+                200,
+                'Passwordtoken: '. $pwtoken . ' time expired!',
+                null,
+                $row
+            );
+    
+        }
+        else
+        {
+            $returnData = new CMsg(
+                1,
+                200,
+                'Passwordtoken: '. $pwtoken . ' valid!',
+                null,
+                $row
+            );
+        }
     }
     else
     {

php/php-dog/passwordReset.php

@@ -13,9 +13,51 @@ require __DIR__.'/classes/lib.php';
 $db_connection = new Database();
 $conn = $db_connection->dbConnection();
 
-$data = json_decode(file_get_contents("php://input"));
+//var_dump($_POST);
 
-var_dump($data);
+//IF REQUEST METHOD IS NOT EQUAL TO POST
-var_dump($_POST);
+if($_SERVER["REQUEST_METHOD"] != "POST")
+{
+    $returnData = new CMsg(0,404,'Page Not Found! REQUEST_METHOD');
+    echo $returnData->jsonarray();
+    return;
+}
 
+if(
+    !isset($_POST['password1']) 
+    || !isset($_POST['id']) 
+    || empty(trim($_POST['password1']))
+    || empty(trim($_POST['id']))
+    )
+{
+    $fields = ['fields' => ['password','passwordToken','id']];
+    $returnData = new CMsg(0,422,'Please Fill in all Required Fields!',$fields);
+    echo $returnData->jsonarray();
+    return;
+}
+
+
+$password = $_POST['password1'];
+$id = $_POST['id'];
+if (strlen($password) < 8)
+{
+    $returnData = new CMsg(0, 422, 'Your password must be at least 8 characters long!');
+    echo $returnData->jsonarray();
+    return;
+} 
+
+$pwcrypt = password_hash($password, PASSWORD_DEFAULT);
+$null_var = null;
+try
+{
+    $sql = "UPDATE dogs SET password=?, pwtoken=?, pwt_time=? WHERE id=?";
+    $conn->prepare($sql)->execute([$pwcrypt, $null_var, $null_var, $id]);
+    $returnData = new CMsg(1, 200, 'Password reset successfully!');
+}
+catch(PDOException $e)
+{
+    $returnData = new CMsg(0, 500, $e->getMessage() );
+}
+
+echo $returnData->jsonarray();
 ?>

php/php-dog/tstDateTime.php

@@ -0,0 +1,10 @@
+<?php
+require __DIR__.'/classes/lib.php';
+
+$now = new DateTime();
+var_dump($now);
+$expire = new DateTime();
+$expire->add(new DateInterval('PT' . $G_pwtoken_time_expire . 'M'));
+var_dump($expire);
+
+?>

php/php-dog/wantNewPw.php

@@ -22,18 +22,20 @@ require __DIR__.'/classes/lib.php';
 
 $db_connection = new Database();
 $conn = $db_connection->dbConnection();
-
-
 function updatePwtoken($email, $pwtoken)
 {
     global $conn;
-
+    $now = new DateTime();
-    $sql = "UPDATE dogs SET pwtoken=? WHERE email=?";
+    $sql = "UPDATE dogs SET pwtoken=?, pwt_time=? WHERE email=?";
-    $conn->prepare($sql)->execute([$pwtoken, $email]);
+    $conn->prepare($sql)->execute([$pwtoken, $now->format('Y-m-d H:i:s'), $email]);
 }
 
 function sendMail($email, $pwtoken)
 {
+    global $G_pwtoken_time_expire;
+    $expires = new DateTime();
+    $expires->add(new DateInterval('PT' . $G_pwtoken_time_expire . 'M'));
+    $expiresStr = $expires->format('d.m.Y H:i:s');
     $mail = new CNetcupMailer();
     $mail->CharSet = "UTF-8";
     
@@ -45,7 +47,10 @@ function sendMail($email, $pwtoken)
 
     //Content
     $mail->Subject = 'Passwort zurücksetzen!';
-    $mail->Body    = '<h3>Neues Passwort setzen</h3><a href="https://hope-fly.de/dog/pwreset/'.$pwtoken.'" >Setzen</a>';
+    $mail->Body    = 
+"<h3>Neues Passwort setzen</h3>
+<p>Gültig bis $expiresStr</p>
+<a href='https://hope-fly.de/dog/pwreset/$pwtoken'>Setzen</a>";
 
     return $mail->send();
 }

src/components/PasswordReset.tsx

@@ -15,7 +15,7 @@ export default function PasswordReset()
         password2:''
     });
 
-    const { data, error, isLoading } = useSWR({'ptoken': passwordToken}, getPwToken);
+    const { data, error, isLoading } = useSWR({'pwtoken': passwordToken}, getPwToken);
     // data ist dogdata, logindata holt sich getProfilData.php aus $_SESSION
         if (error) return (<div>failed to load</div>);
         if (isLoading) return (<div>loading...</div>);
@@ -27,6 +27,16 @@ export default function PasswordReset()
         })
     }
 
+    if(!data.success)
+    {
+        return(
+        <div >
+            <Toaster toastOptions={{ position: "top-center" }} />
+            <h2>Email nicht mehr gültig!</h2>
+        </div>
+        )
+    }
+
     const submitForm = async (e: React.FormEvent<HTMLFormElement>) => 
     {
         e.preventDefault();
@@ -53,17 +63,17 @@ export default function PasswordReset()
             sendData.append(key, values[index]);
         }
 
-        sendData.append('passwordToken', passwordToken!);
+        sendData.append('id', data.data.id);
  
-        const data = await passwordReset(sendData);
+        const dataRes = await passwordReset(sendData);
-        if(data.success)
+        if(dataRes.success)
         {
             toast.success('Erfolgreich Passwort geändert!');
             e.currentTarget.reset();
         }
-        else if(!data.success && data.message)
+        else if(!dataRes.success && dataRes.message)
         {
-            toast.error(data.message);
+            toast.error(dataRes.message);
         }
     }