hope/dog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Passwort reset

Browse Source
This commit is contained in:
Peter Hoppe
2023-02-09 11:11:53 +01:00
parent 0c5cfcbd19
commit 2a02c79370
5 changed files with 186 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
php/php-dog/classes/lib.php
View File

@ -119,6 +119,34 @@ function getNewFilename($targetDir, $fileExt, $length)
return $newFname .".".$fileExt; return $newFname .".".$fileExt;
} }
function getNewPwtoken($length, $conn)
{
$newToken = random_str($length);
$maxtries = 100000; // prevent endless loop, most unlikely
$tries = 0;
do
{
$stmt = $conn->prepare("SELECT id FROM `dogs` WHERE `pwtoken`=?");
$stmt->execute([$newToken]);
if ($stmt->rowCount() == 0)
{
break;
}
$newToken = random_str($length);
echo ('newToken ' . $newToken);
++$tries;
} while ($tries <= $maxtries);
if($tries >= $maxtries)
{
$newToken = "";
}
return $newToken;
}
function getDogByQrId($qr_id, $conn, $fields = null) function getDogByQrId($qr_id, $conn, $fields = null)
{ {
if(strcmp($qr_id, 'SESS') === 0) if(strcmp($qr_id, 'SESS') === 0)

2
php/php-dog/foundEmail.php
View File

@ -114,7 +114,7 @@ try {
} }
else else
{ {
$result = new CMsg(1, 500, "Sorry, there was an error sending your email."); $result = new CMsg(0, 500, "Sorry, there was an error sending your email.");
} }
echo $result->jsonarray(); echo $result->jsonarray();
} }

141
php/php-dog/wantNewPw.php Normal file
View File

@ -0,0 +1,141 @@
<?php
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\SMTP;
use PHPMailer\PHPMailer\Exception;
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Headers: access");
header("Access-Control-Allow-Methods: POST");
header("Content-Type: application/json; charset=UTF-8");
header("Access-Control-Allow-Headers: Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With");
session_start();
//Load Composer's autoloader
require __DIR__.'/../../vendor/autoload.php';
require __DIR__.'/classes/CNetcupMailer.php';
require __DIR__.'/classes/Database.php';
require __DIR__.'/classes/lib.php';
$db_connection = new Database();
$conn = $db_connection->dbConnection();
function updatePwtoken($email, $pwtoken)
{
global $conn;
$sql = "UPDATE dogs SET pwtoken=? WHERE email=?";
$conn->prepare($sql)->execute([$pwtoken, $email]);
}
function sendMail($email, $pwtoken)
{
$mail = new CNetcupMailer();
$mail->CharSet = "UTF-8";
$mail->setFrom('dog@hope-fly.de', 'Administrator');
$mail->addAddress($email); //Add a recipient
$mail->addReplyTo('No Reply');
$mail->isHTML(true);
//Attachments
//Content
$mail->Subject = 'Passwort zurücksetzen!';
$mail->Body = '<h3>Neues Passwort setzen</h3><a href="https://hope-fly.de/dog/pwreset/'.$pwtoken.'" >Setzen</a>';
return $mail->send();
}
$data = json_decode(file_get_contents("php://input"));
// $data = json_decode(
// '{
// "email": "a@q.q"
// }'
// );
$returnData = new CMsg(0);
//IF REQUEST METHOD IS NOT EQUAL TO POST
if($_SERVER["REQUEST_METHOD"] != "POST")
{
$returnData = new CMsg(0,404,'Page Not Found! REQUEST_METHOD');
echo $returnData->jsonarray();
return;
}
$fields = ['fields' => ['email']];
// CHECKING EMPTY FIELDS
if(
!isset($data->email)
|| empty(trim($data->email))
)
{
$returnData = new CMsg(0,422,'Please Fill in all Required Fields!',$fields);
echo $returnData->jsonarray();
return;
}
// IF THERE ARE NO EMPTY FIELDS THEN-
$email = trim($data->email);
if (!filter_var($email, FILTER_VALIDATE_EMAIL))
{
$returnData = new CMsg(0, 422, 'Invalid Email Address!');
echo $returnData->jsonarray();
return;
}
try
{
$stmt = $conn->prepare("SELECT * FROM `dogs` WHERE `email`=?");
$stmt->execute([$email]);
// IF THE USER IS FOUND BY EMAIL
if($stmt->rowCount())
{
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$pwtoken = getNewPwtoken(20, $conn);
if (strlen($pwtoken) == 0)
{
$returnData = new CMsg(
0,
507,
'Too many Passwordrequests on the server, try it again later'
);
echo $returnData->jsonarray();
return;
}
updatePwtoken($email, $pwtoken);
if(sendMail($email, $pwtoken))
{
$returnData = new CMsg(
1,
200,
'Successful Passwordrequest, Email is send! pwtoken: ' . $pwtoken,
null,
$row
);
}
else
{
$returnData = new CMsg(0, 500, "Sorry, there was an error sending your email.");
}
// IF THE USER IS NOT FOUND BY EMAIL THEN SHOW THE FOLLOWING ERROR
}
else
{
$returnData = new CMsg(0,422,'Invalid Email Address! No Email found!');
}
}
catch(PDOException $e)
{
$returnData = new CMsg(0,500,$e->getMessage());
}
echo $returnData->jsonarray();
?>

26
src/components/WantNewPw.tsx
View File

@ -1,30 +1,34 @@
import React, { useState } from 'react' import React, { useState } from 'react'
import toast, { Toaster } from 'react-hot-toast'; import toast, { Toaster } from 'react-hot-toast';
import './ImportForm.css'; import {wantNewPw} from '../services/PhpApi'
import './InputForm.css';
function WantNewPw() function WantNewPw()
{ {
const [email, setEmail] = useState(''); const [email, setEmail] = useState('');
const onChangeInput = (e: React.FormEvent<HTMLInputElement> ) => { const onChangeInput = (e: React.FormEvent<HTMLInputElement> ) =>
{
// console.log(e.currentTarget.value);
setEmail(e.currentTarget.value); setEmail(e.currentTarget.value);
} }
const submitForm = async (e: React.FormEvent<HTMLFormElement>) => const submitForm = async (e: React.FormEvent<HTMLFormElement>) =>
{ {
e.preventDefault(); e.preventDefault();
// console.log(email);
if(e.currentTarget.value.trim() !== '') // console.log((e.currentTarget.elements[0] as HTMLInputElement).value);
{ // if((e.currentTarget.elements[0] as HTMLInputElement).value.trim() === '')
toast.error('Bitte Feld ausfüllen!'); // {
return; // toast.error('Bitte Feld ausfüllen!');
} // return;
// }
const data = await wantNewPw(email); const data = await wantNewPw({email: email});
if(data.success) if(data.success)
{ {
toast.success('Erfolgreich Passwort geändert!'); toast.success('Passwort angefordert! Bitte Postfach ' + email + ' checken!');
e.currentTarget.reset(); //e.currentTarget.reset();
} }
else if(!data.success && data.message) else if(!data.success && data.message)
{ {

2
src/services/PhpApi.ts
View File

@ -267,7 +267,7 @@ export const wantNewPw = async ({email}:{email: string}) =>
} }
catch(err) catch(err)
{ {
return {success:0, message:'Password Reset Server Error!'}; return {success:0, message:'Password Request Server Error!'};
} }
} }