fixed reset password, changed user table (email unique & username unique), session_id in table (unused)
This commit is contained in:
parent
209a86b080
commit
87a59c5e91
@ -87,8 +87,8 @@ class api_login {
|
||||
* @param string $username Username
|
||||
* @return JSON Returns JSON result with success/failure status
|
||||
*/
|
||||
public static function call_account_action_reset_password(){
|
||||
return \SYSTEM\SECURITY\security::reset_password();}
|
||||
public static function call_account_action_reset_password($username){
|
||||
return \SYSTEM\SECURITY\security::reset_password($username);}
|
||||
|
||||
/**
|
||||
* System Account Change Password
|
||||
|
||||
@ -303,7 +303,7 @@ class saimod_sys_security extends \SYSTEM\SAI\SaiModule {
|
||||
public static function sai_mod__SYSTEM_SAI_saimod_sys_security_action_changepassword($user,$new_password_sha1){
|
||||
if(!\SYSTEM\SECURITY\security::check(\SYSTEM\SECURITY\RIGHTS::SYS_SAI_SECURITY_RIGHTS_EDIT)){
|
||||
return \SYSTEM\LOG\JsonResult::fail();}
|
||||
$row = \SYSTEM\SQL\SYS_SECURITY_USER_INFO::Q1(array($user));
|
||||
$row = \SYSTEM\SQL\SYS_SECURITY_USER_INFO::Q1(array($user,$user));
|
||||
if(!$row){
|
||||
throw new \SYSTEM\LOG\ERROR("No such User.");}
|
||||
return \SYSTEM\SQL\SYS_SECURITY_UPDATE_PW::QI(array($new_password_sha1, $row['id'])) ? \SYSTEM\LOG\JsonResult::ok() : \SYSTEM\LOG\JsonResult::fail();
|
||||
@ -322,7 +322,7 @@ class saimod_sys_security extends \SYSTEM\SAI\SaiModule {
|
||||
public static function sai_mod__SYSTEM_SAI_saimod_sys_security_action_changeemail($user,$new_email){
|
||||
if(!\SYSTEM\SECURITY\security::check(\SYSTEM\SECURITY\RIGHTS::SYS_SAI_SECURITY_RIGHTS_EDIT)){
|
||||
return \SYSTEM\LOG\JsonResult::fail();}
|
||||
$row = \SYSTEM\SQL\SYS_SECURITY_USER_INFO::Q1(array($user));
|
||||
$row = \SYSTEM\SQL\SYS_SECURITY_USER_INFO::Q1(array($user,$user));
|
||||
if(!$row){
|
||||
throw new \SYSTEM\LOG\ERROR("No such User.");}
|
||||
return \SYSTEM\SQL\SYS_SECURITY_CHANGE_EMAIL::QI(array($new_email,$row['id'])) ? \SYSTEM\LOG\JsonResult::ok() : \SYSTEM\LOG\JsonResult::fail();
|
||||
|
||||
@ -1,46 +0,0 @@
|
||||
<?php
|
||||
/**
|
||||
* System - PHP Framework
|
||||
*
|
||||
* PHP Version 5.6
|
||||
*
|
||||
* @copyright 2016 Ulf Gebhardt (http://www.webcraft-media.de)
|
||||
* @license http://www.opensource.org/licenses/mit-license.php MIT
|
||||
* @link https://github.com/webcraftmedia/system
|
||||
* @package SYSTEM\SQL
|
||||
*/
|
||||
namespace SYSTEM\SQL;
|
||||
|
||||
/**
|
||||
* QQ to check for emails creadentials (login)
|
||||
*/
|
||||
class SYS_SECURITY_LOGIN_USER_EMAIL_SHA1 extends \SYSTEM\DB\QP {
|
||||
/**
|
||||
* Get Classname of the QQ
|
||||
*
|
||||
* @return string Returns classname
|
||||
*/
|
||||
public static function get_class(){return \get_class();}
|
||||
|
||||
/**
|
||||
* Get QQs PostgreSQL Query String
|
||||
*
|
||||
* @return string Returns PostgreSQL Query String
|
||||
*/
|
||||
public static function pgsql(){return
|
||||
'SELECT * FROM '.\SYSTEM\SQL\system_user::NAME_PG.
|
||||
' WHERE (UPPER('.\SYSTEM\SQL\system_user::FIELD_USERNAME.') LIKE UPPER($1) OR UPPER('.\SYSTEM\SQL\system_user::FIELD_EMAIL.') LIKE UPPER($2))'.
|
||||
' AND '.\SYSTEM\SQL\system_user::FIELD_PASSWORD_SHA.' = $3;';
|
||||
}
|
||||
|
||||
/**
|
||||
* Get QQs MYSQL Query String
|
||||
*
|
||||
* @return string Returns MYSQL Query String
|
||||
*/
|
||||
public static function mysql(){return
|
||||
'SELECT * FROM '.\SYSTEM\SQL\system_user::NAME_MYS.
|
||||
' WHERE (UPPER('.\SYSTEM\SQL\system_user::FIELD_USERNAME.') LIKE UPPER(?) OR UPPER('.\SYSTEM\SQL\system_user::FIELD_EMAIL.') LIKE UPPER(?))'.
|
||||
' AND '.\SYSTEM\SQL\system_user::FIELD_PASSWORD_SHA.' = ?;';
|
||||
}
|
||||
}
|
||||
@ -12,7 +12,7 @@
|
||||
namespace SYSTEM\SQL;
|
||||
|
||||
/**
|
||||
* QQ to check for usernames credentials (login)
|
||||
* QQ to check for emails creadentials (login)
|
||||
*/
|
||||
class SYS_SECURITY_LOGIN_USER_SHA1 extends \SYSTEM\DB\QP {
|
||||
/**
|
||||
@ -29,7 +29,7 @@ class SYS_SECURITY_LOGIN_USER_SHA1 extends \SYSTEM\DB\QP {
|
||||
*/
|
||||
public static function pgsql(){return
|
||||
'SELECT * FROM '.\SYSTEM\SQL\system_user::NAME_PG.
|
||||
' WHERE (UPPER('.\SYSTEM\SQL\system_user::FIELD_USERNAME.') LIKE UPPER($1)'.
|
||||
' WHERE (UPPER('.\SYSTEM\SQL\system_user::FIELD_USERNAME.') LIKE UPPER($1) OR UPPER('.\SYSTEM\SQL\system_user::FIELD_EMAIL.') LIKE UPPER($2))'.
|
||||
' AND '.\SYSTEM\SQL\system_user::FIELD_PASSWORD_SHA.' = $3;';
|
||||
}
|
||||
|
||||
@ -40,7 +40,7 @@ class SYS_SECURITY_LOGIN_USER_SHA1 extends \SYSTEM\DB\QP {
|
||||
*/
|
||||
public static function mysql(){return
|
||||
'SELECT * FROM '.\SYSTEM\SQL\system_user::NAME_MYS.
|
||||
' WHERE UPPER('.\SYSTEM\SQL\system_user::FIELD_USERNAME.') LIKE UPPER(?)'.
|
||||
' WHERE (UPPER('.\SYSTEM\SQL\system_user::FIELD_USERNAME.') LIKE UPPER(?) OR UPPER('.\SYSTEM\SQL\system_user::FIELD_EMAIL.') LIKE UPPER(?))'.
|
||||
' AND '.\SYSTEM\SQL\system_user::FIELD_PASSWORD_SHA.' = ?;';
|
||||
}
|
||||
}
|
||||
@ -29,7 +29,7 @@ class SYS_SECURITY_USER_INFO extends \SYSTEM\DB\QP {
|
||||
*/
|
||||
public static function pgsql(){return
|
||||
'SELECT id,username,email,joindate,locale,last_active,email_confirmed FROM '.\SYSTEM\SQL\system_user::NAME_PG.
|
||||
' WHERE UPPER('.\SYSTEM\SQL\system_user::FIELD_USERNAME.') like UPPER($1);';
|
||||
' WHERE UPPER('.\SYSTEM\SQL\system_user::FIELD_USERNAME.') = UPPER($1) OR UPPER('.\SYSTEM\SQL\system_user::FIELD_EMAIL.') = UPPER($2);';
|
||||
}
|
||||
|
||||
/**
|
||||
@ -39,6 +39,6 @@ class SYS_SECURITY_USER_INFO extends \SYSTEM\DB\QP {
|
||||
*/
|
||||
public static function mysql(){return
|
||||
'SELECT id,username,email,joindate,locale,last_active,email_confirmed FROM '.\SYSTEM\SQL\system_user::NAME_MYS.
|
||||
' WHERE UPPER('.\SYSTEM\SQL\system_user::FIELD_USERNAME.') like UPPER(?);';
|
||||
' WHERE UPPER('.\SYSTEM\SQL\system_user::FIELD_USERNAME.') = UPPER(?) OR UPPER('.\SYSTEM\SQL\system_user::FIELD_EMAIL.') = UPPER(?);';
|
||||
}
|
||||
}
|
||||
@ -50,7 +50,7 @@ class security {
|
||||
$_SESSION[\SYSTEM\CONFIG\config::get(\SYSTEM\CONFIG\config_ids::SYS_CONFIG_PATH_BASEURL)] = NULL;
|
||||
|
||||
//Database check
|
||||
$row = \SYSTEM\SQL\SYS_SECURITY_LOGIN_USER_EMAIL_SHA1::Q1(array($username, $username, $password_sha1));
|
||||
$row = \SYSTEM\SQL\SYS_SECURITY_LOGIN_USER_SHA1::Q1(array($username, $username, $password_sha1));
|
||||
if(!$row){
|
||||
throw new \SYSTEM\LOG\WARNING("Login Failed, User was not found in db");}
|
||||
|
||||
@ -126,7 +126,8 @@ class security {
|
||||
public static function change_password($old_password_sha1,$new_password_sha1){
|
||||
if(!\SYSTEM\SECURITY\security::isLoggedIn()){
|
||||
throw new \SYSTEM\LOG\ERROR("You need to be logged in to change your Password!");}
|
||||
$row = \SYSTEM\SQL\SYS_SECURITY_LOGIN_USER_SHA1::Q1(array(\SYSTEM\SECURITY\security::getUser()->username, $old_password_sha1));
|
||||
$username = \SYSTEM\SECURITY\security::getUser()->username;
|
||||
$row = \SYSTEM\SQL\SYS_SECURITY_LOGIN_USER_SHA1::Q1(array($username, $username, $old_password_sha1));
|
||||
if(!$row){
|
||||
throw new \SYSTEM\LOG\ERROR("No such User Password combination.");}
|
||||
return \SYSTEM\SQL\SYS_SECURITY_UPDATE_PW::QI(array($new_password_sha1, $row['id'])) ? \SYSTEM\LOG\JsonResult::ok() : \SYSTEM\LOG\JsonResult::fail();
|
||||
@ -151,11 +152,16 @@ class security {
|
||||
*/
|
||||
public static function change_email($new_email,$post_script=null,$post_script_data=null) {
|
||||
if(!\SYSTEM\SECURITY\security::isLoggedIn()){
|
||||
throw new \SYSTEM\LOG\ERROR("You need to be logged in to change your EMail!");}
|
||||
throw new \SYSTEM\LOG\ERROR('You need to be logged in to change your EMail!');}
|
||||
$res = \SYSTEM\SQL\SYS_SECURITY_AVAILABLE_EMAIL::Q1(array($new_email,$new_email));
|
||||
if(!$res || $res['count'] != 0){
|
||||
throw new \SYSTEM\LOG\ERROR('The EMail '.$new_email.' is already registered!');}
|
||||
//find all userdata
|
||||
$vars = \SYSTEM\SQL\SYS_SECURITY_USER_INFO::Q1(array(\SYSTEM\SECURITY\security::getUser()->username));
|
||||
$username = \SYSTEM\SECURITY\security::getUser()->username;
|
||||
$vars = \SYSTEM\SQL\SYS_SECURITY_USER_INFO::Q1(array($username,$username));
|
||||
if(!$vars || $vars['email_confirmed'] !== 1){
|
||||
throw new \SYSTEM\LOG\ERROR("Username not found or Email unconfirmed.");}
|
||||
throw new \SYSTEM\LOG\ERROR('Username not found or Email unconfirmed.');}
|
||||
|
||||
$old_email = $vars['email'];
|
||||
$data = array('user' => $vars['id'],'email' => $new_email);
|
||||
if($post_script){
|
||||
@ -191,12 +197,10 @@ class security {
|
||||
* @return bool Returns true or false
|
||||
*/
|
||||
public static function reset_password($username,$post_script=null,$post_script_data=null) {
|
||||
if(!\SYSTEM\SECURITY\security::isLoggedIn()){
|
||||
throw new \SYSTEM\LOG\ERROR("You need to be logged in to reset your Password!");}
|
||||
//find all userdata
|
||||
$vars = \SYSTEM\SQL\SYS_SECURITY_USER_INFO::Q1(array($username));
|
||||
$vars = \SYSTEM\SQL\SYS_SECURITY_USER_INFO::Q1(array($username,$username));
|
||||
if(!$vars){
|
||||
throw new \SYSTEM\LOG\ERROR("Username not found.");}
|
||||
throw new \SYSTEM\LOG\ERROR("Username or EMail could not be found.");}
|
||||
|
||||
//generate pw & token
|
||||
$vars['pw'] = substr(sha1(time().rand(0, 4000)), 1,10);
|
||||
@ -250,7 +254,7 @@ class security {
|
||||
*/
|
||||
public static function confirm_email_admin($user, $post_script=null,$post_script_data=null) {
|
||||
//find all userdata
|
||||
$vars = \SYSTEM\SQL\SYS_SECURITY_USER_INFO::Q1(array($user));
|
||||
$vars = \SYSTEM\SQL\SYS_SECURITY_USER_INFO::Q1(array($user,$user));
|
||||
if(!$vars || $vars['email_confirmed'] == 1){
|
||||
throw new \SYSTEM\LOG\ERROR("Username not found or already confirmed.");}
|
||||
|
||||
|
||||
@ -1,8 +1,7 @@
|
||||
REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (10, 0, 0, -1, NULL, 'call', NULL);
|
||||
REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (11, 0, 0, 10, NULL, 'action', NULL);
|
||||
|
||||
-- REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (12, 0, 2, 11, 'reset_password', 'username', 'STRING');
|
||||
DELETE FROM `system_api` WHERE `ID` = 12 AND `group` = 0;
|
||||
REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (12, 0, 2, 11, 'reset_password', 'username', 'STRING');
|
||||
-- REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (13, 0, 2, 11, 'change_password', 'username', 'STRING');
|
||||
DELETE FROM `system_api` WHERE `ID` = 13 AND `group` = 0;
|
||||
REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (14, 0, 2, 11, 'change_password', 'old_password_sha1', 'STRING');
|
||||
|
||||
@ -9,8 +9,7 @@ REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `na
|
||||
-- system_api
|
||||
REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (10, 42, 0, -1, NULL, 'call', NULL);
|
||||
REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (11, 42, 0, 10, NULL, 'action', NULL);
|
||||
-- REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (12, 42, 2, 11, 'reset_password', 'username', 'STRING');
|
||||
DELETE FROM `system_api` WHERE `ID` = 12 AND `group` = 42;
|
||||
REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (12, 42, 2, 11, 'reset_password', 'username', 'STRING');
|
||||
-- REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (13, 42, 2, 11, 'change_password', 'username', 'STRING');
|
||||
DELETE FROM `system_api` WHERE `ID` = 13 AND `group` = 42;
|
||||
REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (14, 42, 2, 11, 'change_password', 'old_password_sha1', 'STRING');
|
||||
|
||||
@ -6,8 +6,11 @@ CREATE TABLE `system_user` (
|
||||
`joindate` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
|
||||
`locale` CHAR(6) NOT NULL DEFAULT 'enUS',
|
||||
`last_active` TIMESTAMP NOT NULL DEFAULT '0000-00-00 00:00:00',
|
||||
`session_id` VARCHAR(40) NULL DEFAULT NULL,
|
||||
`email_confirmed` INT(11) NULL DEFAULT NULL,
|
||||
PRIMARY KEY (`id`)
|
||||
PRIMARY KEY (`id`),
|
||||
UNIQUE INDEX `email` (`email`),
|
||||
UNIQUE INDEX `username` (`username`)
|
||||
)
|
||||
COLLATE='utf8_general_ci'
|
||||
ENGINE=InnoDB
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user