webcraftmedia/system
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

#125 confirm email, reset password, change email, rename account, delete account,change password

Browse Source
This commit is contained in:
Ulf Gebhardt 2016-06-06 04:24:00 +02:00
parent 3d87e004ee
commit dca8e12f57
19 changed files with 169 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
api/api_login.php
View File

@ -15,7 +15,7 @@ class api_login {
public static function call_account_action_confirm_email($username){
return \SYSTEM\SECURITY\security::confirm_email($username);}
public static function call_account_action_confirm($token){
return \SYSTEM\SECURITY\security::confirm($token);}
return \SYSTEM\SECURITY\security::confirm($token,true);}
public static function call_account_action_reset_password($username){
return \SYSTEM\SECURITY\security::reset_password($username);}

1
api/verify.php
View File

@ -16,5 +16,6 @@ class verify {
public static function ARY ($param) {return \is_array($param);}
public static function LANG ($param) {return \SYSTEM\locale::isLang($param);}
public static function RESULT ($param) {return ($param == 'json' || $param == 'msgpack');}
public static function EMAIL ($param) {return filter_var($param, FILTER_VALIDATE_EMAIL);}
};

1
autoload.inc
View File

@ -21,4 +21,5 @@ require_once dirname(__FILE__).'/files/autoload.inc';
require_once dirname(__FILE__).'/cron/autoload.inc';
require_once dirname(__FILE__).'/sai/autoload.inc';
require_once dirname(__FILE__).'/html/autoload.inc';
require_once dirname(__FILE__).'/token/autoload.inc';
require_once dirname(__FILE__).'/lib/autoload.inc';

15
sai/modules/saimod_sys_security/js/saimod_sys_security.js
View File

@ -45,8 +45,9 @@ function init_saimod_sys_security_user() {
});
});
$('#btn_confirm_email').click(function(){
$.get( './sai.php?call=account&action=requestconfirm&username='+$(this).attr('user'),function(data){
if(data==1){
system.account_confirm_email($(this).attr('user'),
function(data){
if(data.status){
alert('Email sent');
} else {
alert('fail');
@ -68,8 +69,9 @@ function init_saimod_sys_security_user() {
}
});
$('#btn_reset_password').click(function(){
$.get( './sai.php?call=account&action=resetpassword&account='+$(this).attr('user'),function(data){
if(data==1){
system.account_reset_password($(this).attr('user'),
function(data){
if(data.status){
alert('Email sent');
} else {
alert('fail');
@ -77,8 +79,9 @@ function init_saimod_sys_security_user() {
});
});
$('#btn_change_email').click(function(){
$.get( './sai.php?call=account&action=changeemail&username='+$(this).attr('user')+'&new_email=',function(data){
if(data==1){
system.account_change_email($(this).attr('user'),$('#input_new_email').val(),
function(data){
if(data.status){
alert('Email sent');
} else {
alert('fail');

13
security/qq/SYS_SECURITY_USER_INFO.php Normal file
View File

@ -0,0 +1,13 @@
<?php
namespace SYSTEM\SQL;
class SYS_SECURITY_USER_INFO extends \SYSTEM\DB\QP {
public static function get_class(){return \get_class();}
public static function pgsql(){return
'SELECT id,username,email,joindate,locale,last_active,email_confirmed FROM '.\SYSTEM\SQL\system_user::NAME_PG.
' WHERE UPPER('.\SYSTEM\SQL\system_user::FIELD_USERNAME.') like UPPER($1);';
}
public static function mysql(){return
'SELECT id,username,email,joindate,locale,last_active,email_confirmed FROM '.\SYSTEM\SQL\system_user::NAME_MYS.
' WHERE UPPER('.\SYSTEM\SQL\system_user::FIELD_USERNAME.') like UPPER(?);';
}
}

59
security/security.php
View File

@ -79,31 +79,70 @@ class security {
return $result ? \SYSTEM\LOG\JsonResult::ok() : \SYSTEM\LOG\JsonResult::fail();
}
public static function change_email($username, $new_email) {
$vars = array();
if(!self::isLoggedIn() || (self::getUser()->username !== $username && self::check(\SYSTEM\SECURITY\RIGHTS::SYS_SAI_SECURITY_RIGHTS_EDIT))){
throw new \SYSTEM\LOG\ERROR("You need to be logged in to trigger this function on your account.");}
//find all userdata
//generate token
$vars['token'] = \SYSTEM\TOKEN\token::request('\SYSTEM\TOKEN\token_change_email', $new_email);
$vars = \SYSTEM\SQL\SYS_SECURITY_USER_INFO::Q1(array($username));
if(!$vars || $vars['email_confirmed'] !== 1){
throw new \SYSTEM\LOG\ERROR("Username not found or Email unconfirmed.");}
//generate pw & token
$vars['email'] = $new_email;
$vars['token'] = \SYSTEM\TOKEN\token::request('\SYSTEM\TOKEN\token_change_email',array('user' => $vars['id'],'email' => $vars['email']));
$vars['base_url'] = \SYSTEM\CONFIG\config::get(\SYSTEM\CONFIG\config_ids::SYS_CONFIG_PATH_BASEURL);
$vars['newline'] = "\r\n";
//mail
$to = $vars['email'];
$subject= \SYSTEM\PAGE\replace::replace(\SYSTEM\PAGE\text::get('mail_change_email_subject'), $vars);
$message= \SYSTEM\PAGE\replace::replace(\SYSTEM\PAGE\text::get('mail_change_email'), $vars);
$header = 'From: '. \SYSTEM\PAGE\text::get('mail_change_email_from')."\r\n" .
'Reply-To: '.\SYSTEM\PAGE\text::get('mail_change_email_replyto');
return \mail($to, $subject, $message, $header) ? \SYSTEM\LOG\JsonResult::ok() : \SYSTEM\LOG\JsonResult::fail();
}
public static function reset_password($username) {
$vars = array();
//find all userdata
//generate token
$vars['token'] = \SYSTEM\TOKEN\token::request('\SYSTEM\TOKEN\token_reset_password', $new_pw_generated);
$vars = \SYSTEM\SQL\SYS_SECURITY_USER_INFO::Q1(array($username));
if(!$vars){
throw new \SYSTEM\LOG\ERROR("Username not found.");}
//generate pw & token
$vars['pw'] = substr(sha1(time().rand(0, 4000)), 1,10);
$vars['token'] = \SYSTEM\TOKEN\token::request('\SYSTEM\TOKEN\token_reset_password',array('user' => $vars['id'],'pw_sha1' => sha1($vars['pw'])));
$vars['base_url'] = \SYSTEM\CONFIG\config::get(\SYSTEM\CONFIG\config_ids::SYS_CONFIG_PATH_BASEURL);
$vars['newline'] = "\r\n";
//mail
$to = $vars['email'];
$subject= \SYSTEM\PAGE\replace::replace(\SYSTEM\PAGE\text::get('mail_reset_password_subject'), $vars);
$message= \SYSTEM\PAGE\replace::replace(\SYSTEM\PAGE\text::get('mail_reset_password'), $vars);
$header = 'From: '. \SYSTEM\PAGE\text::get('mail_reset_password_from')."\r\n" .
'Reply-To: '.\SYSTEM\PAGE\text::get('mail_reset_password_replyto');
return \mail($to, $subject, $message, $header) ? \SYSTEM\LOG\JsonResult::ok() : \SYSTEM\LOG\JsonResult::fail();
}
public static function confirm_email($username) {
$vars = array();
if(!self::isLoggedIn() || (self::getUser()->username !== $username && self::check(\SYSTEM\SECURITY\RIGHTS::SYS_SAI_SECURITY_RIGHTS_EDIT))){
throw new \SYSTEM\LOG\ERROR("You need to be logged in to trigger this function on your account.");}
//find all userdata
$vars = \SYSTEM\SQL\SYS_SECURITY_USER_INFO::Q1(array($username));
if(!$vars || $vars['email_confirmed'] == 1){
throw new \SYSTEM\LOG\ERROR("Username not found or already confirmed.");}
//generate token
$vars['token'] = \SYSTEM\TOKEN\token::request('\SYSTEM\TOKEN\token_confirm_email');
$vars['token'] = \SYSTEM\TOKEN\token::request('\SYSTEM\TOKEN\token_confirm_email',array('user' => $vars['id']));
$vars['base_url'] = \SYSTEM\CONFIG\config::get(\SYSTEM\CONFIG\config_ids::SYS_CONFIG_PATH_BASEURL);
$vars['newline'] = "\r\n";
//mail
$to = $vars['email'];
$subject= \SYSTEM\PAGE\replace::replace(\SYSTEM\PAGE\text::get('mail_confirm_email_subject'), $vars);
$message= \SYSTEM\PAGE\replace::replace(\SYSTEM\PAGE\text::get('mail_confirm_email'), $vars);
$header = 'From: '. \SYSTEM\PAGE\text::get('mail_confirm_email_from')."\r\n" .
'Reply-To: '.\SYSTEM\PAGE\text::get('mail_confirm_email_replyto');
return \mail($to, $subject, $message, $header) ? \SYSTEM\LOG\JsonResult::ok() : \SYSTEM\LOG\JsonResult::fail();
}
public static function confirm($token,$json_result = false) {
return \SYSTEM\TOKEN\token::confirm($token) ?

5
sql/qt/mysql/data/system_api.sql
View File

@ -1,9 +1,14 @@
REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (10, 0, 0, -1, NULL, 'call', NULL);
REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (11, 0, 0, 10, NULL, 'action', NULL);
REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (12, 0, 2, 11, 'reset_password', 'username', 'STRING');
REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (13, 0, 2, 11, 'change_password', 'username', 'STRING');
REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (14, 0, 2, 11, 'change_password', 'old_password_sha1', 'STRING');
REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (15, 0, 3, 11, 'change_password', 'new_password_sha1', 'STRING');
REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (16, 0, 2, 11, 'confirm_email', 'username', 'STRING');
REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (17, 0, 2, 11, 'confirm', 'token', 'STRING');
REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (18, 0, 2, 11, 'change_email', 'username', 'STRING');
REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (19, 0, 2, 11, 'change_email', 'new_email', 'EMAIL');
REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (20, 0, 2, 11, 'login', 'username', 'STRING');
REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (21, 0, 2, 11, 'login', 'password_sha1', 'STRING');

5
sql/qt/mysql/data/system_sai_api.sql
View File

@ -9,9 +9,14 @@ REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `na
-- system_api
REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (10, 42, 0, -1, NULL, 'call', NULL);
REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (11, 42, 0, 10, NULL, 'action', NULL);
REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (12, 42, 2, 11, 'reset_password', 'username', 'STRING');
REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (13, 42, 2, 11, 'change_password', 'username', 'STRING');
REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (14, 42, 2, 11, 'change_password', 'old_password_sha1', 'STRING');
REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (15, 42, 3, 11, 'change_password', 'new_password_sha1', 'STRING');
REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (16, 42, 2, 11, 'confirm_email', 'username', 'STRING');
REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (17, 42, 2, 11, 'confirm', 'token', 'STRING');
REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (18, 42, 2, 11, 'change_email', 'username', 'STRING');
REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (19, 42, 2, 11, 'change_email', 'new_email', 'EMAIL');
REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (20, 42, 2, 11, 'login', 'username', 'STRING');
REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (21, 42, 2, 11, 'login', 'password_sha1', 'STRING');
REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (22, 42, 3, 11, 'login', 'locale', 'LANG');

30
sql/qt/mysql/data/system_text.sql
View File

@ -1483,4 +1483,32 @@
INSERT INTO `system_text_tag` (`id`, `tag`) VALUES ('time_ago_year', 'sai_log');
INSERT INTO `system_text_tag` (`id`, `tag`) VALUES ('time_ago_year', 'sai_security');
INSERT INTO `system_text_tag` (`id`, `tag`) VALUES ('time_ago_year', 'sai_todo');
INSERT INTO `system_text_tag` (`id`, `tag`) VALUES ('time_ago_year', 'time');
INSERT INTO `system_text_tag` (`id`, `tag`) VALUES ('time_ago_year', 'time');
-- mail
REPLACE INTO `system_text` (`id`, `lang`, `text`, `author`, `author_edit`, `time_create`, `time_edit`) VALUES ('mail_change_email', 'enUS', 'Hello ${username}${newline}${newline}follow this link to change your Accounts Email-Address to ${email}${newline}${base_url}api.php?call=account&action=confirm&token=${token}${newline}${newline}Sincerely your Admin Team', 10, 10, '2016-06-06 03:32:41', '2016-06-06 03:17:53');
REPLACE INTO `system_text` (`id`, `lang`, `text`, `author`, `author_edit`, `time_create`, `time_edit`) VALUES ('mail_change_email_from', 'enUS', 'admin@mojotrollz.eu', 10, 10, '2016-06-06 03:19:53', '2016-06-06 03:19:53');
REPLACE INTO `system_text` (`id`, `lang`, `text`, `author`, `author_edit`, `time_create`, `time_edit`) VALUES ('mail_change_email_replyto', 'enUS', 'admin@mojotrollz.eu', 10, 10, '2016-06-06 03:20:15', '2016-06-06 03:20:15');
REPLACE INTO `system_text` (`id`, `lang`, `text`, `author`, `author_edit`, `time_create`, `time_edit`) VALUES ('mail_change_email_subject', 'enUS', 'Change Email', 10, 10, '2016-06-06 03:14:38', '2016-06-06 03:14:38');
REPLACE INTO `system_text` (`id`, `lang`, `text`, `author`, `author_edit`, `time_create`, `time_edit`) VALUES ('mail_confirm_email', 'enUS', 'Hello ${username}${newline}${newline}follow this link to confirm your Email-Address ${email}${newline}${base_url}api.php?call=account&action=confirm&token=${token} ${newline}${newline}Sincerely your Admin Team', 10, 10, '2016-06-06 01:44:07', '2016-06-06 01:42:58');
REPLACE INTO `system_text` (`id`, `lang`, `text`, `author`, `author_edit`, `time_create`, `time_edit`) VALUES ('mail_confirm_email_from', 'enUS', 'admin@mojotrollz.eu', 10, 10, '2016-06-06 01:12:32', '2016-06-06 01:12:32');
REPLACE INTO `system_text` (`id`, `lang`, `text`, `author`, `author_edit`, `time_create`, `time_edit`) VALUES ('mail_confirm_email_replyto', 'enUS', 'admin@mojotrollz.eu', 10, 10, '2016-06-06 01:12:51', '2016-06-06 01:12:51');
REPLACE INTO `system_text` (`id`, `lang`, `text`, `author`, `author_edit`, `time_create`, `time_edit`) VALUES ('mail_confirm_email_subject', 'enUS', 'Confirm Email', 10, 10, '2016-06-06 03:14:18', '2016-06-06 03:14:18');
REPLACE INTO `system_text` (`id`, `lang`, `text`, `author`, `author_edit`, `time_create`, `time_edit`) VALUES ('mail_reset_password', 'enUS', 'Hello ${username}${newline}${newline}follow this link to rest Accounts Password to ${pw}${newline}${base_url}api.php?call=account&action=confirm&token=${token}${newline}${newline}Sincerely your Admin Team', 10, 10, '2016-06-06 03:32:55', '2016-06-06 03:19:12');
REPLACE INTO `system_text` (`id`, `lang`, `text`, `author`, `author_edit`, `time_create`, `time_edit`) VALUES ('mail_reset_password_from', 'enUS', 'admin@mojotrollz.eu', 10, 10, '2016-06-06 03:21:14', '2016-06-06 03:21:14');
REPLACE INTO `system_text` (`id`, `lang`, `text`, `author`, `author_edit`, `time_create`, `time_edit`) VALUES ('mail_reset_password_replyto', 'enUS', 'admin@mojotrollz.eu', 10, 10, '2016-06-06 03:21:34', '2016-06-06 03:21:34');
REPLACE INTO `system_text` (`id`, `lang`, `text`, `author`, `author_edit`, `time_create`, `time_edit`) VALUES ('mail_reset_password_subject', 'enUS', 'Reset Password', 10, 10, '2016-06-06 03:20:53', '2016-06-06 03:20:53');
REPLACE INTO `system_text_tag` (`id`, `tag`) VALUES ('mail_change_email', 'mail');
REPLACE INTO `system_text_tag` (`id`, `tag`) VALUES ('mail_change_email_from', 'mail');
REPLACE INTO `system_text_tag` (`id`, `tag`) VALUES ('mail_change_email_replyto', 'mail');
REPLACE INTO `system_text_tag` (`id`, `tag`) VALUES ('mail_change_email_subject', 'mail');
REPLACE INTO `system_text_tag` (`id`, `tag`) VALUES ('mail_confirm_email', 'mail');
REPLACE INTO `system_text_tag` (`id`, `tag`) VALUES ('mail_confirm_email_from', 'mail');
REPLACE INTO `system_text_tag` (`id`, `tag`) VALUES ('mail_confirm_email_replyto', 'mail');
REPLACE INTO `system_text_tag` (`id`, `tag`) VALUES ('mail_confirm_email_subject', 'mail');
REPLACE INTO `system_text_tag` (`id`, `tag`) VALUES ('mail_reset_password', 'mail');
REPLACE INTO `system_text_tag` (`id`, `tag`) VALUES ('mail_reset_password_from', 'mail');
REPLACE INTO `system_text_tag` (`id`, `tag`) VALUES ('mail_reset_password_replyto', 'mail');
REPLACE INTO `system_text_tag` (`id`, `tag`) VALUES ('mail_reset_password_subject', 'mail');

8
token/qq/BETA_CHECK_CODE.php
View File

@ -1,8 +0,0 @@
<?php
namespace SQL;
class BETA_CHECK_CODE extends \SYSTEM\DB\QP {
public static function get_class(){return \get_class();}
public static function mysql(){return
'SELECT COUNT(*) as count FROM mojotrollz_beta WHERE code = ? AND user_new IS NULL';
}
}

9
token/qq/BETA_DELETE_CODE.php
View File

@ -1,9 +0,0 @@
<?php
namespace SQL;
class BETA_DELETE_CODE extends \SYSTEM\DB\QP {
public static function get_class(){return \get_class();}
public static function mysql(){return
'DELETE FROM `mojotrollz_beta`'.
' WHERE code = ?;';
}
}

9
token/qq/SYS_SECURITY_CHANGE_EMAIL.php Normal file
View File

@ -0,0 +1,9 @@
<?php
namespace SYSTEM\SQL;
class SYS_SECURITY_CHANGE_EMAIL extends \SYSTEM\DB\QP {
public static function get_class(){return \get_class();}
public static function mysql(){return
'UPDATE system_user SET email = ?, email_confirmed = NULL WHERE id = ?;';
}
}

9
token/qq/SYS_SECURITY_CONFIRM_EMAIL.php Normal file
View File

@ -0,0 +1,9 @@
<?php
namespace SYSTEM\SQL;
class SYS_SECURITY_CONFIRM_EMAIL extends \SYSTEM\DB\QP {
public static function get_class(){return \get_class();}
public static function mysql(){return
'UPDATE system_user SET email_confirmed = 1 WHERE id = ?;';
}
}

9
token/qq/SYS_SECURITY_RESET_PASSWORD.php Normal file
View File

@ -0,0 +1,9 @@
<?php
namespace SYSTEM\SQL;
class SYS_SECURITY_RESET_PASSWORD extends \SYSTEM\DB\QP {
public static function get_class(){return \get_class();}
public static function mysql(){return
'UPDATE system_user SET password_sha1 = ? WHERE id = ?;';
}
}

16
token/token.php
View File

@ -7,7 +7,7 @@ class token{
private static function check_handler($handler){
if( !\class_exists($handler) ||
!\is_array($parents = \class_parents($handler)) ||
!\array_search('SYSTEM\TOKEN\token_handler', $handler)){
!\array_search('SYSTEM\TOKEN\token_handler', $parents)){
return false;}
return true;}
@ -16,14 +16,14 @@ class token{
throw new \SYSTEM\LOG\ERROR('Problem with your Token class: '.$class.'; it might not be available or inherits from the wrong class!');}
array_push(self::$type_handlers,$class);}
public static function request($class,$data=null){
if(!\array_search($class, self::$type_handlers)){
public static function request($class,$data=array()){
if(!\in_array($class, self::$type_handlers)){
throw new \SYSTEM\LOG\ERROR("Token_handler class not known to Token class. Please register it first.");}
$token = \call_user_func(array($class, 'token'));
$res = \SYSTEM\SQL\SYS_TOKEN_INSERT::QI( array( $token, $type,
$res = \SYSTEM\SQL\SYS_TOKEN_INSERT::QI( array( $token, $class,
\call_user_func(array($class, 'expire')),
\call_user_func(array($class, array('data',$data))),
json_encode($data),
\SYSTEM\SECURITY\security::isLoggedIn() ? \SYSTEM\SECURITY\security::getUser()->id : null));
return $token;
}
@ -33,13 +33,13 @@ class token{
throw new \SYSTEM\LOG\ERROR('Token invalid.');}
if(!$res['expire'] || strtotime($res['expire']) < time()){
throw new \SYSTEM\LOG\ERROR('Token has expired!');}
if(!\array_search($res['class'], self::$type_handlers)){
if(!\in_array($res['class'], self::$type_handlers)){
throw new \SYSTEM\LOG\ERROR('Token_handler class not known to Token class. Please register it first.');}
if(!\call_user_func(array($res['class'], array('confirm',$res)))){
if(!\call_user_func_array(array($res['class'], 'confirm'),array($res))){
throw new \SYSTEM\LOG\ERROR('Token_handler rejected Token.');}
return \SYSTEM\SQL\SYS_TOKEN_CONFIRM::QI(array( \SYSTEM\SECURITY\security::isLoggedIn() ? \SYSTEM\SECURITY\security::getUser()->id : null,
$token));
}
public static function get($token){
return \SYSTEM\SQL\SYS_TOKEN_GET::Q1($token);}
return \SYSTEM\SQL\SYS_TOKEN_GET::Q1(array($token));}
}

13
token/token_change_email.php
View File

@ -1,12 +1,11 @@
<?php
namespace SYSTEM\TOKEN;
class token_change_email extends token_handler{
public function token(){
public static function token(){
return sha1(time().rand(0, 3000));}
public function expire(){
time() + (60 * 60 * 12);}
public function data($data){
return $data;}
public function confirm($token_data){
return true;}
public static function expire(){
return time() + (60 * 60 * 12);}
public static function confirm($token_data){
$data = \json_decode($token_data['data'],true);
return \SYSTEM\SQL\SYS_SECURITY_CHANGE_EMAIL::QI(array($data['email'],$data['user'])) ? true : false;}
}

13
token/token_confirm_email.php
View File

@ -1,12 +1,11 @@
<?php
namespace SYSTEM\TOKEN;
class token_confirm_email extends token_handler{
public function token(){
public static function token(){
return sha1(time().rand(0, 1000));}
public function expire(){
time() + (60 * 60 * 24 * 3);}
public function data($data){
return $data;}
public function confirm($token_data){
return true;}
public static function expire(){
return time() + (60 * 60 * 24 * 3);}
public static function confirm($token_data){
$data = \json_decode($token_data['data'],true);
return \SYSTEM\SQL\SYS_SECURITY_CONFIRM_EMAIL::QI(array($data['user'])) ? true : false;}
}

7
token/token_handler.php
View File

@ -2,8 +2,7 @@
namespace SYSTEM\TOKEN;
abstract class token_handler {
abstract public function token();
abstract public function expire();
abstract public function data($data);
abstract public function confirm($token_data);
abstract public static function token();
abstract public static function expire();
abstract public static function confirm($token_data);
}

13
token/token_reset_password.php
View File

@ -1,12 +1,11 @@
<?php
namespace SYSTEM\TOKEN;
class token_reset_password extends token_handler{
public function token(){
public static function token(){
return sha1(time().rand(0, 2000));}
public function expire(){
time() + (60 * 60 * 1);}
public function data($data){
return $data;}
public function confirm($token_data){
return true;}
public static function expire(){
return time() + (60 * 60 * 1);}
public static function confirm($token_data){
$data = \json_decode($token_data['data'],true);
return \SYSTEM\SQL\SYS_SECURITY_RESET_PASSWORD::QI(array($data['pw_sha1'],$data['user'])) ? true : false;}
}