Skip to content

Commit d55f695

Browse files
ylebreylebre
committed
add password reset functions
1 parent c451c5b commit d55f695

1 file changed

Lines changed: 49 additions & 3 deletions

File tree

lib/User.php

Lines changed: 49 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -9,15 +9,46 @@ private static function connect() {
99
}
1010
}
1111

12-
public static function saveVerifyToken($token) {
12+
private static function generateTokenCode() {
13+
$digits = 6;
14+
$code = rand(0,1000000);
15+
$code = str_pad($code, $digits, '0', STR_PAD_LEFT);
16+
return $code;
17+
}
18+
19+
private static function generateTokenHex() {
20+
return md5(random_bytes(32));
21+
}
22+
23+
private static function generateExpiresTimestamp($lifetime) {
24+
$expires = new \DateTime();
25+
$expires->add(new \DateInterval($lifetime));
26+
return $expires->getTimestamp();
27+
}
28+
29+
public static function saveVerifyToken($tokenType, $tokenData) {
30+
switch ($tokenType) {
31+
case "verify":
32+
$tokenData['code'] = self::generateTokenCode();
33+
$tokenData['expires'] = self::generateExpiresTimestamp('PT30M'); // expires after 30 minutes
34+
break;
35+
case "passwordReset":
36+
case "deleteAccount":
37+
default:
38+
$tokenData['code'] = self::generateTokenHex();
39+
$tokenData['expires'] = self::generateExpiresTimestamp('PT30M'); // expires after 30 minutes
40+
break;
41+
}
42+
1343
self::connect();
1444
$query = self::$pdo->prepare(
1545
'INSERT INTO verify VALUES(:code, :data)'
1646
);
1747
$query->execute([
18-
':code' => $token['code'],
19-
':data' => json_encode($token)
48+
':code' => $tokenData['code'],
49+
':data' => json_encode($tokenData)
2050
]);
51+
return $tokenData;
2152
}
2253

2354
public static function getVerifyToken($code) {
@@ -74,6 +105,21 @@ public static function createUser($newUser) {
74105
];
75106
}
76107

108+
public static function setUserPassword($email, $newPassword) {
109+
if (!self::userEmailExists($email)) {
110+
return;
111+
}
112+
self::connect();
113+
$query = self::$pdo->prepare(
114+
'UPDATE users SET password=:passwordHash WHERE email=:email'
115+
);
116+
$queryParams = [];
117+
$queryParams[':email'] = $email;
118+
$queryParams[':passwordHash'] = password_hash($newPassword, PASSWORD_BCRYPT);
119+
120+
$query->execute($queryParams);
121+
}
122+
77123
public static function allowClientForUser($clientId, $userId) {
78124
self::connect();
79125
$query = self::$pdo->prepare(

0 commit comments

Comments
 (0)