We use cookies to ensure you get the best experience on our website
首页 发现 帮助
注册 登录
0ct0pu5
/
XBackBone
1
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
目录树: db483bb53e
分支列表 标签列表
XBackBone
/
app
/
Controllers
/
Auth
/
PasswordRecoveryController.php

PasswordRecoveryController.php 4.3 KB
文件历史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135 
  1. <?php
    2. 

  2. 

  3. 

  4. namespace App\Controllers\Auth;
    5. 

  5. 

  6. use App\Controllers\Controller;
    7. 

  7. use App\Web\Mail;
    8. 

  8. use App\Web\ValidationChecker;
    9. 

  9. use Psr\Http\Message\ResponseInterface as Response;
    10. 

  10. use Psr\Http\Message\ServerRequestInterface as Request;
    11. 

  11. use Slim\Exception\HttpNotFoundException;
    12. 

  12. 

  13. class PasswordRecoveryController extends Controller
    14. 

  14. {
    15. 

  15. 

  16.     /**
    17. 

  17.      * @param  Request  $request
    18. 

  18.      * @param  Response  $response
    19. 

  19.      * @return Response
    20. 

  20.      * @throws \Twig\Error\LoaderError
    21. 

  21.      * @throws \Twig\Error\RuntimeError
    22. 

  22.      * @throws \Twig\Error\SyntaxError
    23. 

  23.      */
    24. 

  24.     public function recover(Request $request, Response $response): Response
    25. 

  25.     {
    26. 

  26.         return view()->render($response, 'auth/recover_mail.twig');
    27. 

  27.     }
    28. 

  28. 

  29. 

  30.     /**
    31. 

  31.      * @param  Request  $request
    32. 

  32.      * @param  Response  $response
    33. 

  33.      * @return Response
    34. 

  34.      * @throws \Exception
    35. 

  35.      */
    36. 

  36.     public function recoverMail(Request $request, Response $response): Response
    37. 

  37.     {
    38. 

  38.         if ($this->session->get('logged', false)) {
    39. 

  39.             return redirect($response, route('home'));
    40. 

  40.         }
    41. 

  41. 

  42.         $user = $this->database->query('SELECT `id`, `username` FROM `users` WHERE `email` = ? LIMIT 1', param($request, 'email'))->fetch();
    43. 

  43. 

  44.         if (!isset($user->id)) {
    45. 

  45.             $this->session->alert(lang('recover_email_sent'), 'success');
    46. 

  46.             return redirect($response, route('recover'));
    47. 

  47.         }
    48. 

  48. 

  49.         $resetToken = bin2hex(random_bytes(16));
    50. 

  50. 

  51.         $this->database->query('UPDATE `users` SET `reset_token`=? WHERE `id` = ?', [
    52. 

  52.             $resetToken,
    53. 

  53.             $user->id,
    54. 

  54.         ]);
    55. 

  55. 

  56.         Mail::make()
    57. 

  57.             ->from(platform_mail(), $this->config['app_name'])
    58. 

  58.             ->to(param($request, 'email'))
    59. 

  59.             ->subject(lang('mail.recover_password', [$this->config['app_name']]))
    60. 

  60.             ->message(lang('mail.recover_text', [
    61. 

  61.                 $user->username,
    62. 

  62.                 route('recover.password', ['resetToken' => $resetToken]),
    63. 

  63.             ]))
    64. 

  64.             ->send();
    65. 

  65. 

  66.         $this->session->alert(lang('recover_email_sent'), 'success');
    67. 

  67.         return redirect($response, route('recover'));
    68. 

  68.     }
    69. 

  69. 

  70.     /**
    71. 

  71.      * @param  Request  $request
    72. 

  72.      * @param  Response  $response
    73. 

  73.      * @param  string  $resetToken
    74. 

  74.      * @return Response
    75. 

  75.      * @throws \Twig\Error\LoaderError
    76. 

  76.      * @throws \Twig\Error\RuntimeError
    77. 

  77.      * @throws \Twig\Error\SyntaxError
    78. 

  78.      * @throws HttpNotFoundException
    79. 

  79.      */
    80. 

  80.     public function recoverPasswordForm(Request $request, Response $response, string $resetToken): Response
    81. 

  81.     {
    82. 

  82.         $user = $this->database->query('SELECT `id` FROM `users` WHERE `reset_token` = ? LIMIT 1', $resetToken)->fetch();
    83. 

  83. 

  84.         if (!$user) {
    85. 

  85.             throw new HttpNotFoundException($request);
    86. 

  86.         }
    87. 

  87. 

  88.         return view()->render($response, 'auth/recover_password.twig', [
    89. 

  89.             'reset_token' => $resetToken
    90. 

  90.         ]);
    91. 

  91.     }
    92. 

  92. 

  93.     /**
    94. 

  94.      * @param  Request  $request
    95. 

  95.      * @param  Response  $response
    96. 

  96.      * @param  string  $resetToken
    97. 

  97.      * @return Response
    98. 

  98.      * @throws HttpNotFoundException
    99. 

  99.      */
    100. 

  100.     public function recoverPassword(Request $request, Response $response, string $resetToken): Response
    101. 

  101.     {
    102. 

  102.         $user = $this->database->query('SELECT `id` FROM `users` WHERE `reset_token` = ? LIMIT 1', $resetToken)->fetch();
    103. 

  103. 

  104.         if (!$user) {
    105. 

  105.             throw new HttpNotFoundException($request);
    106. 

  106.         }
    107. 

  107. 

  108.         $validator = ValidationChecker::make()
    109. 

  109.             ->rules([
    110. 

  110.                 'password.required' => !empty(param($request, 'password')),
    111. 

  111.                 'password.match' => param($request, 'password') === param($request, 'password_repeat'),
    112. 

  112.             ])
    113. 

  113.             ->onFail(function ($rule) {
    114. 

  114.                 $alerts = [
    115. 

  115.                     'password.required' => lang('password_required'),
    116. 

  116.                     'password.match' => lang('password_match'),
    117. 

  117.                 ];
    118. 

  118. 

  119.                 $this->session->alert($alerts[$rule], 'danger');
    120. 

  120.             });
    121. 

  121. 

  122.         if ($validator->fails()){
    123. 

  123.             return redirect($response, route('recover.password', ['resetToken' => $resetToken]));
    124. 

  124.         }
    125. 

  125. 

  126.         $this->database->query('UPDATE `users` SET `password`=?, `reset_token`=? WHERE `id` = ?', [
    127. 

  127.             password_hash(param($request, 'password'), PASSWORD_DEFAULT),
    128. 

  128.             null,
    129. 

  129.             $user->id,
    130. 

  130.         ]);
    131. 

  131. 

  132.         $this->session->alert(lang('password_restored'), 'success');
    133. 

  133.         return redirect($response, route('login.show'));
    134. 

  134.     }
    135. 

  135. }
    136.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5