This repository has been archived by the owner on Feb 21, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 11
/
utils-password.php
68 lines (65 loc) · 2.73 KB
/
utils-password.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
<?php // vim:set ts=4 sw=4 sts=4 et:
require_once "config.php";
require_once "db-func.php";
require_once "utils.php";
function generateRandomString($bytelen) {
return bin2hex(openssl_random_pseudo_bytes($bytelen));
}
function addAndSendToken($email) {
$user = get_row_null(sprintf("SELECT * FROM users WHERE email='%s'", mysql_real_escape_string($email)));
if (!$user) {
return FALSE;
}
$uid = $user["uid"];
$token = generateRandomString(16);
$escaped_token = mysql_real_escape_string($token);
$sql = sprintf("INSERT INTO reset_password_tokens (uid, token) VALUES ('%s', '%s') ON DUPLICATE KEY UPDATE token='%s'", mysql_real_escape_string($uid), $escaped_token, $escaped_token);
query_db($sql);
$username = $user["username"];
$subject = "Password Reset Link";
$message = "This is a password reset link for Puzzletron user $username. To reset your password, click the link. If you didn't request for your password to be reset, you may ignore this email.";
$link = URL . "/resetpassword.php?token=$token";
sendEmail($uid, $subject, $message, $link);
return TRUE;
}
function resetPassword($row, $toUid) {
$uid = $row["uid"];
$username = $row["username"];
$email = $row["email"];
$pass = generateRandomString(16);
newPass($uid, $username, $pass, $pass);
$subject = "Password Reset Notice";
if ($toUid === NULL) {
// send to the user whose password is being reset
$message = "Your Puzzletron password has been reset:\n\nUsername: $username\nPassword: $pass\n\nYou should change your password right away.";
$toUid = $uid;
} else {
// send to an admin, presumably
$message = "The Puzzletron password for this user has been reset:\n\nUsername: $username\nPassword: $pass\nEmail: $email";
}
$link = URL;
sendEmail($toUid, $subject, $message, $link);
}
function resetPasswordByToken($token) {
$row = get_row_null(sprintf("SELECT * FROM reset_password_tokens LEFT JOIN users ON reset_password_tokens.uid = users.uid WHERE reset_password_tokens.token='%s';", mysql_real_escape_string($token)));
if (!$row) {
return FALSE;
}
// check for token expiry
$now = time();
$tokentime = strtotime($row["timestamp"]);
if ($now - $tokentime > 24 * 60 * 60) {
return FALSE;
}
resetPassword($row, NULL);
query_db(sprintf("DELETE FROM reset_password_tokens WHERE token='%s';", mysql_real_escape_string($token)));
return TRUE;
}
function adminResetPasswordByUsername($username, $adminUid) {
$row = get_row_null(sprintf("SELECT * FROM users WHERE username='%s';", mysql_real_escape_string($username)));
if (!$row) {
return FALSE;
}
resetPassword($row, $adminUid);
return TRUE;
}