real7-login/class.user.php at master · r4v463/real7-login · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
<?php
    class User {
        public $authorized = false;
        public $uid;
        public $username;


        public function __construct() {
            $this->db = new PDO($dsn, $db_user, $db_pass);
            $this->db->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_OBJ);

            if (isset($_SESSION['uid'])) {
                $this->authorized = true;
                $this->uid = $_SESSION['uid'];
                $this->username = $_SESSION['username'];
            } else if (isset($_POST['reset'])) {
                $user = $_POST['reset'];
                $this->reset($user);
            } else if (isset($_POST['username']) && isset($_POST['password'])) {
                $user = $_POST['username'];
                $pass = $_POST['password'];
                $this->login($user, $pass);
            }
        }


        private function login($user, $pass) {
            $st = $this->db->prepare('SELECT `uid`, `username`, `password`
                    FROM users
                    WHERE username = :u');
            $st->execute(array(':u' => $user));
            $row = $st->fetch();

            if ($row && $row->password == sha1($pass)) {
                $this->authorized = true;

                $this->uid = $row->uid;
                $_SESSION['uid'] = $this->uid;

                $this->username = $row->username;
                $_SESSION['username'] = $this->username;

                return true;
            } else {
                return false;
            }
        }


        private function reset($user) {
            $st = $this->db->prepare('SELECT `uid`, `username`, `email`
                    FROM users
                    WHERE username = :u');
            $st->execute(array(':u' => $user));
            $row = $st->fetch();

            if ($row) {
                $token = $this->generateRequest();

                $st = $this->db->prepare('UPDATE users SET `reset` = :reset, password = 0 WHERE uid = :uid LIMIT 1');
                $status = $st->execute(array(':uid' => $row->uid, ':reset' => $token));

                $body = "We received a request for your account details.<br/><br/>Username: {$row->username}<br/>To reset your password, click on this link: <a href='http://www.example.org/?reset={$token}'>http://www.example.org/?reset={$token}/a>";

                $to = $row->email;
                $subject = 'Password request';
                $from = 'no-reply@example.org';

                // To send HTML mail, the Content-type header must be set
                $headers  = 'MIME-Version: 1.0' . "\r\n";
                $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";

                // Create email headers
                $headers .= 'From: '.$from."\r\n".
                            'Reply-To: '.$from."\r\n";

                mail($to, $subject, $body, $headers);
            }
        }

        private function generateRequest() {
            $token = md5(openssl_random_pseudo_bytes(32));
            return $token;
        }

    }
?>