moved different api calls

This commit is contained in:
2026-05-17 17:20:06 +02:00
parent 776342d595
commit 369657a622
34 changed files with 39 additions and 40 deletions

View File

@@ -0,0 +1,78 @@
<?php
use api\classes\API_resetpassword;
use api\classes\API_users;
use bin\php\Classes\mailBuilder;
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_resetpassword.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/bin/php/Classes/mailBuilder.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_users.php';
$API_resetpassword = new API_resetpassword();
if ($API_resetpassword->request_method === 'GET') {
} elseif ($API_resetpassword->request_method === 'POST') {
# Reset a users password and send a email to the user to set a new password
$API_resetpassword->checkPermissions('admin-access-admins-resetpassword', 'RW');
# The user will need to verify their email, the password field cannot be NULL so set an random password for now till the user resets it on when verifing there email
$random_string = substr(str_shuffle(str_repeat('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01', 64)), 0, rand(50, 64));
$user_password = password_hash($random_string, PASSWORD_BCRYPT, ["cost" => 12]);
$API_resetpassword->postedData['user_password'] = $user_password;
# Password reset token that will be send to the user
$API_resetpassword->postedData['user_password_reset_token'] = bin2hex(random_bytes(32));
$API_resetpassword->postedData['user_password_reset_expires'] = time() + 86400;
$requiredFields = [
'user_uuid' => ['type' => 'uuid'],
'user_password' => ['type' => 'string'],
'user_password_reset_token' => ['type' => 'string'],
'user_password_reset_expires' => ['type' => 'int'],
];
$API_resetpassword->validateData($requiredFields);
$API_resetpassword->resetPassword();
$API_users = new API_users();
$_GET['builder'] = [1 => ['where' => [0 => 'user_uuid', 1 => $API_resetpassword->data['user_uuid']]]];
$user_data = $API_users->getUser()[0];
# Sending an email to the user
$host = $_SERVER['HTTP_HOST'];
$verifyLink = "https://{$host}/login/verifyEmail.php?token={$API_resetpassword->data['user_password_reset_token']}";
$mail = new mailBuilder();
$mail->subject = "Hello " . $user_data['user_full_name'] . ", Heres Your Password Reset Link";
$mail->addAddress($user_data['user_email'], $user_data['user_first_name']);
$mail->mailText = '
Hello ' . $user_data['user_first_name'] . ',<br><br>
We received a request to reset the password for your account. As a security measure, your password has been reset.<br><br>
To set a new password of your choice, click the text below:<br>
<a href="' . $verifyLink . '">Reset Password</a><br><br>
Or copy and paste the following link into your browser: <br>' . $verifyLink . '<br><br>
This link is valid for 24 hours from the time of this request.<br><br>
If you did not request this, you can safely ignore this email. No further action is required, and your account remains secure.<br><br>
Best regards,<br><br>
The Sentri gnomes
';
$mail->sendMail();
$API_resetpassword->apiOutput(200, ['success' => 'Password reset link sent successfully.']);
} elseif ($API_resetpassword->request_method === 'PUT') {
} elseif ($API_resetpassword->request_method === 'DELETE') {
}