72 lines
3.0 KiB
PHP
72 lines
3.0 KiB
PHP
<?php
|
||
|
||
use api\classes\API_resetpassword;
|
||
use api\classes\API_users;
|
||
use bin\php\Classes\mailBuilder;
|
||
|
||
session_start();
|
||
require_once "{$_SERVER['DOCUMENT_ROOT']}/api/classes/API_resetpassword.php";
|
||
require_once "{$_SERVER['DOCUMENT_ROOT']}/bin/php/Classes/mailBuilder.php";
|
||
require_once "{$_SERVER['DOCUMENT_ROOT']}/api/classes/API_users.php";
|
||
|
||
|
||
$API_resetpassword = new API_resetpassword();
|
||
|
||
if ($API_resetpassword->request_method === 'POST') {
|
||
# Reset a users password and send a mail to the user to set a new password
|
||
|
||
$API_resetpassword->checkPermissions('admin-access-admins-resetpassword', 'RW');
|
||
|
||
# The user will need to verify their email, the password field cannot be NULL so set a random password for now till the user resets it on when verifying there email
|
||
$random_string = substr(str_shuffle(str_repeat('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01', 64)), 0, rand(50, 64));
|
||
$user_password = password_hash($random_string, PASSWORD_BCRYPT, ["cost" => 12]);
|
||
$API_resetpassword->postedData['user_password'] = $user_password;
|
||
|
||
# Password reset token that will be sent to the user
|
||
$API_resetpassword->postedData['user_password_reset_token'] = bin2hex(random_bytes(32));
|
||
$API_resetpassword->postedData['user_password_reset_expires'] = time() + 86400;
|
||
|
||
$requiredFields = [
|
||
'user_uuid' => ['type' => 'uuid'],
|
||
'user_password' => ['type' => 'string'],
|
||
'user_password_reset_token' => ['type' => 'string'],
|
||
'user_password_reset_expires' => ['type' => 'int'],
|
||
];
|
||
|
||
$API_resetpassword->validateData($requiredFields);
|
||
|
||
$API_resetpassword->resetPassword();
|
||
|
||
$API_users = new API_users();
|
||
$_GET['builder'] = [1 => ['where' => [0 => 'user_uuid', 1 => $API_resetpassword->data['user_uuid']]]];
|
||
$user_data = $API_users->getUser()[0];
|
||
|
||
# Sending an email to the user
|
||
$host = $_SERVER['HTTP_HOST'];
|
||
$verifyLink = "https://{$host}/login/verifyEmail.php?token={$API_resetpassword->data['user_password_reset_token']}";
|
||
|
||
$mail = new mailBuilder();
|
||
$mail->subject = "Hello " . $user_data['user_full_name'] . ", Here’s Your Password Reset Link";
|
||
$mail->addAddress($user_data['user_email'], $user_data['user_first_name']);
|
||
$mail->mailText = '
|
||
Hello ' . $user_data['user_first_name'] . ',<br><br>
|
||
|
||
We received a request to reset the password for your account. As a security measure, your password has been reset.<br><br>
|
||
|
||
To set a new password of your choice, click the text below:<br>
|
||
<a href="' . $verifyLink . '">Reset Password</a><br><br>
|
||
|
||
Or copy and paste the following link into your browser: <br>' . $verifyLink . '<br><br>
|
||
|
||
This link is valid for 24 hours from the time of this request.<br><br>
|
||
|
||
If you did not request this, you can safely ignore this email. No further action is required, and your account remains secure.<br><br>
|
||
|
||
Best regards,<br><br>
|
||
The Sentri gnomes
|
||
';
|
||
|
||
$mail->sendMail();
|
||
$API_resetpassword->apiOutput(200, ['success' => 'Password reset link sent successfully.']);
|
||
|
||
} |