Хороним $_COOKIE['pass'], отказываемся от md5('pass'). Это не регистрация, а чёрная дыра!
This commit is contained in:
@@ -0,0 +1,120 @@
|
||||
<?php
|
||||
|
||||
namespace User;
|
||||
|
||||
use Core\Config;
|
||||
use Core\Db;
|
||||
use Core\Mail;
|
||||
use UserIp;
|
||||
|
||||
class Confirmation
|
||||
{
|
||||
/**
|
||||
* Äëÿ îäíîòèïíûõ ïèñåì ñ ïîäòâåðæäåíèåì.
|
||||
* @param array $userinfo Äàííûå èç (User)->info.
|
||||
* @param mixed $value Íîâîå çíà÷åíèå
|
||||
* @param ?int $code Ïðîâåðî÷íûé êîä
|
||||
* @param string $type Òèï ìåíÿåìîãî çíà÷åíèÿ. Ñ ìàëåíüêîé áóêâû, èìåíèòåëüíûé ïàäåæ.
|
||||
* @return void
|
||||
*/
|
||||
public static function byEmail(array $userinfo, string $type, $value, ?int $code = null)
|
||||
{
|
||||
if ($type === 'pass2' && is_null($code)) {
|
||||
self::pass2ByEmailCustom($userinfo, $value);
|
||||
return;
|
||||
}
|
||||
$ip = UserIp::get();
|
||||
$date = date('d.m.y H:i');
|
||||
$https = Config::get('https');
|
||||
$support = Config::get('support');
|
||||
$activationLink = 'https://' . $userinfo['city'] . Config::get('host') .
|
||||
"/confirm.php?id={$userinfo['id']}&code=$code";
|
||||
$fulllogin = $userinfo['login'] . "[{$userinfo['level']}]";
|
||||
Mail::send(
|
||||
$userinfo['mail'],
|
||||
<<<HTML
|
||||
<html lang="ru">
|
||||
<head><title>Ñìåíèòü $type</title></head>
|
||||
<body>
|
||||
$date<br>
|
||||
Êòî-òî ñ IP: $ip ïûòàåòñÿ ñìåíèòü $type ê ïåðñîíàæó $fulllogin.<br>
|
||||
Ò.ê. â àíêåòå ó ýòîãî ïåðñîíàæà óêàçàí email: {$userinfo['mail']}, òî âû è ïîëó÷èëè ýòî ïèñüìî.<br>
|
||||
login: {$userinfo['login']}<br>
|
||||
Íîâûé $type: <span style="background-color: wheat; font-family: Consolas, monospace;">$value</span><br><br>
|
||||
Äëÿ òîãî ÷òîáû ñìåíèòü $type, ïåðåéäèòå ïî ññûëêå:<br>
|
||||
$activationLink<br>
|
||||
<br>--<br>
|
||||
Áîéöîâñêèé Êëóá $https<br>
|
||||
Àäìèíèñòðàöèÿ Áîéöîâñêîãî Êëóáà: $support<br>
|
||||
P.S. Äàííîå ïèñüìî ñãåíåðèðîâàíî àâòîìàòè÷åñêè, îòâå÷àòü íà íåãî íå íóæíî.
|
||||
</body>
|
||||
</html>
|
||||
HTML,
|
||||
"Ñìåíà $type ó ïåðñîíàæà $fulllogin"
|
||||
);
|
||||
}
|
||||
|
||||
private static function pass2ByEmailCustom(array $userinfo, string $pass2)
|
||||
{
|
||||
|
||||
$ip = UserIp::get();
|
||||
$fulllogin = $userinfo['login'] . "[{$userinfo['level']}]";
|
||||
Mail::send(
|
||||
$userinfo['mail'],
|
||||
<<<HTML
|
||||
<html lang="ru">
|
||||
<head><title>Âòîðîé ïàðîëü îò ïåðñîíàæà $fulllogin.</title></head>
|
||||
<body>
|
||||
Âàìè, ñ IP àäðåñà - $ip, áûë óñòàíîâëåí âòîðîé ïàðîëü â èãðå Áîéöîâñêèé Êëóá.<br>
|
||||
Åñëè ýòî áûëè íå Âû, ñâÿæèòåñü ñ àäìèíèñòðàöèåé ñàéòà.<br><br>
|
||||
------------------------------------------------------------------<br>
|
||||
Âàø ëîãèí | {$userinfo['login']}<br>
|
||||
Âòîðîé ïàðîëü | ' . $pass2 . '<br>
|
||||
------------------------------------------------------------------<br>
|
||||
<br><br>Æåëàåì Âàì ïðèÿòíîé èãðû.<br><br><i>Àäìèíèñòðàöèÿ</i>
|
||||
</body>
|
||||
HTML,
|
||||
"Âòîðîé ïàðîëü îò ïåðñîíàæà $fulllogin"
|
||||
);
|
||||
}
|
||||
|
||||
public static function byCode(int $uid, int $code): string
|
||||
{
|
||||
$status = '';
|
||||
|
||||
if ($uid <= 0 || $code <= 0) {
|
||||
return $status;
|
||||
}
|
||||
|
||||
$codes = Db::getRow(
|
||||
'select * from emailconfirmation where id = ? and code = ? and (active = 1 or pass = 1 or email = 1)',
|
||||
[$uid, $code]
|
||||
);
|
||||
if (!$codes['id']) {
|
||||
$status = 'Ññûëêà óñòàðåëà!';
|
||||
} elseif ($codes['active'] === 1) {
|
||||
Db::sql(
|
||||
'update users set emailconfirmation = 1, securetime = unix_timestamp() + 259200 where id = ?',
|
||||
[$codes['id']]
|
||||
);
|
||||
$status = "Ïîäòâåðæäåíèå ñìåíû ïàðîëÿ/email ÷åðåç ïî÷òó âêëþ÷åíî";
|
||||
} elseif ($codes['pass'] === 1) {
|
||||
Db::sql(
|
||||
'update users as u inner join emailconfirmation as e on u.id = e.id set u.pass = e.pa_em, u.securetime = unix_timestamp() + 259200 where u.id = ?',
|
||||
[$codes['id']]
|
||||
);
|
||||
$status = "Óäà÷íî ñìåíèëè ïàðîëü<";
|
||||
} elseif ($codes['email'] === 1) {
|
||||
Db::sql(
|
||||
'update users as u inner join emailconfirmation as e on u.id = e.id set u.mail = e.pa_em, u.securetime = unix_timestamp() + 259200 where u.id = ?',
|
||||
[$codes['id']]
|
||||
);
|
||||
$status = "Óäà÷íî ñìåíèëè email";
|
||||
}
|
||||
Db::sql('delete from emailconfirmation where id = ? and code = ?', [$_GET['id'], $_GET['code']]);
|
||||
if ($status) {
|
||||
$status = "<h3>$status</h3>";
|
||||
}
|
||||
return $status;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,42 @@
|
||||
<?php
|
||||
|
||||
namespace User;
|
||||
|
||||
use Core\Db;
|
||||
use PassGen;
|
||||
use User;
|
||||
|
||||
class Email
|
||||
{
|
||||
private array $info = [];
|
||||
|
||||
public function __construct(array $userinfo)
|
||||
{
|
||||
$this->info = $userinfo ?? User::start()->info;
|
||||
}
|
||||
|
||||
public function change(string $old, string $new): string
|
||||
{
|
||||
if ($old === $new) {
|
||||
return $this->info['mail'];
|
||||
}
|
||||
|
||||
if ($this->info['emailconfirmation'] === 1) {
|
||||
$query = 'insert into emailconfirmation (id, code, pa_em, pass) values (?,?,?,1)';
|
||||
$args = [
|
||||
$this->info['id'],
|
||||
PassGen::intCode(10),
|
||||
$new
|
||||
];
|
||||
Confirmation::byEmail($this->info, 'email', $new, $args[1]);
|
||||
} else {
|
||||
$query = 'update users set mail = ?, securetime = unix_timestamp() + 259200 where id = ?';
|
||||
$args = [
|
||||
$new,
|
||||
$this->info['id']
|
||||
];
|
||||
}
|
||||
Db::sql($query, $args);
|
||||
return $new;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,67 @@
|
||||
<?php
|
||||
|
||||
namespace User;
|
||||
|
||||
use Core\Db;
|
||||
use PassGen;
|
||||
use User;
|
||||
|
||||
class Password
|
||||
{
|
||||
private array $info = [];
|
||||
|
||||
public function __construct(array $userinfo)
|
||||
{
|
||||
$this->info = $userinfo ?? User::start()->info;
|
||||
}
|
||||
|
||||
public function changeFirst(string $old, string $new): string
|
||||
{
|
||||
if ($old === $new && password_verify($old, $this->info['pass'])) {
|
||||
if ($this->info['emailconfirmation'] === 1) {
|
||||
$query = 'insert into emailconfirmation (id, code, pa_em, pass) values (?,?,?,1)';
|
||||
$args = [
|
||||
$this->info['id'],
|
||||
PassGen::intCode(10),
|
||||
password_hash($new, PASSWORD_DEFAULT)
|
||||
];
|
||||
Confirmation::byEmail($this->info, 'ïàðîëü', $new, $args[1]);
|
||||
$hashedPass = $args[2];
|
||||
} else {
|
||||
$query = 'update users set pass = ?, repass = 0, securetime = unix_timestamp() + 259200 where id = ?';
|
||||
$args = [
|
||||
password_hash($new, PASSWORD_DEFAULT),
|
||||
$this->info['id']
|
||||
];
|
||||
$hashedPass = $args[0];
|
||||
}
|
||||
Db::sql($query, $args);
|
||||
return $hashedPass;
|
||||
}
|
||||
return $this->info['pass'];
|
||||
}
|
||||
|
||||
public function changeSecond(?int $passLength): array
|
||||
{
|
||||
if (in_array($passLength, [4,6,8])) {
|
||||
$query = 'update users set pass2 = ? where id = ?';
|
||||
$pass2 = PassGen::intCode($passLength);
|
||||
$args = [
|
||||
password_hash($pass2, PASSWORD_DEFAULT),
|
||||
$this->info['id']
|
||||
];
|
||||
Confirmation::byEmail($this->info, 'pass2', $pass2);
|
||||
$hash = $args[0];
|
||||
} else {
|
||||
$query = 'update users set pass2 = default where id = ?';
|
||||
$args = [$this->info['id']];
|
||||
}
|
||||
|
||||
Db::sql($query, $args);
|
||||
return [
|
||||
'pass2' => $pass2 ?? '',
|
||||
'hash' => $hash ?? null,
|
||||
];
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user