PasswordResetModel::setPasswordResetDatabaseToken PHP Method

PasswordResetModel Class Documentation Usage Examples Of PasswordResetModel::setPasswordResetDatabaseToken Mostra file Open project: panique/huge

setPasswordResetDatabaseToken() public static method

Set password reset token in database (for DEFAULT user accounts)

public static setPasswordResetDatabaseToken ( string $user_name, string $user_password_reset_hash, integer $temporary_timestamp ) : boolean
$user_name	string	username
$user_password_reset_hash	string	password reset hash
$temporary_timestamp	integer	timestamp
return	boolean	success status

    public static function setPasswordResetDatabaseToken($user_name, $user_password_reset_hash, $temporary_timestamp)
    {
        $database = DatabaseFactory::getFactory()->getConnection();
        $sql = "UPDATE users\n                SET user_password_reset_hash = :user_password_reset_hash, user_password_reset_timestamp = :user_password_reset_timestamp\n                WHERE user_name = :user_name AND user_provider_type = :provider_type LIMIT 1";
        $query = $database->prepare($sql);
        $query->execute(array(':user_password_reset_hash' => $user_password_reset_hash, ':user_name' => $user_name, ':user_password_reset_timestamp' => $temporary_timestamp, ':provider_type' => 'DEFAULT'));
        // check if exactly one row was successfully changed
        if ($query->rowCount() == 1) {
            return true;
        }
        // fallback
        Session::add('feedback_negative', Text::get('FEEDBACK_PASSWORD_RESET_TOKEN_FAIL'));
        return false;
    }

Usage Example

Esempio n. 1

Mostra file

File: PasswordResetModel.php Progetto: queer1/PC-Track

 /**
  * Perform the necessary actions to send a password reset mail
  *
  * @param $user_name_or_email string Username or user's email
  *
  * @return bool success status
  */
 public static function requestPasswordReset($user_name_or_email)
 {
     if (empty($user_name_or_email)) {
         Session::add('feedback_negative', Text::get('FEEDBACK_USERNAME_EMAIL_FIELD_EMPTY'));
         return false;
     }
     // check if that username exists
     $result = UserModel::getUserDataByUserNameOrEmail($user_name_or_email);
     if (!$result) {
         Session::add('feedback_negative', Text::get('FEEDBACK_USER_DOES_NOT_EXIST'));
         return false;
     }
     // generate integer-timestamp (to see when exactly the user (or an attacker) requested the password reset mail)
     // generate random hash for email password reset verification (40 char string)
     $temporary_timestamp = time();
     $user_password_reset_hash = sha1(uniqid(mt_rand(), true));
     // set token (= a random hash string and a timestamp) into database ...
     $token_set = PasswordResetModel::setPasswordResetDatabaseToken($result->user_name, $user_password_reset_hash, $temporary_timestamp);
     if (!$token_set) {
         return false;
     }
     // ... and send a mail to the user, containing a link with username and token hash string
     $mail_sent = PasswordResetModel::sendPasswordResetMail($result->user_name, $user_password_reset_hash, $result->user_email);
     if ($mail_sent) {
         return true;
     }
     // default return
     return false;
 }

PasswordResetModel

changePassword

requestPasswordReset

saveChangedPassword

saveNewUserPassword

sendPasswordResetMail

setNewPassword

setPasswordResetDatabaseToken

validatePasswordChange

validateResetPassword

verifyPasswordReset