Password reset.

2018-08-07 14:05:50 +09:00 · 2018-08-07 14:05:50 +09:00 · 3cf3c250b6
--- a/app/Http/Controllers/AuthController.php
+++ b/app/Http/Controllers/AuthController.php
@ -422,6 +422,120 @@ class AuthController extends Controller {
        return array();
    }

+    function CheckEmail($email) {
+        $get = DB::table('users')
+            ->where('email', $email)
+            ->count();
+
+        if ($get == 0) return 0;
+        else return 1;
+    }
+
+    public function SendReset(Request $request) {
+        $exist = $this->CheckEmail($request->email);
+
+        if ($exist == 0) {
+            return 0;
+        }
+        else {
+            $check = DB::table('usr_resets')
+                ->select('token')
+                ->where('email', $request->email)
+                ->count();
+
+            if ($check > 0) {
+                DB::table('usr_resets')
+                    ->where('email', $request->email)
+                    ->delete();
+            }
+
+            $token = bin2hex(random_bytes(32));
+            $due = time() + (1 * 24 * 60 * 60);
+
+            DB::table('usr_resets')
+                ->insert([
+                    'email' => $request->email,
+                    'token' => $token,
+                    'due_date' => $due
+                ]);
+
+            $get = DB::table('usr_resetmails')
+                ->select('sender', 'sendname', 'subject', 'message')
+                ->first();
+
+            $user = DB::table('users')
+                ->select('username')
+                ->where('email', $request->email)
+                ->first();
+
+            $mess = str_replace('{user}', $user->username, $get->message);
+            $mess2 = str_replace('{link}', $token, $mess);
+
+            $mess2 = mb_convert_encoding($mess2, "ISO-2022-JP", "AUTO");
+            $subj = mb_convert_encoding($get->subject, "ISO-2022-JP", "AUTO");
+
+            $headers  = "MIME-Version: 1.0"."\r\n";
+            $headers .= "Content-Type: text/plain; charset=ISO-2022-JP"."\r\n";
+            $headers .= "To: ".$request->email."\r\n";
+            $headers .= "From: ".mb_convert_encoding($get->sendname,"ISO-2022-JP","AUTO")." <".$get->sender.">"."\r\n";
+
+            mb_language("ja");
+
+            $res = mail(
+                $request->email,
+                $subj,
+                $mess2,
+                $headers,
+                "-f".$get->sender
+            );
+
+            return 1;
+        }
+    }
+
+    public function ConfirmReset($token) {
+        $get = DB::table('usr_resets')
+            ->select('*')
+            ->where('token', $token)
+            ->first();
+
+        $within24hour = time() + (1 * 24 * 60 * 60);
+
+        if (empty($get)) {
+            return 0;
+        }
+        else {
+            if ($get->due_date > $within24hour) {
+                return 0;
+            }
+            else {
+                return 1;
+            }
+        }
+    }
+
+    public function PasswordReset(Request $request) {
+        if (empty($request->password)) {
+            return 0;
+        }
+
+        $salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647));
+        $passwd = hash('sha256', $request->password . $salt);
+
+        for ($round = 0; $round < 65536; $round++) {
+            $passwd = hash('sha256', $passwd . $salt);
+        }
+
+        $res = DB::table('users')
+            ->where('email', $request->email)
+            ->update([
+                'password' => $passwd,
+                'salt' => $salt
+            ]);
+
+        return 1;
+    }
+
    public function recover(Request $request) {
        $user = User::where('email', $request->email)->first();

--- a/routes/api.php
+++ b/routes/api.php
@ -22,6 +22,9 @@ $api->version('v1', function ($api) {
        $api->post('/auth/login', 'AuthController@login');
        $api->post('/auth/register', 'AuthController@register');
        $api->post('/auth/recover', 'AuthController@recover');
+        $api->post('/auth/sendreset', 'AuthController@SendReset');
+        $api->get('/auth/confirmreset/{token}', 'AuthController@ConfirmReset');
+        $api->post('/auth/passwordreset', 'AuthController@PasswordReset');
        $api->post('/auth/checkauth', 'AuthController@checkAuth');
    });
 });