From 7491373ea4e2849d954604e07905f8a0847d3a6d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E3=83=86=E3=82=AF=E3=83=8B=E3=82=AB=E3=83=AB=E8=AB=8F?= =?UTF-8?q?=E8=A8=AA=E5=AD=90?= Date: Tue, 7 Aug 2018 14:05:50 +0900 Subject: [PATCH] Password reset. --- app/Http/Controllers/AuthController.php | 114 ++++++++++++++++++++++++ routes/api.php | 3 + 2 files changed, 117 insertions(+) diff --git a/app/Http/Controllers/AuthController.php b/app/Http/Controllers/AuthController.php index 81df572..def243f 100644 --- a/app/Http/Controllers/AuthController.php +++ b/app/Http/Controllers/AuthController.php @@ -422,6 +422,120 @@ class AuthController extends Controller { return array(); } + function CheckEmail($email) { + $get = DB::table('users') + ->where('email', $email) + ->count(); + + if ($get == 0) return 0; + else return 1; + } + + public function SendReset(Request $request) { + $exist = $this->CheckEmail($request->email); + + if ($exist == 0) { + return 0; + } + else { + $check = DB::table('usr_resets') + ->select('token') + ->where('email', $request->email) + ->count(); + + if ($check > 0) { + DB::table('usr_resets') + ->where('email', $request->email) + ->delete(); + } + + $token = bin2hex(random_bytes(32)); + $due = time() + (1 * 24 * 60 * 60); + + DB::table('usr_resets') + ->insert([ + 'email' => $request->email, + 'token' => $token, + 'due_date' => $due + ]); + + $get = DB::table('usr_resetmails') + ->select('sender', 'sendname', 'subject', 'message') + ->first(); + + $user = DB::table('users') + ->select('username') + ->where('email', $request->email) + ->first(); + + $mess = str_replace('{user}', $user->username, $get->message); + $mess2 = str_replace('{link}', $token, $mess); + + $mess2 = mb_convert_encoding($mess2, "ISO-2022-JP", "AUTO"); + $subj = mb_convert_encoding($get->subject, "ISO-2022-JP", "AUTO"); + + $headers = "MIME-Version: 1.0"."\r\n"; + $headers .= "Content-Type: text/plain; charset=ISO-2022-JP"."\r\n"; + $headers .= "To: ".$request->email."\r\n"; + $headers .= "From: ".mb_convert_encoding($get->sendname,"ISO-2022-JP","AUTO")." <".$get->sender.">"."\r\n"; + + mb_language("ja"); + + $res = mail( + $request->email, + $subj, + $mess2, + $headers, + "-f".$get->sender + ); + + return 1; + } + } + + public function ConfirmReset($token) { + $get = DB::table('usr_resets') + ->select('*') + ->where('token', $token) + ->first(); + + $within24hour = time() + (1 * 24 * 60 * 60); + + if (empty($get)) { + return 0; + } + else { + if ($get->due_date > $within24hour) { + return 0; + } + else { + return 1; + } + } + } + + public function PasswordReset(Request $request) { + if (empty($request->password)) { + return 0; + } + + $salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647)); + $passwd = hash('sha256', $request->password . $salt); + + for ($round = 0; $round < 65536; $round++) { + $passwd = hash('sha256', $passwd . $salt); + } + + $res = DB::table('users') + ->where('email', $request->email) + ->update([ + 'password' => $passwd, + 'salt' => $salt + ]); + + return 1; + } + public function recover(Request $request) { $user = User::where('email', $request->email)->first(); diff --git a/routes/api.php b/routes/api.php index 342c6b4..a0d48a9 100644 --- a/routes/api.php +++ b/routes/api.php @@ -22,6 +22,9 @@ $api->version('v1', function ($api) { $api->post('/auth/login', 'AuthController@login'); $api->post('/auth/register', 'AuthController@register'); $api->post('/auth/recover', 'AuthController@recover'); + $api->post('/auth/sendreset', 'AuthController@SendReset'); + $api->get('/auth/confirmreset/{token}', 'AuthController@ConfirmReset'); + $api->post('/auth/passwordreset', 'AuthController@PasswordReset'); $api->post('/auth/checkauth', 'AuthController@checkAuth'); }); });