Added account deletion and password recovery
This commit is contained in:
parent
a2b0e641f9
commit
fd99756330
|
@ -31,6 +31,9 @@ require("ui.php");
|
||||||
<link rel="preload" as="script" href="https://cdn.iubenda.com/cs/tcf/stub-v2.js"/>
|
<link rel="preload" as="script" href="https://cdn.iubenda.com/cs/tcf/stub-v2.js"/>
|
||||||
<script src="https://cdn.iubenda.com/cs/tcf/stub-v2.js"></script>
|
<script src="https://cdn.iubenda.com/cs/tcf/stub-v2.js"></script>
|
||||||
<script>
|
<script>
|
||||||
|
if (location.protocol !== 'https:') {
|
||||||
|
location.replace(`https:${location.href.substring(location.protocol.length)}`);
|
||||||
|
}
|
||||||
(_iub=self._iub||[]).csConfiguration={
|
(_iub=self._iub||[]).csConfiguration={
|
||||||
cookiePolicyId: 16543360,
|
cookiePolicyId: 16543360,
|
||||||
siteId: 2323189,
|
siteId: 2323189,
|
||||||
|
@ -190,6 +193,11 @@ require("ui.php");
|
||||||
case "menuSTAFF":
|
case "menuSTAFF":
|
||||||
dishesStaff($_POST["sessionToken"]);
|
dishesStaff($_POST["sessionToken"]);
|
||||||
break;
|
break;
|
||||||
|
case "deleteMe":
|
||||||
|
$r=deleteMe($_POST["sessionToken"]);
|
||||||
|
if(!$r) mainMenu($_POST["sessionToken"], '<h2 style="color:green">Errore</h2>');
|
||||||
|
else UIauth();
|
||||||
|
break;
|
||||||
case "processDishes":
|
case "processDishes":
|
||||||
if(!$newView){
|
if(!$newView){
|
||||||
mainMenu($_POST["sessionToken"]);
|
mainMenu($_POST["sessionToken"]);
|
||||||
|
|
16
lib.php
16
lib.php
|
@ -8,7 +8,7 @@ if (!function_exists('str_contains')) {
|
||||||
|
|
||||||
function pdomake()
|
function pdomake()
|
||||||
{
|
{
|
||||||
return new PDO("sqlite:07abd9b090f514cbce89b2a932b2ec9f/db.db");
|
return new PDO("sqlite:07abd9b090f514cbce89b2a932b2ec9f/f.sqlite3");
|
||||||
}
|
}
|
||||||
$GLOBALS["classesWhitelist"] = [
|
$GLOBALS["classesWhitelist"] = [
|
||||||
"1A",
|
"1A",
|
||||||
|
@ -629,7 +629,8 @@ function processDishes($data)
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
function newViewCheck($token,$view){
|
function newViewCheck($token,$view)
|
||||||
|
{
|
||||||
if(empty($token) || empty($view)) return "EMPTY";
|
if(empty($token) || empty($view)) return "EMPTY";
|
||||||
$p = pdomake();
|
$p = pdomake();
|
||||||
$q = $p->prepare("SELECT * FROM Users WHERE token=:token");
|
$q = $p->prepare("SELECT * FROM Users WHERE token=:token");
|
||||||
|
@ -646,3 +647,14 @@ function newViewCheck($token,$view){
|
||||||
]);
|
]);
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function deleteMe($token)
|
||||||
|
{
|
||||||
|
$u = use_token($token);
|
||||||
|
$p = pdomake();
|
||||||
|
if ($u == null || $u["isStaff"]) return false;
|
||||||
|
$q = $p->prepare("DELETE FROM Users WHERE token=:token");
|
||||||
|
$q->execute([
|
||||||
|
":token" => $token
|
||||||
|
]);
|
||||||
|
}
|
||||||
|
|
76
resend.php
Normal file
76
resend.php
Normal file
|
@ -0,0 +1,76 @@
|
||||||
|
<?php
|
||||||
|
require("lib.php");
|
||||||
|
$p = pdomake();
|
||||||
|
$q = $p->prepare("SELECT * FROM Users WHERE email=:email");
|
||||||
|
$q->execute([
|
||||||
|
":email" => $_GET["email"]
|
||||||
|
]);
|
||||||
|
$u = $q->fetch();
|
||||||
|
if(!$u["verified"] && $u){
|
||||||
|
email("Nuovo Account", 'Grazie per esserti registratə su MordApp<br /><a class="w3-btn w3-teal" href="https://mordapp.altervista.org/app/1/?action=verifyFirst&token=' . $u["emailToken"] . '">Verifica il mio account</a>', $u["email"], $u["name"]);
|
||||||
|
?>
|
||||||
|
|
||||||
|
<html>
|
||||||
|
<title>Mordapp</title>
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||||
|
<link rel="stylesheet" href="https://www.w3schools.com/w3css/4/w3.css">
|
||||||
|
<link rel="stylesheet" href="https://www.w3schools.com/lib/w3-theme-teal.css">
|
||||||
|
<h1>Email re-inviata</h1>
|
||||||
|
<a href=".">OK</a>
|
||||||
|
</html>
|
||||||
|
<?php
|
||||||
|
}
|
||||||
|
elseif($_POST["action"]=="chpass"){
|
||||||
|
$q = $p->prepare("UPDATE Users SET passwordHash=:ph, emailToken=:ett WHERE emailToken=:et ");
|
||||||
|
$q->execute([
|
||||||
|
":ph" => password_hash($_POST["password"],PASSWORD_DEFAULT),
|
||||||
|
":et" => $_POST["tk"],
|
||||||
|
":ett" => bin2hex(random_bytes(16))
|
||||||
|
]);
|
||||||
|
http_response_code(302);
|
||||||
|
header("Location: .");
|
||||||
|
}
|
||||||
|
elseif(!empty($_GET["recover"])){
|
||||||
|
?>
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html>
|
||||||
|
<title>Mordapp</title>
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||||
|
<link rel="stylesheet" href="https://www.w3schools.com/w3css/4/w3.css">
|
||||||
|
<link rel="stylesheet" href="https://www.w3schools.com/lib/w3-theme-teal.css">
|
||||||
|
<h1>Recupero password</h1> <br />
|
||||||
|
<form method="POST">
|
||||||
|
<input type="password" name="password" placeholder="Nuova password" class="w3-input">
|
||||||
|
<input type="hidden" name="action" value="chpass" >
|
||||||
|
<input type="submit" value="Salva" class="w3-btn">
|
||||||
|
<input type="hidden" name="tk" value="<?php echo htmlentities($_GET["recover"]);?>" >
|
||||||
|
</form>
|
||||||
|
</html>
|
||||||
|
<?php
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
if(empty($_GET["email"])){
|
||||||
|
http_response_code(302);
|
||||||
|
header("Location: .");
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
if(!$u) die("Errore");
|
||||||
|
$tk=bin2hex(random_bytes(16));
|
||||||
|
$q = $p->prepare("UPDATE Users SET emailToken=:et WHERE email=:email");
|
||||||
|
$q->execute([
|
||||||
|
":email" => $_GET["email"],
|
||||||
|
":et" => $tk
|
||||||
|
]);
|
||||||
|
|
||||||
|
email("Recupero Account", 'Devi recuperare la tua password?<br /><a class="w3-btn w3-teal" href="https://mordapp.altervista.org/app/1/resend.php?recover='.$tk.'">Recupera il mio account</a>', $u["email"], $u["name"]);
|
||||||
|
?>
|
||||||
|
<html>
|
||||||
|
<title>Mordapp</title>
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||||
|
<link rel="stylesheet" href="https://www.w3schools.com/w3css/4/w3.css">
|
||||||
|
<link rel="stylesheet" href="https://www.w3schools.com/lib/w3-theme-teal.css">
|
||||||
|
<h1>Email inviata</h1>
|
||||||
|
<a href=".">OK</a>
|
||||||
|
</html>
|
||||||
|
<?php
|
||||||
|
}
|
40
ui.php
40
ui.php
|
@ -44,6 +44,18 @@ function UIauth($append = "")
|
||||||
</p>
|
</p>
|
||||||
</form>
|
</form>
|
||||||
|
|
||||||
|
<form class="w3-container w3-card-4" method="GET" action="resend.php">
|
||||||
|
<input type="hidden" name="action" value="signIn">
|
||||||
|
<h2 class="w3-text-teal">Recupera account</h2>
|
||||||
|
<p>
|
||||||
|
<label class="w3-text-teal"><b>Email </b></label>
|
||||||
|
<input class="w3-input w3-border" name="email" type="email" requried>
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
|
<button class="w3-btn w3-teal">Recupera</button>
|
||||||
|
</p>
|
||||||
|
</form>
|
||||||
|
|
||||||
<form class="w3-container w3-card-4" method="POST" action="">
|
<form class="w3-container w3-card-4" method="POST" action="">
|
||||||
<input type="hidden" name="action" value="signUp">
|
<input type="hidden" name="action" value="signUp">
|
||||||
<h2 class="w3-text-teal">Registrazione</h2>
|
<h2 class="w3-text-teal">Registrazione</h2>
|
||||||
|
@ -153,7 +165,7 @@ function UIsignedUp($data)
|
||||||
return UIauth("<h2 style=\"color:red\">Occorre una email @liceococito.it</h2>");
|
return UIauth("<h2 style=\"color:red\">Occorre una email @liceococito.it</h2>");
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
email("Nuovo Account", 'Grazie per esserti registratə su MordApp<br /><a class="w3-btn w3-teal" href="http://127.0.0.1:9999/?action=verifyFirst&token=' . $res . '">Verifica il mio account</a>', $data["email"], $data["name"]);
|
email("Nuovo Account", 'Grazie per esserti registratə su MordApp<br /><a class="w3-btn w3-teal" href="https://mordapp.altervista.org/app/1/?action=verifyFirst&token=' . $res . '">Verifica il mio account</a>', $data["email"], $data["name"]);
|
||||||
?>
|
?>
|
||||||
<div class="w3-container w3-padding-32 w3-theme-d1">
|
<div class="w3-container w3-padding-32 w3-theme-d1">
|
||||||
<h1>Mordapp</h1>
|
<h1>Mordapp</h1>
|
||||||
|
@ -506,10 +518,9 @@ function editOrder($token, $orderId)
|
||||||
<br />
|
<br />
|
||||||
<br />
|
<br />
|
||||||
<?php
|
<?php
|
||||||
if($new){
|
if ($new) {
|
||||||
?><input type="submit" class="w3-button w3-teal w3-right" value="Ordina"><?php
|
?><input type="submit" class="w3-button w3-teal w3-right" value="Ordina"><?php
|
||||||
}
|
} else {
|
||||||
else{
|
|
||||||
?><input type="submit" class="w3-button w3-teal w3-right" value="Aggiorna"><?php
|
?><input type="submit" class="w3-button w3-teal w3-right" value="Aggiorna"><?php
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
|
@ -619,18 +630,24 @@ function manageAccount($token)
|
||||||
foreach ($GLOBALS["classesWhitelist"] as $wle) {
|
foreach ($GLOBALS["classesWhitelist"] as $wle) {
|
||||||
if ($wle == "Docenti") {
|
if ($wle == "Docenti") {
|
||||||
?>
|
?>
|
||||||
<option value="teacher" <?php if($u["classe"]==$wle){ echo "selected";} ?>><?php echo htmlentities($wle); ?></option>
|
<option value="teacher" <?php if ($u["classe"] == $wle) {
|
||||||
|
echo "selected";
|
||||||
|
} ?>><?php echo htmlentities($wle); ?></option>
|
||||||
<?php
|
<?php
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
if ($wle == "altro") {
|
if ($wle == "altro") {
|
||||||
?>
|
?>
|
||||||
<option value="other" <?php if($u["classe"]==$wle){ echo "selected";} ?>>Altro</option>
|
<option value="other" <?php if ($u["classe"] == $wle) {
|
||||||
|
echo "selected";
|
||||||
|
} ?>>Altro</option>
|
||||||
<?php
|
<?php
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
<option value="<?php echo htmlentities($wle); ?>" <?php if($u["classe"]==$wle){ echo "selected";} ?>><?php echo htmlentities($wle); ?></option>
|
<option value="<?php echo htmlentities($wle); ?>" <?php if ($u["classe"] == $wle) {
|
||||||
|
echo "selected";
|
||||||
|
} ?>><?php echo htmlentities($wle); ?></option>
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -641,6 +658,11 @@ function manageAccount($token)
|
||||||
<button class="w3-btn w3-teal">Salva</button>
|
<button class="w3-btn w3-teal">Salva</button>
|
||||||
</p>
|
</p>
|
||||||
</form>
|
</form>
|
||||||
|
<form class="w3-container w3-card-4" method="POST" onsubmit="return confirm('Questa azione è irreversibile');">
|
||||||
|
<input type="hidden" name="action" value="deleteMe">
|
||||||
|
<input type="hidden" name="sessionToken" value="<?php echo htmlentities($token); ?>">
|
||||||
|
<input type="submit" class="w3-btn w3-red" value="Elimina account">
|
||||||
|
</form>
|
||||||
<br />
|
<br />
|
||||||
<?php
|
<?php
|
||||||
}
|
}
|
||||||
|
@ -1273,11 +1295,11 @@ function dishesStaff($token, $add = "")
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
title: "Nome",
|
title: "Nome",
|
||||||
editor:true,
|
editor: true,
|
||||||
field: "name",
|
field: "name",
|
||||||
}, {
|
}, {
|
||||||
title: "Prezzo Totale",
|
title: "Prezzo Totale",
|
||||||
editor:true,
|
editor: true,
|
||||||
field: "price",
|
field: "price",
|
||||||
formatter: "money",
|
formatter: "money",
|
||||||
formatterParams: {
|
formatterParams: {
|
||||||
|
|
Reference in New Issue
Block a user