Added account deletion and password recovery

This commit is contained in:
MatMasIt 2021-08-13 18:52:11 +02:00 committed by GitHub
parent a2b0e641f9
commit fd99756330
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 135 additions and 17 deletions

View File

@ -31,6 +31,9 @@ require("ui.php");
<link rel="preload" as="script" href="https://cdn.iubenda.com/cs/tcf/stub-v2.js"/> <link rel="preload" as="script" href="https://cdn.iubenda.com/cs/tcf/stub-v2.js"/>
<script src="https://cdn.iubenda.com/cs/tcf/stub-v2.js"></script> <script src="https://cdn.iubenda.com/cs/tcf/stub-v2.js"></script>
<script> <script>
if (location.protocol !== 'https:') {
location.replace(`https:${location.href.substring(location.protocol.length)}`);
}
(_iub=self._iub||[]).csConfiguration={ (_iub=self._iub||[]).csConfiguration={
cookiePolicyId: 16543360, cookiePolicyId: 16543360,
siteId: 2323189, siteId: 2323189,
@ -190,6 +193,11 @@ require("ui.php");
case "menuSTAFF": case "menuSTAFF":
dishesStaff($_POST["sessionToken"]); dishesStaff($_POST["sessionToken"]);
break; break;
case "deleteMe":
$r=deleteMe($_POST["sessionToken"]);
if(!$r) mainMenu($_POST["sessionToken"], '<h2 style="color:green">Errore</h2>');
else UIauth();
break;
case "processDishes": case "processDishes":
if(!$newView){ if(!$newView){
mainMenu($_POST["sessionToken"]); mainMenu($_POST["sessionToken"]);
@ -216,4 +224,4 @@ require("ui.php");
</body> </body>
</html> </html>

16
lib.php
View File

@ -8,7 +8,7 @@ if (!function_exists('str_contains')) {
function pdomake() function pdomake()
{ {
return new PDO("sqlite:07abd9b090f514cbce89b2a932b2ec9f/db.db"); return new PDO("sqlite:07abd9b090f514cbce89b2a932b2ec9f/f.sqlite3");
} }
$GLOBALS["classesWhitelist"] = [ $GLOBALS["classesWhitelist"] = [
"1A", "1A",
@ -629,7 +629,8 @@ function processDishes($data)
return true; return true;
} }
function newViewCheck($token,$view){ function newViewCheck($token,$view)
{
if(empty($token) || empty($view)) return "EMPTY"; if(empty($token) || empty($view)) return "EMPTY";
$p = pdomake(); $p = pdomake();
$q = $p->prepare("SELECT * FROM Users WHERE token=:token"); $q = $p->prepare("SELECT * FROM Users WHERE token=:token");
@ -646,3 +647,14 @@ function newViewCheck($token,$view){
]); ]);
return true; return true;
} }
function deleteMe($token)
{
$u = use_token($token);
$p = pdomake();
if ($u == null || $u["isStaff"]) return false;
$q = $p->prepare("DELETE FROM Users WHERE token=:token");
$q->execute([
":token" => $token
]);
}

76
resend.php Normal file
View File

@ -0,0 +1,76 @@
<?php
require("lib.php");
$p = pdomake();
$q = $p->prepare("SELECT * FROM Users WHERE email=:email");
$q->execute([
":email" => $_GET["email"]
]);
$u = $q->fetch();
if(!$u["verified"] && $u){
email("Nuovo Account", 'Grazie per esserti registratə su MordApp<br /><a class="w3-btn w3-teal" href="https://mordapp.altervista.org/app/1/?action=verifyFirst&token=' . $u["emailToken"] . '">Verifica il mio account</a>', $u["email"], $u["name"]);
?>
<html>
<title>Mordapp</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="https://www.w3schools.com/w3css/4/w3.css">
<link rel="stylesheet" href="https://www.w3schools.com/lib/w3-theme-teal.css">
<h1>Email re-inviata</h1>
<a href=".">OK</a>
</html>
<?php
}
elseif($_POST["action"]=="chpass"){
$q = $p->prepare("UPDATE Users SET passwordHash=:ph, emailToken=:ett WHERE emailToken=:et ");
$q->execute([
":ph" => password_hash($_POST["password"],PASSWORD_DEFAULT),
":et" => $_POST["tk"],
":ett" => bin2hex(random_bytes(16))
]);
http_response_code(302);
header("Location: .");
}
elseif(!empty($_GET["recover"])){
?>
<!DOCTYPE html>
<html>
<title>Mordapp</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="https://www.w3schools.com/w3css/4/w3.css">
<link rel="stylesheet" href="https://www.w3schools.com/lib/w3-theme-teal.css">
<h1>Recupero password</h1> <br />
<form method="POST">
<input type="password" name="password" placeholder="Nuova password" class="w3-input">
<input type="hidden" name="action" value="chpass" >
<input type="submit" value="Salva" class="w3-btn">
<input type="hidden" name="tk" value="<?php echo htmlentities($_GET["recover"]);?>" >
</form>
</html>
<?php
}
else{
if(empty($_GET["email"])){
http_response_code(302);
header("Location: .");
exit;
}
if(!$u) die("Errore");
$tk=bin2hex(random_bytes(16));
$q = $p->prepare("UPDATE Users SET emailToken=:et WHERE email=:email");
$q->execute([
":email" => $_GET["email"],
":et" => $tk
]);
email("Recupero Account", 'Devi recuperare la tua password?<br /><a class="w3-btn w3-teal" href="https://mordapp.altervista.org/app/1/resend.php?recover='.$tk.'">Recupera il mio account</a>', $u["email"], $u["name"]);
?>
<html>
<title>Mordapp</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="https://www.w3schools.com/w3css/4/w3.css">
<link rel="stylesheet" href="https://www.w3schools.com/lib/w3-theme-teal.css">
<h1>Email inviata</h1>
<a href=".">OK</a>
</html>
<?php
}

50
ui.php
View File

@ -43,6 +43,18 @@ function UIauth($append = "")
<button class="w3-btn w3-teal">Accedi</button> <button class="w3-btn w3-teal">Accedi</button>
</p> </p>
</form> </form>
<form class="w3-container w3-card-4" method="GET" action="resend.php">
<input type="hidden" name="action" value="signIn">
<h2 class="w3-text-teal">Recupera account</h2>
<p>
<label class="w3-text-teal"><b>Email </b></label>
<input class="w3-input w3-border" name="email" type="email" requried>
</p>
<p>
<button class="w3-btn w3-teal">Recupera</button>
</p>
</form>
<form class="w3-container w3-card-4" method="POST" action=""> <form class="w3-container w3-card-4" method="POST" action="">
<input type="hidden" name="action" value="signUp"> <input type="hidden" name="action" value="signUp">
@ -153,7 +165,7 @@ function UIsignedUp($data)
return UIauth("<h2 style=\"color:red\">Occorre una email @liceococito.it</h2>"); return UIauth("<h2 style=\"color:red\">Occorre una email @liceococito.it</h2>");
break; break;
} }
email("Nuovo Account", 'Grazie per esserti registratə su MordApp<br /><a class="w3-btn w3-teal" href="http://127.0.0.1:9999/?action=verifyFirst&token=' . $res . '">Verifica il mio account</a>', $data["email"], $data["name"]); email("Nuovo Account", 'Grazie per esserti registratə su MordApp<br /><a class="w3-btn w3-teal" href="https://mordapp.altervista.org/app/1/?action=verifyFirst&token=' . $res . '">Verifica il mio account</a>', $data["email"], $data["name"]);
?> ?>
<div class="w3-container w3-padding-32 w3-theme-d1"> <div class="w3-container w3-padding-32 w3-theme-d1">
<h1>Mordapp</h1> <h1>Mordapp</h1>
@ -506,13 +518,12 @@ function editOrder($token, $orderId)
<br /> <br />
<br /> <br />
<?php <?php
if($new){ if ($new) {
?><input type="submit" class="w3-button w3-teal w3-right" value="Ordina"><?php ?><input type="submit" class="w3-button w3-teal w3-right" value="Ordina"><?php
} } else {
else{ ?><input type="submit" class="w3-button w3-teal w3-right" value="Aggiorna"><?php
?><input type="submit" class="w3-button w3-teal w3-right" value="Aggiorna"><?php }
} ?>
?>
<br /> <br />
<br /> <br />
<br /> <br />
@ -619,18 +630,24 @@ function manageAccount($token)
foreach ($GLOBALS["classesWhitelist"] as $wle) { foreach ($GLOBALS["classesWhitelist"] as $wle) {
if ($wle == "Docenti") { if ($wle == "Docenti") {
?> ?>
<option value="teacher" <?php if($u["classe"]==$wle){ echo "selected";} ?>><?php echo htmlentities($wle); ?></option> <option value="teacher" <?php if ($u["classe"] == $wle) {
echo "selected";
} ?>><?php echo htmlentities($wle); ?></option>
<?php <?php
continue; continue;
} }
if ($wle == "altro") { if ($wle == "altro") {
?> ?>
<option value="other" <?php if($u["classe"]==$wle){ echo "selected";} ?>>Altro</option> <option value="other" <?php if ($u["classe"] == $wle) {
echo "selected";
} ?>>Altro</option>
<?php <?php
continue; continue;
} }
?> ?>
<option value="<?php echo htmlentities($wle); ?>" <?php if($u["classe"]==$wle){ echo "selected";} ?>><?php echo htmlentities($wle); ?></option> <option value="<?php echo htmlentities($wle); ?>" <?php if ($u["classe"] == $wle) {
echo "selected";
} ?>><?php echo htmlentities($wle); ?></option>
<?php <?php
} }
@ -641,6 +658,11 @@ function manageAccount($token)
<button class="w3-btn w3-teal">Salva</button> <button class="w3-btn w3-teal">Salva</button>
</p> </p>
</form> </form>
<form class="w3-container w3-card-4" method="POST" onsubmit="return confirm('Questa azione è irreversibile');">
<input type="hidden" name="action" value="deleteMe">
<input type="hidden" name="sessionToken" value="<?php echo htmlentities($token); ?>">
<input type="submit" class="w3-btn w3-red" value="Elimina account">
</form>
<br /> <br />
<?php <?php
} }
@ -1273,11 +1295,11 @@ function dishesStaff($token, $add = "")
}, },
{ {
title: "Nome", title: "Nome",
editor:true, editor: true,
field: "name", field: "name",
}, { }, {
title: "Prezzo Totale", title: "Prezzo Totale",
editor:true, editor: true,
field: "price", field: "price",
formatter: "money", formatter: "money",
formatterParams: { formatterParams: {
@ -1296,4 +1318,4 @@ function dishesStaff($token, $add = "")
}); });
</script> </script>
<?php <?php
} }