Added account deletion and password recovery
This commit is contained in:
parent
a2b0e641f9
commit
fd99756330
|
@ -31,6 +31,9 @@ require("ui.php");
|
|||
<link rel="preload" as="script" href="https://cdn.iubenda.com/cs/tcf/stub-v2.js"/>
|
||||
<script src="https://cdn.iubenda.com/cs/tcf/stub-v2.js"></script>
|
||||
<script>
|
||||
if (location.protocol !== 'https:') {
|
||||
location.replace(`https:${location.href.substring(location.protocol.length)}`);
|
||||
}
|
||||
(_iub=self._iub||[]).csConfiguration={
|
||||
cookiePolicyId: 16543360,
|
||||
siteId: 2323189,
|
||||
|
@ -190,6 +193,11 @@ require("ui.php");
|
|||
case "menuSTAFF":
|
||||
dishesStaff($_POST["sessionToken"]);
|
||||
break;
|
||||
case "deleteMe":
|
||||
$r=deleteMe($_POST["sessionToken"]);
|
||||
if(!$r) mainMenu($_POST["sessionToken"], '<h2 style="color:green">Errore</h2>');
|
||||
else UIauth();
|
||||
break;
|
||||
case "processDishes":
|
||||
if(!$newView){
|
||||
mainMenu($_POST["sessionToken"]);
|
||||
|
|
16
lib.php
16
lib.php
|
@ -8,7 +8,7 @@ if (!function_exists('str_contains')) {
|
|||
|
||||
function pdomake()
|
||||
{
|
||||
return new PDO("sqlite:07abd9b090f514cbce89b2a932b2ec9f/db.db");
|
||||
return new PDO("sqlite:07abd9b090f514cbce89b2a932b2ec9f/f.sqlite3");
|
||||
}
|
||||
$GLOBALS["classesWhitelist"] = [
|
||||
"1A",
|
||||
|
@ -629,7 +629,8 @@ function processDishes($data)
|
|||
return true;
|
||||
}
|
||||
|
||||
function newViewCheck($token,$view){
|
||||
function newViewCheck($token,$view)
|
||||
{
|
||||
if(empty($token) || empty($view)) return "EMPTY";
|
||||
$p = pdomake();
|
||||
$q = $p->prepare("SELECT * FROM Users WHERE token=:token");
|
||||
|
@ -646,3 +647,14 @@ function newViewCheck($token,$view){
|
|||
]);
|
||||
return true;
|
||||
}
|
||||
|
||||
function deleteMe($token)
|
||||
{
|
||||
$u = use_token($token);
|
||||
$p = pdomake();
|
||||
if ($u == null || $u["isStaff"]) return false;
|
||||
$q = $p->prepare("DELETE FROM Users WHERE token=:token");
|
||||
$q->execute([
|
||||
":token" => $token
|
||||
]);
|
||||
}
|
||||
|
|
76
resend.php
Normal file
76
resend.php
Normal file
|
@ -0,0 +1,76 @@
|
|||
<?php
|
||||
require("lib.php");
|
||||
$p = pdomake();
|
||||
$q = $p->prepare("SELECT * FROM Users WHERE email=:email");
|
||||
$q->execute([
|
||||
":email" => $_GET["email"]
|
||||
]);
|
||||
$u = $q->fetch();
|
||||
if(!$u["verified"] && $u){
|
||||
email("Nuovo Account", 'Grazie per esserti registratə su MordApp<br /><a class="w3-btn w3-teal" href="https://mordapp.altervista.org/app/1/?action=verifyFirst&token=' . $u["emailToken"] . '">Verifica il mio account</a>', $u["email"], $u["name"]);
|
||||
?>
|
||||
|
||||
<html>
|
||||
<title>Mordapp</title>
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
<link rel="stylesheet" href="https://www.w3schools.com/w3css/4/w3.css">
|
||||
<link rel="stylesheet" href="https://www.w3schools.com/lib/w3-theme-teal.css">
|
||||
<h1>Email re-inviata</h1>
|
||||
<a href=".">OK</a>
|
||||
</html>
|
||||
<?php
|
||||
}
|
||||
elseif($_POST["action"]=="chpass"){
|
||||
$q = $p->prepare("UPDATE Users SET passwordHash=:ph, emailToken=:ett WHERE emailToken=:et ");
|
||||
$q->execute([
|
||||
":ph" => password_hash($_POST["password"],PASSWORD_DEFAULT),
|
||||
":et" => $_POST["tk"],
|
||||
":ett" => bin2hex(random_bytes(16))
|
||||
]);
|
||||
http_response_code(302);
|
||||
header("Location: .");
|
||||
}
|
||||
elseif(!empty($_GET["recover"])){
|
||||
?>
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
<title>Mordapp</title>
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
<link rel="stylesheet" href="https://www.w3schools.com/w3css/4/w3.css">
|
||||
<link rel="stylesheet" href="https://www.w3schools.com/lib/w3-theme-teal.css">
|
||||
<h1>Recupero password</h1> <br />
|
||||
<form method="POST">
|
||||
<input type="password" name="password" placeholder="Nuova password" class="w3-input">
|
||||
<input type="hidden" name="action" value="chpass" >
|
||||
<input type="submit" value="Salva" class="w3-btn">
|
||||
<input type="hidden" name="tk" value="<?php echo htmlentities($_GET["recover"]);?>" >
|
||||
</form>
|
||||
</html>
|
||||
<?php
|
||||
}
|
||||
else{
|
||||
if(empty($_GET["email"])){
|
||||
http_response_code(302);
|
||||
header("Location: .");
|
||||
exit;
|
||||
}
|
||||
if(!$u) die("Errore");
|
||||
$tk=bin2hex(random_bytes(16));
|
||||
$q = $p->prepare("UPDATE Users SET emailToken=:et WHERE email=:email");
|
||||
$q->execute([
|
||||
":email" => $_GET["email"],
|
||||
":et" => $tk
|
||||
]);
|
||||
|
||||
email("Recupero Account", 'Devi recuperare la tua password?<br /><a class="w3-btn w3-teal" href="https://mordapp.altervista.org/app/1/resend.php?recover='.$tk.'">Recupera il mio account</a>', $u["email"], $u["name"]);
|
||||
?>
|
||||
<html>
|
||||
<title>Mordapp</title>
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
<link rel="stylesheet" href="https://www.w3schools.com/w3css/4/w3.css">
|
||||
<link rel="stylesheet" href="https://www.w3schools.com/lib/w3-theme-teal.css">
|
||||
<h1>Email inviata</h1>
|
||||
<a href=".">OK</a>
|
||||
</html>
|
||||
<?php
|
||||
}
|
40
ui.php
40
ui.php
|
@ -44,6 +44,18 @@ function UIauth($append = "")
|
|||
</p>
|
||||
</form>
|
||||
|
||||
<form class="w3-container w3-card-4" method="GET" action="resend.php">
|
||||
<input type="hidden" name="action" value="signIn">
|
||||
<h2 class="w3-text-teal">Recupera account</h2>
|
||||
<p>
|
||||
<label class="w3-text-teal"><b>Email </b></label>
|
||||
<input class="w3-input w3-border" name="email" type="email" requried>
|
||||
</p>
|
||||
<p>
|
||||
<button class="w3-btn w3-teal">Recupera</button>
|
||||
</p>
|
||||
</form>
|
||||
|
||||
<form class="w3-container w3-card-4" method="POST" action="">
|
||||
<input type="hidden" name="action" value="signUp">
|
||||
<h2 class="w3-text-teal">Registrazione</h2>
|
||||
|
@ -153,7 +165,7 @@ function UIsignedUp($data)
|
|||
return UIauth("<h2 style=\"color:red\">Occorre una email @liceococito.it</h2>");
|
||||
break;
|
||||
}
|
||||
email("Nuovo Account", 'Grazie per esserti registratə su MordApp<br /><a class="w3-btn w3-teal" href="http://127.0.0.1:9999/?action=verifyFirst&token=' . $res . '">Verifica il mio account</a>', $data["email"], $data["name"]);
|
||||
email("Nuovo Account", 'Grazie per esserti registratə su MordApp<br /><a class="w3-btn w3-teal" href="https://mordapp.altervista.org/app/1/?action=verifyFirst&token=' . $res . '">Verifica il mio account</a>', $data["email"], $data["name"]);
|
||||
?>
|
||||
<div class="w3-container w3-padding-32 w3-theme-d1">
|
||||
<h1>Mordapp</h1>
|
||||
|
@ -506,10 +518,9 @@ function editOrder($token, $orderId)
|
|||
<br />
|
||||
<br />
|
||||
<?php
|
||||
if($new){
|
||||
if ($new) {
|
||||
?><input type="submit" class="w3-button w3-teal w3-right" value="Ordina"><?php
|
||||
}
|
||||
else{
|
||||
} else {
|
||||
?><input type="submit" class="w3-button w3-teal w3-right" value="Aggiorna"><?php
|
||||
}
|
||||
?>
|
||||
|
@ -619,18 +630,24 @@ function manageAccount($token)
|
|||
foreach ($GLOBALS["classesWhitelist"] as $wle) {
|
||||
if ($wle == "Docenti") {
|
||||
?>
|
||||
<option value="teacher" <?php if($u["classe"]==$wle){ echo "selected";} ?>><?php echo htmlentities($wle); ?></option>
|
||||
<option value="teacher" <?php if ($u["classe"] == $wle) {
|
||||
echo "selected";
|
||||
} ?>><?php echo htmlentities($wle); ?></option>
|
||||
<?php
|
||||
continue;
|
||||
}
|
||||
if ($wle == "altro") {
|
||||
?>
|
||||
<option value="other" <?php if($u["classe"]==$wle){ echo "selected";} ?>>Altro</option>
|
||||
<option value="other" <?php if ($u["classe"] == $wle) {
|
||||
echo "selected";
|
||||
} ?>>Altro</option>
|
||||
<?php
|
||||
continue;
|
||||
}
|
||||
?>
|
||||
<option value="<?php echo htmlentities($wle); ?>" <?php if($u["classe"]==$wle){ echo "selected";} ?>><?php echo htmlentities($wle); ?></option>
|
||||
<option value="<?php echo htmlentities($wle); ?>" <?php if ($u["classe"] == $wle) {
|
||||
echo "selected";
|
||||
} ?>><?php echo htmlentities($wle); ?></option>
|
||||
<?php
|
||||
|
||||
}
|
||||
|
@ -641,6 +658,11 @@ function manageAccount($token)
|
|||
<button class="w3-btn w3-teal">Salva</button>
|
||||
</p>
|
||||
</form>
|
||||
<form class="w3-container w3-card-4" method="POST" onsubmit="return confirm('Questa azione è irreversibile');">
|
||||
<input type="hidden" name="action" value="deleteMe">
|
||||
<input type="hidden" name="sessionToken" value="<?php echo htmlentities($token); ?>">
|
||||
<input type="submit" class="w3-btn w3-red" value="Elimina account">
|
||||
</form>
|
||||
<br />
|
||||
<?php
|
||||
}
|
||||
|
@ -1273,11 +1295,11 @@ function dishesStaff($token, $add = "")
|
|||
},
|
||||
{
|
||||
title: "Nome",
|
||||
editor:true,
|
||||
editor: true,
|
||||
field: "name",
|
||||
}, {
|
||||
title: "Prezzo Totale",
|
||||
editor:true,
|
||||
editor: true,
|
||||
field: "price",
|
||||
formatter: "money",
|
||||
formatterParams: {
|
||||
|
|
Reference in New Issue
Block a user