pcwvanbeers/assetmgt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

CIM68 - Disentangle username from email

Browse Source
This commit is contained in:
“VeLiTi”
2024-04-16 15:28:00 +02:00
parent 87c4569966
commit 0f8ba5fbde
6 changed files with 6 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
api/v1/authorization.php
View File

@@ -52,6 +52,7 @@ if ($stmt->rowCount() == 1) {
$user = array(
'id' => $user_data['id'],
'username' => $user_data['username'],
'email' => $user_data['email'],
'salesID' => $user_data['salesID'],
'partnerhierarchy' => $user_data['partnerhierarchy'],
'permission' => $permission,

67
api/v1/get/authorization.php
View File

@@ -1,67 +0,0 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Get user_details
//------------------------------------------
$user_credentials = json_decode(decode_payload($input),true);
//Connect to DB
$pdo = dbConnect($dbname);
$username = $user_credentials['username'];
//Define Query
$stmt = $pdo->prepare('SELECT id, username, password, salesID, partnerhierarchy, view, service, settings, lastlogin, userkey, language FROM users WHERE username = ?');
//Excute Query
$stmt->execute([$username]);
// Check if username exists. Verify user exists then verify
if ($stmt->rowCount() == 1) {
$user_data = $stmt->fetch();
$permission = userRights($user_data['view']);
$profile = getProfile($user_data['settings'],$permission);
$password = $user_credentials['password'];
if (array_key_exists('resetkey', $user_credentials)){
//Reset procedure
//STEP 1.A- Create resetkey
$headers = array('alg'=>'HS256','typ'=>'JWT');
$payload = array('username'=>$user_data['username'], 'exp'=>(time() + 1800));
$resetkey = generate_jwt($headers, $payload);
//STEP 1.B Store in DB
$sql = 'UPDATE users SET resetkey = ? WHERE id = ?';
$stmt = $pdo->prepare($sql);
$stmt->execute([$resetkey,$user_data['id']]);
//STEP 2- Send to user
include_once './assets/mail/email_template_reset.php';
send_mail($user_data['username'],$subject,$message,'','');
} else { //STANDARD LOGIN
if (password_verify($password, $user_data['password'])) {
$token = createCommunicationToken($user_data['service']);
$user = array(
'id' => $user_data['id'],
'username' => $user_data['username'],
'salesID' => $user_data['salesID'],
'partnerhierarchy' => $user_data['partnerhierarchy'],
'permission' => $permission,
'profile' => $profile,
'service' => $user_data['service'],
'userkey' => $user_data['userkey'],
'language' => $user_data['language'],
'token' => $token
);
//Encrypt results
$messages = generate_payload($user);
//Send results
print_r($messages);
} else {
http_response_code(403); //Not authorized
}
}
}
else
{
http_response_code(403);//Not authorized
}
?>

2
api/v1/post/profile.php
View File

@@ -41,6 +41,6 @@ $owner_user = (($user_data['username'] == $username)? 1 : 0);
$stmt->execute([$resetkey,$id]);
//STEP 3 - Send to user
include_once './assets/mail/email_template_reset.php';
send_mail($user_data['username'],$subject,$message,'','');
send_mail($user_data['email'],$subject,$message,'','');
}
}

4
api/v1/post/users.php
View File

@@ -116,7 +116,7 @@ if ($permission == 3 || $permission == 4){
$stmt->execute([$resetkey,$id]);
//STEP 3 - Send to user
include_once './assets/mail/email_template_reset.php';
send_mail($user_data['username'],$subject,$message,'','');
send_mail($user_data['email'],$subject,$message,'','');
}
$accounthierarchy = json_encode($account, JSON_UNESCAPED_UNICODE);
@@ -236,7 +236,7 @@ elseif ($command == 'insert' && isAllowed('user',$profile,$permission,'C') === 1
$resetkey = generate_jwt($headers, $payload);
//STEP 2- Send to user
include_once './assets/mail/email_template_new.php';
send_mail($post_content['username'],$subject,$message,'','');
send_mail($post_content['email'],$subject,$message,'','');
} else {
//Encrypt results
$messages = generate_payload($exists);

2
assets/functions.php
View File

@@ -263,7 +263,7 @@ EOT;
function template_footer($js_script = '') {
$js_script = $js_script ? '<script>' . $js_script . '</script>' : '';
$lancode = $_SESSION['language'] ?? 'US';
$user_mail = $_SESSION['username'] ?? '';
$user_mail = $_SESSION['email'] ?? '';
$veliti_cim = '';
if (veliti_cim){
$veliti_cim = '<iframe src="https://change.veliti.nl/request_popup.php?language='.$lancode.'&email='.$user_mail.'" style="border: solid 1px;border-radius: 5px;min-width:400px;min-height:400px;"></iframe>';

1
login.php
View File

@@ -60,6 +60,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$_SESSION['loggedin'] = true;
$_SESSION['id'] = $responses->id;
$_SESSION['username'] = $responses->username;
$_SESSION['email'] = $responses->email;
$_SESSION['salesID'] = $responses->salesID;
$_SESSION['partnerhierarchy'] = $responses->partnerhierarchy; //clean;
$_SESSION['permission'] = $responses->permission;