· 5 years ago · Mar 07, 2020, 09:58 AM
1<?php
2$action = 'forgot_pass';
3
4switch ($action) {
5 case
6 'forgot_pass':
7 try {
8 $validEmailAddress = ensureValidEmailAddress($_POST['email']);
9 $validCaptcha = isValidCaptcha($_POST['g-recaptcha-response']);
10
11 $pdo->beginTransaction();
12
13 $userFromDB = getUserFromDBByEmail($pdo, $validEmailAddress);
14 updateUserTokenInDB($validEmailAddress);
15
16 $mailSentSuccessfully = sendEmail($_POST['email']);
17
18 $pdo->commit();
19
20 $_SESSION['msg'] = "Please check your email";
21 $_SESSION['alert'] = "alert alert-success";
22 header("location: ../view_forgot_password.php");
23 }
24 // this one catches the email and captcha validation
25 catch (\Exception $e) {
26 $_SESSION['msg'] = $e->getMessage();
27 $_SESSION['alert'] = "alert alert-danger";
28 header("location: ../view_forgot_password.php");
29 }
30 catch (\PDOException $e) {
31 $pdo->rollBack();
32
33 $_SESSION['msg'] = $e->getMessage();
34 $_SESSION['alert'] = "alert alert-danger";
35 header("location: ../view_forgot_password.php");
36 }
37
38 break;
39}
40
41function ensureValidEmailAddress(string $address): string
42{
43 // do validation here and throw exception if necessary
44 // NOTE: a more specific Exception would be better
45 if(false){
46 throw new Exception('Invalid e-mail');
47 }
48
49 return $address;
50}
51
52function sendEmail(string $recipientEmailAddress)
53{
54 $mail = new PHPMailer(true);
55 $mail->SMTPOptions = array(
56 'ssl' => array(
57 'verify_peer' => false,
58 'verify_peer_name' => false,
59 'allow_self_signed' => true,
60 ),
61 );
62
63 $mail->SMTPDebug = 2;
64 $mail->Mailer = "smtp";
65 $mail->Host = "tls://smtp.gmail.com:587";
66 $mail->SMTPAuth = true;
67 $mail->Username = "renielgames@gmail.com";
68 $mail->Password = "Vaynelord1";
69 $mail->SMTPSecure = "tls";
70 $mail->Port = 587;
71
72 //Recipients
73 $mail->setFrom("habeasventuresinc@gmail.com");
74 $mail->addAddress($recipientEmailAddress);
75
76 // Content
77 $mail->isHTML(true);
78 $mail->Subject = "Change Email";
79 $mail->Body = "<p>to change your email</p><a href='http://localhost/habeas_final/web/user/verify.php?token=$token'>Click here!</a>";
80 $mail->AltBody = "This is the body in plain text for non-HTML mail clients";
81
82 $mailSentSuccessfully = $mail->send();
83
84 if(! $mailSentSuccessfully){
85 throw new \Exception('Mail did not send successfully');
86 }
87
88 return $mailSentSuccessfully;
89}
90
91function isValidCaptcha(string $responseKey): bool
92{
93 $secretKey = "<secret>";
94 $url = "https://www.google.com/recaptcha/api/siteverify?secret=$secretKey&response=$responseKey";
95 $response = file_get_contents($url);
96 $res = json_decode($response);
97 $res1 = $res->success;
98
99 if ($res1 !== "1"){
100 // note: a more specific Exception type would be better
101 throw new Exception('Invalid captcha. Try again');
102 }
103
104 return true;
105}
106
107function getUserFromDBByEmail(PDO $pdo, string $validEmailAddress)
108{
109 $sql = "SELECT * FROM user WHERE email = :email";
110 $stmt = $pdo->prepare($sql);
111
112 $userFromDB = $stmt->execute(['email' => $validEmailAddress]);
113 if (! $userFromDB) {
114 throw new \PDOException('Something went wrong');
115 }
116
117 // when no user was found in the db
118 if ($stmt->rowCount() <= 0) {
119 throw new \PDOException('Something went wrong');
120 }
121
122 return $userFromDB;
123}
124
125function updateUserTokenInDB($pdo, $validEmailAddress): void
126{
127 $token = md5(time() . $validEmailAddress);
128 $query1 = "UPDATE user SET token = :token WHERE email = :email LIMIT 1";
129 $qstmt = $pdo->prepare($query1);
130
131 if (!$qstmt->execute(['token' => $token, 'email' => $validEmailAddress])) {
132 throw new \PDOException('Something went wrong');
133 }
134}