-
Notifications
You must be signed in to change notification settings - Fork 0
/
resetauth.php
142 lines (128 loc) · 5.2 KB
/
resetauth.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
<?php
require_once('./myid.php');
session_start();
try {
$strcode = array(PDO::MYSQL_ATTR_INIT_COMMAND=>"SET CHARACTER SET 'utf8'");
$dbh = new PDO('mysql:host='.DB_HOST.';dbname='.DB_NAME, DB_ID, DB_PASS, $strcode);
$dbh->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
} catch (PDOException $e) {
$errorMessage = 'データベースへの接続に失敗しました.';
}
if(empty($_SESSION['token1']) || empty($_SESSION['token2'])){
if(empty($_GET['token1']) || empty($_GET['token2'])){
echo "認証できませんでした。再度手続きを行って下さい。";
exit(1);
}
$query = "SELECT * FROM ResetToken WHERE AuthKey = :authToken AND AuthPri = :privateToken";
$stmt = $dbh->prepare($query);
$stmt->bindParam(':authToken', $_GET['token1'], PDO::PARAM_STR);
$stmt->bindParam(':privateToken', $_GET['token2'], PDO::PARAM_STR);
$stmt->execute();
$result = $stmt->fetch();
if(empty($result['ID'])){
echo "認証できませんでした。再度手続きを行って下さい。";
exit(2);
}else{
if(strtotime($result['expired']) < time()){
echo "有効期限切れです。再度手続きを行って下さい。";
exit(2);
}
}
}
if(empty($_SESSION['token1']) || empty($_SESSION['token2'])){
$_SESSION['token1'] = $_GET['token1'];
$_SESSION['token2'] = $_GET['token2'];
}
$errorMessage = '';
if (isset($_POST["changePassword"])) {
if (empty($_POST["newPassword"])) {
$errorMessage = 'パスワードが入力されていません.';
} else if (empty($_POST["verifyPassword"])) {
$errorMessage = 'パスワード(確認)が入力されていません.';
}
if ($_POST["newPassword"] == $_POST["verifyPassword"]) {
$query = "SELECT * FROM ResetToken WHERE AuthKey = :authToken AND AuthPri = :privateToken";
$stmt = $dbh->prepare($query);
$stmt->bindParam(':authToken', $_SESSION['token1'], PDO::PARAM_STR);
$stmt->bindParam(':privateToken', $_SESSION['token2'], PDO::PARAM_STR);
$stmt->execute();
$result = $stmt->fetch();
if((strtotime($result['expired']) < time()) || empty($result['ID'])){
echo "有効期限切れです。再度手続きを行って下さい。";
exit(2);
}
$newPassword = password_hash($_POST["newPassword"], PASSWORD_DEFAULT);
$userSelector = $result['UserID'];
$query = "UPDATE AdminUsers SET Password = :newPassword WHERE ID = :UserID";
$stmt = $dbh->prepare($query);
$stmt->bindParam(':newPassword', $newPassword, PDO::PARAM_STR);
$stmt->bindParam(':UserID', $userSelector, PDO::PARAM_INT);
$stmt->execute();
$query = "DELETE FROM ResetToken WHERE UserID = :UserID";
$stmt = $dbh->prepare($query);
$stmt->bindParam(':UserID', $userSelector, PDO::PARAM_INT);
$stmt->execute();
header("Location: ./complete.php");
exit(0);
}
}
?>
<!doctype html>
<html>
<head>
<meta charset="UTF-8">
<title>パスワードリセット</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="css/materialize.min.css">
<link rel="stylesheet" type="text/css" href="css/whitestyle.css">
<link href="https://fonts.googleapis.com/icon?family=Material+Icons" rel="stylesheet">
<script type="text/javascript" src="js/jquery-3.3.1.min.js"></script>
<script type="text/javascript" src="js/materialize.min.js"></script>
<script>
$(document).ready(function() {
M.updateTextFields();
});
</script>
</head>
<?php
if($errorMessage!=null){
echo '
<div class="row">
<div class="col s12 m12 pink lighten-5">
<h5 class="valign-wrapper">
<i style="font-size: 2.5rem;" class="material-icons orange-text text-darken-5">warning</i>
<font class="red-text">';
echo " " . htmlspecialchars($errorMessage, ENT_QUOTES);
echo '</font>
</h5>
</div>
</div>
';
}
?>
<div class="loginForm">
<div class="centering">
<p class="image"><img src="img/logo.png" style="height:50px;weight:auto;"/></p>
</div>
<form class="col s12 m12 card blue-grey lighten-5" id="loginForm" name="loginForm" action="" method="POST" style="padding:10px;">
<div class="card-content grey-text text-darken-4">
<span class="card-title">パスワードリセット</span>
<div class="row">
<div class="input-field col">
<i class="material-icons prefix">vpn_key</i>
<input type="password" id="newPassword" name="newPassword" class="validate" value="<?php
if (!empty($_POST["newPassword"])) {echo htmlspecialchars($_POST["newPassword"], ENT_QUOTES);} ?>" required>
<label for="newPassword" class="active">新パスワード</label>
</div>
<div class="input-field col">
<i class="material-icons prefix">vpn_key</i>
<input type="password" id="verifyPassword" name="verifyPassword" value="" required>
<label for="verifyPassword" class="active">新パスワード(確認)</label>
</div>
<button class="btn waves-effect waves-ligh right" type="submit" id="changePassword" name="changePassword">パスワードを変更</button>
</div>
</div>
</form>
</div>
</body>
</html>