hedera-web/rest/core/recover-password.php

67 lines
1.4 KiB
PHP
Raw Normal View History

2016-09-06 14:25:02 +00:00
<?php
require_once ('vn/web/json-request.php');
class RecoverPassword extends Vn\Web\JsonRequest
{
const PARAMS = ['user'];
const LOWERS = 'abcdefghijklmnopqrstuvwxyz';
const UPPERS = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
const DIGITS = '1234567890';
const SYMBOLS = '!$%&()=.';
function run ($db)
{
$isEnabled = $db->getValue (
'SELECT active FROM account.user WHERE name = #',
[$_REQUEST['user']]);
if (!$isEnabled)
return TRUE;
$restrictions = $db->getRow (
'SELECT length, nupper, ndigits, npunct FROM account.user_password');
$pass = [];
$newPass = '';
$nAlpha = $restrictions['length'] - (
$restrictions['nupper'] +
$restrictions['ndigits'] +
$restrictions['npunct']);
$this->genRands ($pass, self::LOWERS, $nAlpha);
$this->genRands ($pass, self::UPPERS, $restrictions['nupper']);
$this->genRands ($pass, self::DIGITS, $restrictions['ndigits']);
$this->genRands ($pass, self::SYMBOLS, $restrictions['npunct']);
for ($i = count ($pass) - 1; $i >= 0; $i--)
{
$rand = rand (0, $i);
$newPass .= $pass[$rand];
array_splice ($pass, $rand, 1);
}
// XXX: Debug
error_log ($newPass);
return TRUE;
$db->query (
2016-09-19 06:40:18 +00:00
'UPDATE account.user SET password = MD5(#) WHERE name = #',
2016-09-06 14:25:02 +00:00
[$randomPass, $_REQUEST['user']]);
return TRUE;
}
function genRands (&$pass, $chars, $max)
{
$len = strlen ($chars) - 1;
for ($i = 0; $i < $max; $i++)
$pass[] = $chars[rand (0, $len)];
}
}
?>