modules/index/include/newpass.php
defbfa55
 <?php
c208bd90
 /*
 This file belongs to the Webinterface of schokokeks.org Hosting
 
cf54502a
 Written 2008-2018 by schokokeks.org Hosting, namely
c208bd90
   Bernd Wurst <bernd@schokokeks.org>
   Hanno Böck <hanno@schokokeks.org>
 
 To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.
 
2626dd47
 You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see
c208bd90
 http://creativecommons.org/publicdomain/zero/1.0/
 
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
 */
defbfa55
 
 require_once('session/checkuser.php');
 
02e4157a
 function user_customer_match($cust, $user)
 {
2626dd47
     $args = array(":cid" => $cust,
d9034228
                 ":user" => $user);
2626dd47
     $result = db_query("SELECT uid FROM system.useraccounts WHERE kunde=:cid AND username=:user AND kundenaccount=1", $args);
     if ($result->rowCount() > 0) {
         return true;
     }
     return false;
02e4157a
 }
 
2626dd47
 function find_username($input)
6dc51ba4
 {
2626dd47
     $args = array(":user" => $input);
     $result = db_query("SELECT username FROM system.useraccounts WHERE username=:user AND kundenaccount=1", $args);
     if ($result->rowCount() > 0) {
         $line = $result->fetch();
         return $line['username'];
     } else {
         return false;
     }
6dc51ba4
 }
02e4157a
 
defbfa55
 function customer_has_email($customerno, $email)
 {
2626dd47
     $args = array(":cid" => $customerno,
d9034228
                 ":email" => $email);
2626dd47
     $result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id=:cid AND (email=:email OR email_extern=:email OR email_rechnung=:email)", $args);
     return ($result->rowCount() > 0);
defbfa55
 }
 
 
 function validate_token($customerno, $token)
 {
2626dd47
     expire_tokens();
     $args = array(":cid" => $customerno,
d9034228
                 ":token" => $token);
2626dd47
     $result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id=:cid AND token=:token", $args);
     return ($result->rowCount() > 0);
defbfa55
 }
 
 
2626dd47
 function get_uid_for_token($token)
e31e3e4d
 {
2626dd47
     expire_tokens();
     $result = db_query("SELECT uid FROM system.usertoken WHERE token=?", array($token));
     if ($result->rowCount() == 0) {
         return null;
     }
     $data = $result->fetch();
     return $data['uid'];
e31e3e4d
 }
 
2626dd47
 function get_username_for_uid($uid)
64ea2c9c
 {
2626dd47
     $result = db_query("SELECT username FROM system.useraccounts WHERE uid=?", array($uid));
     if ($result->rowCount() != 1) {
         system_failure("Unexpected number of users with this uid (!= 1)!");
     }
     $item = $result->fetch();
     return $item['username'];
64ea2c9c
 }
 
fbdb9942
 function validate_uid_token($uid, $token)
 {
2626dd47
     expire_tokens();
     $args = array(":uid" => $uid,
d9034228
                 ":token" => $token);
2626dd47
     $result = db_query("SELECT NULL FROM system.usertoken WHERE uid=:uid AND token=:token", $args);
     return ($result->rowCount() > 0);
fbdb9942
 }
 
 
defbfa55
 function expire_tokens()
 {
2626dd47
     $expire = "1 DAY";
     db_query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE token_create < NOW() - INTERVAL {$expire};");
     db_query("DELETE FROM system.usertoken WHERE expire < NOW();");
defbfa55
 }
 
 function invalidate_customer_token($customerno)
 {
2626dd47
     db_query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE id=?", array($customerno));
defbfa55
 }
9086c9ad
 
fbdb9942
 function invalidate_systemuser_token($uid)
 {
2626dd47
     db_query("DELETE FROM system.usertoken WHERE uid=?", array($uid));
fbdb9942
 }
9086c9ad
 
02e4157a
 function create_token($username)
defbfa55
 {
2626dd47
     expire_tokens();
     $result = db_query("SELECT uid FROM system.useraccounts WHERE username=?", array($username));
     $uid = (int) $result->fetch()['uid'];
9086c9ad
 
2626dd47
     $result = db_query("SELECT created FROM system.usertoken WHERE uid=?", array($uid));
     if ($result->rowCount() > 0) {
         system_failure("Für Ihr Benutzerkonto ist bereits eine Passwort-Erinnerung versendet worden. Bitte wenden Sie sich an den Support wenn Sie diese nicht erhalten haben.");
     }
9086c9ad
 
2626dd47
     $args = array(":uid" => $uid,
d9034228
                 ":token" => random_string(16));
2626dd47
     db_query("INSERT INTO system.usertoken VALUES (:uid, NOW(), NOW() + INTERVAL 1 DAY, :token)", $args);
     return true;
defbfa55
 }
 
 
02e4157a
 function emailaddress_for_user($username)
 {
2626dd47
     $result = db_query("SELECT k.email FROM kundendaten.kunden AS k INNER JOIN system.useraccounts AS u ON (u.kunde=k.id) WHERE u.username=?", array($username));
     $data = $result->fetch();
     return $data['email'];
02e4157a
 }
 
 
defbfa55
 function get_customer_token($customerno)
 {
2626dd47
     expire_tokens();
     $result = db_query("SELECT token FROM kundendaten.kunden WHERE id=? AND token IS NOT NULL", array($customerno));
     if ($result->rowCount() < 1) {
         system_failure("Kann das Token nicht auslesen!");
     }
     return $result->fetch(PDO::FETCH_OBJ)->token;
defbfa55
 }
 
 
2626dd47
 function get_user_token($username)
02e4157a
 {
2626dd47
     $result = db_query("SELECT token FROM system.usertoken AS t INNER JOIN system.useraccounts AS u USING (uid) WHERE username=?", array($username));
     $tmp = $result->fetch();
     return $tmp['token'];
02e4157a
 }