class ChangePassword{ private $_errors = array(); public function __co

1. class ChangePassword{
2.  
3. private $_errors = array();
4.  
5. public function __construct(){
6.  
7. require_once 'PasswordHash.php';
8. require_once 'ValidateData.php';
9. require_once 'SqlQueryController.php';
10.  
11. if(isset($_POST['resetPassword'])){
12. /**
13. * @param associative array
14. * stripAllWhiteSpaces will remove ALL white spaces.
15. * example: $stringBefore = ' this is an example';
16. * $stringAfter = 'thisisanexample';
17. */
18. $credentials = ValidateData::stripAllWhiteSpaces(array('passwordCurrent' => $_POST['passwordCurrent'],
19. 'passwordNew' => $_POST['passwordNew'],
20. 'passwordNewAgain'=> $_POST['passwordNewAgain']
21. )
22. );
23. $this->doResetPassword($credentials);
24. }
25. }
26.  
27. public function doResetPassword($credentials){
28. /**
29. * @bool returns true if value is empty
30. */
31. if(ValidateData::isEmpty($credentials)){
32.  
33. $_errors[] = '<p>Some fields are empty</p>';
34.  
35. } else {
36.  
37. if($credentials['passwordNew'] != $credentials['passwordNewAgain']){
38. $_errors[] = '<p>Passwords do not match.</p>';
39. }
40.  
41. if($credentials['passwordNew'] == $credentials['passwordCurrent']){
42. $_errors[] = '<p>Your new password cannot be the same as your old password.</p>';
43. }
44.  
45. /**
46. * @bool
47. * Example of valid password: Thequickbrown200!
48. */
49. if( ! ValidateData::pregMatch('/^(?=.*d)(?=.*[A-Za-z])[0-9A-Za-z!@#$%]{5,200}$/', $credentials['passwordNew'])){
50. $_errors[] = '<p>The password must be between 5 and 200 characters long, must contain at least one number, at least one letter and at least one non Alphanumeric character.</p>';
51. }
52.  
53. }
54.  
55. if( ! empty($_errors)){
56. foreach($_errors as $error){
57. echo $error;
58. }
59. return;
60. }
61.  
62. $this->insertPassword($credentials);
63. $_SESSION = array();
64. session_destroy();
65. }
66.  
67. public function insertPassword($credentials){
68.  
69. $passwordHash = new PasswordHash();
70.  
71. $hashedPassword = $passwordHash->hashPassword($credentials['passwordNew']);
72.  
73. $usernameId = $_SESSION['id'];
74.  
75. $sqlQueryController = new SqlQueryController();
76.  
77. $query = "UPDATE users_table
78. SET login_password=:passwordNew
79. WHERE login_id=:usernameId";
80.  
81. $array = array(':passwordNew' => $hashedPassword,
82. ':usernameId' => $usernameId);
83.  
84. if($sqlQueryController->runQueryExecute($query, $array)){
85. echo '<p>Successfully changed the password</p>';
86. } else {
87. echo '<p>An error occurred while changing the password</p>';
88. }
89.  
90. }
91.  
92. }
93.  
94. <?php
95.  
96. class Login{
97. public function __construct(){
98.  
99. require_once 'PasswordHash.php';
100. require_once 'SqlQueryController.php';
101. require_once 'ValidateData.php';
102.  
103. if(isset($_POST['login'])){
104. /**
105. * @param associative array
106. * stripAllWhiteSpaces will remove ALL white spaces.
107. * example: $stringBefore = ' this is an example';
108. * $stringAfter = 'thisisanexample';
109. */
110. $credentials = ValidateData::stripAllWhiteSpaces(array('username' => $_POST['username'],
111. 'password' => $_POST['password']
112. )
113. );
114.  
115. $this->doLogin($credentials);
116. }
117. }
118.  
119. /**
120. * Log in with post data
121. */
122. public function doLogin($credentials){
123. if( ! ValidateData::isEmpty($credentials)){
124.  
125. $passwordHash = new PasswordHash();
126.  
127. $sqlQueryController = new SqlQueryController();
128.  
129. $query = "SELECT login_password
130. FROM users_table
131. WHERE login_username=:username
132. LIMIT 1";
133.  
134. $array = array(':username' => $credentials['username']);
135. /**
136. * @param associative array
137. * return an associative array using PDO's fetch();
138. */
139. $hash = $sqlQueryController->runQueryFetch($query, $array);
140.  
141. /**
142. * @bool
143. * verifies password based on the $hash
144. * and the password provided by the user
145. */
146. $passwordVerify = $passwordHash->verifyPassword($credentials['password'], $hash['login_password']);
147.  
148. $query = "SELECT login_username, login_id
149. FROM users_table
150. WHERE login_username=:username LIMIT 1";
151.  
152. $array = array(':username' => $credentials['username']);
153.  
154. $userVerify = $sqlQueryController->runQueryFetch($query, $array);
155.  
156. if(($passwordVerify == 1) && ($userVerify['login_username'] == $credentials['username'])){
157.  
158. /**
159. * Great, the user's logged in
160. * Time to set the session and redirect him
161. */
162. $_SESSION['id'] = $userVerify['login_id'];
163. $_SESSION['username'] = $userVerify['login_username'];
164.  
165. #session_write_close();
166. header('Location: logged_in.php');
167. die();
168. } else {
169. echo '<p> The username or password do not match any registered users.</p>';
170. }
171. } else {
172. echo '<p> You must fill in all fields.</p>';
173. }
174. }
175. }
176.  
177. <?php
178.  
179. class RecoverPassword{
180.  
181. public function __construct(){
182.  
183. require_once 'PasswordHash.php';
184. require_once 'SendMailRecoverPassword.php';
185. require_once 'ValidateData.php';
186. require_once 'SqlQueryController.php';
187.  
188. if(isset($_POST['recoverPassword'])){
189. /**
190. * @param associative array
191. * stripAllWhiteSpaces will remove ALL white spaces.
192. * example: $stringBefore = ' this is an example';
193. * $stringAfter = 'thisisanexample';
194. */
195. $credentials = ValidateData::stripAllWhiteSpaces(array('email' => $_POST['email']
196. )
197. );
198. $this->doRecoverPassword($credentials);
199. }
200. }
201.  
202. public function doRecoverPassword($credentials){
203.  
204. if(ValidateData::validateEmail($credentials['email'])){
205.  
206. $sqlQueryController = new SqlQueryController();
207.  
208. $query = "SELECT login_email
209. FROM users_table
210. WHERE login_email=:email LIMIT 1";
211. $array = array(':email' => $credentials['email']);
212.  
213. $emailExist = $sqlQueryController->runQueryFetchAssoc($query, $array);
214.  
215. if($emailExist){
216.  
217. /**
218. * If a proper SMTP is not configured, the password
219. * will not be changed and the page will die
220. * with a user friendly error.
221. * A more useful error can be found in the log fiels
222. * The __construct() of the class is built
223. * in such a way that it will throw the exception and die
224. * after. Point is, don't move this further down the page
225. * or the password WILL be changed but the email will NOT
226. * be sent if the SMTP is not configured!
227. */
228. $swift = new SendMailRecoverPassword();
229.  
230. $passwordHash = new PasswordHash();
231.  
232. /*
233. * Create a random string of letteres and numbers
234. * This will be the users new password
235. */
236. $randomPassword = str_shuffle('abcdefghijklmnopqrstqwxz0123456789ABCDEFGHIJKLMNOPQRSTWXZ');
237.  
238. /**
239. * Hash the random string
240. */
241. $newPassword = $passwordHash->hashPassword($randomPassword);
242.  
243. /**
244. * Update the new hashed password
245. * replacing the old password
246. */
247. $query = "UPDATE users_table
248. SET login_password=:password
249. WHERE login_email=:email LIMIT 1";
250. $array = array(':password' => $newPassword,
251. ':email' => $credentials['email']);
252.  
253. $sqlQueryController->runQueryExecute($query, $array);
254.  
255. /**
256. * Create the message
257. */
258. $swift->createMessage($randomPassword, $credentials['email']);
259.  
260. /**
261. * Return the newly created message
262. */
263. $message = $swift->getMessage();
264.  
265. /**
266. * Send the message
267. */
268. if($swift->sendMessage($message)){
269. echo '<p>Check your inbox for the new password. Your old password will no longer work</p>';
270. }
271.  
272. } else {
273. echo '<p>Email doesn't exist!</p>';
274. }
275.  
276. } else {
277. echo '<p>Email is invalid</p>';
278. }
279.  
280. }
281. }
282.  
283. /**
284. * Create the message
285. */
286. $swift->createMessage($randomPassword, $credentials['email']);
287.  
288. /**
289. * Return the newly created message
290. */
291. $message = $swift->getMessage();
292.  
293. /**
294. * Send the message
295. */
296. if($swift->sendMessage($message)){
297. echo '<p>Check your inbox for the new password. Your old password will no longer work</p>';
298. }
299.  
300. /**
301. * @param associative array
302. * stripAllWhiteSpaces will remove ALL white spaces.
303. * example: $stringBefore = ' this is an example';
304. * $stringAfter = 'thisisanexample';
305. */
306. $credentials = ValidateData::stripAllWhiteSpaces(.....
307.  
308. /**
309. * @bool returns true if value is empty
310. */
311. if(ValidateData::isEmpty($credentials)){
312.  
313. public static function doRecoverPassword($credentials) {
314. if (!ValidateData::validateEmail(…)) {
315. echo '<p>Email is invalid</p>';
316. return;
317. }
318. $sqlQueryController = …;
319. …
320. if (!$emailExist) {
321. echo "<p>Email doesn't exist!</p>";
322. return;
323. }
324. …
325. if (!$swift->sendMessage($message)) {
326. echo '<p>Failed to send message</p>';
327. return;
328. }
329. echo '<p>Check your inbox…</p>';
330. }