added forgot/reset password feature
This commit is contained in:
@@ -0,0 +1,393 @@
|
||||
<?php
|
||||
|
||||
// ====================
|
||||
// Authentication Class
|
||||
// ====================
|
||||
|
||||
require_once "vendor/autoload.php";
|
||||
|
||||
use PHPMailer\PHPMailer\PHPMailer;
|
||||
use PHPMailer\PHPMailer\Exception;
|
||||
|
||||
class Authentication {
|
||||
|
||||
// Variables
|
||||
|
||||
private $settings = "";
|
||||
private $ghrconnection = "";
|
||||
|
||||
// =================
|
||||
// Class Constructor
|
||||
// =================
|
||||
|
||||
public function __construct() {
|
||||
|
||||
// Get Settings
|
||||
|
||||
$this->settings = new SimpleXMLElement((file_exists("xml/settings.xml") ? file_get_contents("xml/settings.xml") : "<settings/>"));
|
||||
|
||||
if ($this->settings->count() === 0) {
|
||||
|
||||
error_log("GHR Authentication Class : Unable to initialize settings");
|
||||
exit();
|
||||
}
|
||||
|
||||
// Open Database Connections
|
||||
$this->ghrconnection = $this->connect();
|
||||
}
|
||||
|
||||
// ======================================
|
||||
// Return a GHR MySQL Database Connection
|
||||
// ======================================
|
||||
|
||||
public function connect() {
|
||||
|
||||
if ($this->settings->Environment == 'Production') {
|
||||
$host = 'localhost';
|
||||
} else {
|
||||
$host = '192.168.1.190';
|
||||
$host = '100.67.215.67';
|
||||
}
|
||||
|
||||
try {
|
||||
|
||||
$database = (string) ($this->settings->DatabaseName ?? "");
|
||||
$user = (string) ($this->settings->DatabaseUser ?? "");
|
||||
$password = (string) ($this->settings->DatabasePassword ?? "");
|
||||
|
||||
$connection = new PDO("mysql:host={$host};dbname={$database};charset=utf8", $user, $password);
|
||||
|
||||
$connection->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
||||
} catch (PDOException | Exception $e) {
|
||||
|
||||
$this->debug($e->getMessage());
|
||||
exit();
|
||||
}
|
||||
|
||||
return $connection;
|
||||
}
|
||||
|
||||
// ========================
|
||||
// Generate Random Password
|
||||
// ========================
|
||||
|
||||
private function generateRandomPassword($length = 12) {
|
||||
|
||||
$characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!@#$%^&*()-_+=';
|
||||
$password = '';
|
||||
|
||||
for ($i = 0; $i < $length; $i++) {
|
||||
$index = rand(0, strlen($characters) - 1);
|
||||
$password .= $characters[$index];
|
||||
}
|
||||
|
||||
return $password;
|
||||
}
|
||||
|
||||
// ===============
|
||||
// Debug an Object
|
||||
// ===============
|
||||
|
||||
private function debug($object = "") {
|
||||
|
||||
echo "<pre>";
|
||||
print_r($object);
|
||||
exit();
|
||||
}
|
||||
|
||||
// ==============
|
||||
// Reset Password
|
||||
// ==============
|
||||
|
||||
public function resetPassword() {
|
||||
|
||||
$username = filter_input(INPUT_POST, "user_name") ?: "";
|
||||
|
||||
if (empty($username)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$exists = $this->userExists($username);
|
||||
|
||||
if (!$exists) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$user = $this->getUser($username);
|
||||
|
||||
$password = $this->resetUsersPassword($user->record->user_serial);
|
||||
|
||||
$this->emailUserPasswordResetLink($user, $password);
|
||||
$this->journalEntry("{$username} reset their password.");
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
// ===========
|
||||
// User Exists
|
||||
// ===========
|
||||
|
||||
private function userExists($username) {
|
||||
|
||||
$SQL = 'select user_name from view_users where user_name = :username';
|
||||
|
||||
$statement = $this->ghrconnection->prepare($SQL);
|
||||
$statement->bindValue(':username', $username, PDO::PARAM_STR);
|
||||
$statement->execute();
|
||||
|
||||
$user = $statement->fetch(PDO::FETCH_ASSOC);
|
||||
|
||||
return ($user !== false);
|
||||
}
|
||||
|
||||
// =================
|
||||
// Get a User Object
|
||||
// =================
|
||||
|
||||
private function getUser($username) {
|
||||
|
||||
$SQL = 'select user_serial, user_name, user_email from view_users where user_name = :username';
|
||||
|
||||
$statement = $this->ghrconnection->prepare($SQL);
|
||||
$statement->bindValue(':username', $username, PDO::PARAM_STR);
|
||||
$statement->execute();
|
||||
|
||||
$user = $statement->fetch(PDO::FETCH_ASSOC);
|
||||
|
||||
$xml = new SimpleXMLElement('<users/>');
|
||||
$record = $xml->addChild('record');
|
||||
|
||||
$this->arrayToXml($user, $record);
|
||||
|
||||
return $xml;
|
||||
}
|
||||
|
||||
private function arrayToXml(array $data, SimpleXMLElement $xml): void {
|
||||
foreach ($data as $key => $value) {
|
||||
$key = is_numeric($key) ? 'item' : $key;
|
||||
|
||||
if (is_array($value)) {
|
||||
$child = $xml->addChild($key);
|
||||
$this->arrayToXml($value, $child);
|
||||
} else {
|
||||
$xml->addChild($key, htmlspecialchars((string) $value));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// ========================
|
||||
// Reset the Users Password
|
||||
// ========================
|
||||
|
||||
private function resetUsersPassword($user_serial) {
|
||||
|
||||
$user_random_password = $this->generateRandomPassword();
|
||||
$user_temp_password = password_hash($user_random_password, PASSWORD_DEFAULT);
|
||||
|
||||
$SQL = "update users
|
||||
set user_password = :user_password,
|
||||
user_change_password = :user_change_password
|
||||
where user_serial = :user_serial";
|
||||
|
||||
$statement = $this->ghrconnection->prepare($SQL);
|
||||
|
||||
$statement->bindValue(":user_serial", $user_serial);
|
||||
$statement->bindValue(":user_password", $user_temp_password);
|
||||
$statement->bindValue(":user_change_password", 1);
|
||||
|
||||
$statement->execute();
|
||||
|
||||
return $user_random_password;
|
||||
}
|
||||
|
||||
// =================================
|
||||
// Email a users Password Reset Link
|
||||
// =================================
|
||||
|
||||
public function emailUserPasswordResetLink($user, $password) {
|
||||
|
||||
if (!$user instanceof SimpleXMLElement) {
|
||||
return;
|
||||
}
|
||||
|
||||
// Prepare the email.
|
||||
|
||||
$XSLParms['USER-TEMP-PASSWORD'] = $password;
|
||||
|
||||
$to = $user->record->user_email;
|
||||
$subject = "DEC International DMS - Password Reset Request";
|
||||
$message = $this->applyXSL($user, $this->getXSL("emailPasswordResetLink"), $XSLParms);
|
||||
|
||||
// Send the Email
|
||||
$this->sendEmail($to, $subject, $message);
|
||||
}
|
||||
|
||||
// =======================================
|
||||
// Send an email with optional attachments
|
||||
// =======================================
|
||||
|
||||
public function sendEmail($to = "", $subject = "", $message = "", $attachments = "", $attachment_names = "unknown") {
|
||||
|
||||
if (empty($to) or empty($subject) or empty($message)) {
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
$SmtpHost = $this->settings->SmtpServer;
|
||||
$SmtpUsername = $this->settings->SmtpUserName;
|
||||
$SmtpPassword = $this->settings->SmtpPassword;
|
||||
$SmtpPort = $this->settings->SmtpPort;
|
||||
|
||||
$email = new PHPMailer(true);
|
||||
|
||||
// Only for development
|
||||
|
||||
$message = "<span style='font-family: Calibri, Arial, sans-serif;'>" . $message . "</span>";
|
||||
|
||||
try {
|
||||
|
||||
//Server settings
|
||||
$email->isSMTP();
|
||||
$email->Host = $SmtpHost;
|
||||
$email->SMTPAuth = true;
|
||||
$email->Username = $SmtpUsername; // Your Gmail address
|
||||
$email->Password = $SmtpPassword; // App password from Google
|
||||
// $email->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS; // or 'tls'
|
||||
$email->Port = $SmtpPort;
|
||||
|
||||
$email->isHTML(true);
|
||||
$email->SetFrom("info@dec-international.com", "DEC-International");
|
||||
|
||||
if (is_array($to)) {
|
||||
foreach ($to as $address) {
|
||||
$address = trim(str_replace(" ", "", $address));
|
||||
if (empty($address)) {
|
||||
continue;
|
||||
}
|
||||
$email->addAddress($address);
|
||||
}
|
||||
} else {
|
||||
$email->addAddress($to);
|
||||
}
|
||||
|
||||
$email->Subject = $subject;
|
||||
$email->Body = $message;
|
||||
|
||||
if (is_array($attachments)) {
|
||||
foreach ($attachments as $index => $item) {
|
||||
if (!empty($item)) {
|
||||
$email->addStringAttachment($item, ($attachment_names[$index] ?? "unknown"));
|
||||
}
|
||||
}
|
||||
} else {
|
||||
if (!empty($attachments)) {
|
||||
$email->addStringAttachment($attachments, $attachment_names);
|
||||
}
|
||||
}
|
||||
|
||||
$success = $email->Send();
|
||||
} catch (phpMailerException $e) {
|
||||
|
||||
$this->journalEntry($e->errorMessage());
|
||||
$success = false;
|
||||
} catch (Exception $e) {
|
||||
|
||||
$this->journalEntry($e->getMessage());
|
||||
$success = false;
|
||||
}
|
||||
|
||||
return $success;
|
||||
}
|
||||
|
||||
// ======================
|
||||
// Create a Journal Entry
|
||||
// ======================
|
||||
|
||||
public function journalEntry($journal_entry = "") {
|
||||
|
||||
if (empty($journal_entry)) {
|
||||
return;
|
||||
}
|
||||
|
||||
$SQL = "insert into journal
|
||||
|
||||
( journal_origin,
|
||||
journal_ip,
|
||||
journal_entry )
|
||||
|
||||
VALUES ( :journal_origin,
|
||||
:journal_ip,
|
||||
:journal_entry )";
|
||||
|
||||
$statement = $this->ghrconnection->prepare($SQL);
|
||||
|
||||
$statement->bindValue(":journal_origin", "Authentication Class");
|
||||
$statement->bindValue(":journal_ip", $_SERVER["REMOTE_ADDR"] ?? "");
|
||||
$statement->bindValue(":journal_entry", $journal_entry);
|
||||
|
||||
$statement->execute();
|
||||
}
|
||||
|
||||
// ==========================================
|
||||
// Apply an XSL Stylesheet to an XML Document
|
||||
// ==========================================
|
||||
|
||||
public function applyXSL($XMLString = "", $XSLString = "", $XSLParms = "") {
|
||||
|
||||
if ($XMLString instanceof SimpleXMLElement) {
|
||||
$XMLString = $XMLString->asXML();
|
||||
}
|
||||
|
||||
if (empty($XSLString)) {
|
||||
trigger_error("No XSL Stylesheet provided.");
|
||||
}
|
||||
|
||||
if (!is_array($XSLParms)) {
|
||||
$XSLParms = array();
|
||||
}
|
||||
|
||||
$XSLParms["RANDOM_NUMBER"] = rand();
|
||||
$XSLParms["TODAY_YYYYMMDD"] = date("Y-m-d");
|
||||
$XSLParms["TODAY_MMDDYYYY"] = date("m/d/Y");
|
||||
$XSLParms["TODAY_HHMM"] = date("Hi");
|
||||
$XSLParms["COPYRIGHT"] = date("Y");
|
||||
|
||||
$XML = new DOMDocument();
|
||||
$XSL = new DOMDocument();
|
||||
$XSLT = new XSLTProcessor();
|
||||
|
||||
if ($XMLString) {
|
||||
$XML->loadXML($XMLString);
|
||||
}
|
||||
|
||||
if ($XSLString) {
|
||||
$XSL->loadXML($XSLString);
|
||||
}
|
||||
|
||||
$XSLT->importStylesheet($XSL);
|
||||
|
||||
if ($XSLParms) {
|
||||
$XSLT->setParameter("", $XSLParms);
|
||||
}
|
||||
|
||||
$document = $XSLT->transformToXml($XML);
|
||||
|
||||
return $document;
|
||||
}
|
||||
|
||||
// ========================
|
||||
// Return an XSL Stylesheet
|
||||
// ========================
|
||||
|
||||
public function getXSL($document = "") {
|
||||
|
||||
if (trim($document) == "") {
|
||||
return "";
|
||||
}
|
||||
|
||||
$document = "xsl/" . trim($document) . ".xsl";
|
||||
$XSL = (file_exists($document) ? file_get_contents($document) : "");
|
||||
|
||||
return $XSL;
|
||||
}
|
||||
}
|
||||
@@ -266,6 +266,18 @@ class Base {
|
||||
|
||||
$_SESSION[self::TODAY] = date("Y-m-d");
|
||||
|
||||
// Get the requested Action
|
||||
|
||||
$action = filter_input(INPUT_POST, "action") ?: "";
|
||||
$Xaction = filter_input(INPUT_GET, "Xaction") ?: "";
|
||||
|
||||
$action = (empty($Xaction) ? $action : $Xaction);
|
||||
|
||||
if ($Xaction == 'resetpassword') {
|
||||
$this->resetpassword();
|
||||
}
|
||||
|
||||
|
||||
// Login
|
||||
|
||||
if (($_SESSION[self::USER_AUTHENTICATED] ?? false) === false) {
|
||||
@@ -784,6 +796,23 @@ class Base {
|
||||
|
||||
exit();
|
||||
}
|
||||
|
||||
// =====================
|
||||
// Forgot/Reset Password
|
||||
// =====================
|
||||
|
||||
public function resetpassword() {
|
||||
|
||||
include_once 'classes/Authentication.php';
|
||||
|
||||
$reset = (new Authentication())->resetPassword() ? true : false;
|
||||
|
||||
$XSLParms["BTN_SUBMIT"] = "main.php?action=Users.signIn&step=authenticate";
|
||||
$XSLParms["RESET_PASSWORD_SUCCESSFUL"] = "TRUE";
|
||||
|
||||
echo $this->applyXSL("", $this->getXSL("signIn"), $XSLParms);
|
||||
die();
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
|
||||
@@ -53,6 +53,36 @@ $(document).ready(function () {
|
||||
|
||||
});
|
||||
|
||||
$(".btnForgot").on("click", function (e) {
|
||||
|
||||
e.preventDefault();
|
||||
$("#reset-password").submit();
|
||||
|
||||
});
|
||||
|
||||
// ---------------
|
||||
// Validate Inputs
|
||||
// ---------------
|
||||
|
||||
$("#reset-password").submit(function (e) {
|
||||
|
||||
clearInputErrors();
|
||||
|
||||
var user_name = $("#user_name");
|
||||
|
||||
user_name.val(user_name.val().replace(/\s+/g, " ").trim());
|
||||
|
||||
if (isBlank(user_name)) {
|
||||
createInputError(user_name, "User Name/Email is required to reset password");
|
||||
return false;
|
||||
}
|
||||
|
||||
$("#reset_user_name").val(user_name.val());
|
||||
|
||||
return true;
|
||||
|
||||
});
|
||||
|
||||
});
|
||||
|
||||
// --------------------------------
|
||||
|
||||
@@ -0,0 +1,43 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">
|
||||
<xsl:output method="html" encoding="utf-8" indent="yes"/>
|
||||
|
||||
<!-- Parameters -->
|
||||
|
||||
<xsl:param name="VERSION">2.0</xsl:param>
|
||||
<xsl:param name="MESSAGE"></xsl:param>
|
||||
<xsl:param name="PAGE-NAME">notice</xsl:param>
|
||||
|
||||
<xsl:template match="/">
|
||||
|
||||
<div class="notice" id="notice_page">
|
||||
|
||||
<div class="card">
|
||||
|
||||
<div class="card-header bg-warning text-white p-1 ps-3 border-bottom-0">
|
||||
<i class="bi bi-info-circle me-2" aria-hidden="true"/>
|
||||
System Message
|
||||
</div>
|
||||
|
||||
<div class="card-body text-left">
|
||||
|
||||
<div class="alert alert-warning">
|
||||
<b>Message: </b>
|
||||
<xsl:value-of select="$MESSAGE" disable-output-escaping="yes"/>
|
||||
</div>
|
||||
|
||||
<div class="buttons mt-2 mb-2">
|
||||
<a role="button" class="btn btn-sm btn-primary me-2 btnContinue">
|
||||
<i class="bi bi-box-arrow-right me-2"/>Continue</a>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
|
||||
</div>
|
||||
|
||||
</div>
|
||||
|
||||
</xsl:template>
|
||||
|
||||
</xsl:stylesheet>
|
||||
+16
-2
@@ -7,7 +7,9 @@
|
||||
<xsl:param name="PAGE_TITLE">Georgia Housing Report Sign In</xsl:param>
|
||||
<xsl:param name="FORM_NAME">signIn</xsl:param>
|
||||
<xsl:param name="BTN_SUBMIT"/>
|
||||
<xsl:param name="BTN_RESET_PASSWORD">?Xaction=resetpassword</xsl:param>
|
||||
<xsl:param name="INVALID_SIGNIN"/>
|
||||
<xsl:param name="RESET_PASSWORD_SUCCESSFUL"/>
|
||||
|
||||
<xsl:template match="/">
|
||||
<xsl:text disable-output-escaping="yes"><!DOCTYPE html></xsl:text>
|
||||
@@ -22,6 +24,8 @@
|
||||
<xsl:value-of select="$APPLICATION_NAME"/>
|
||||
</title>
|
||||
|
||||
<link rel="icon" type="image/x-icon" href="images/dec-international-logo.png"/>
|
||||
|
||||
<link href="css/themes/Spacelab/bootstrap.min.css?version={$VERSION}" rel="stylesheet" media="screen"/>
|
||||
<link href="css/bootstrap-icons.min.css?version={$VERSION}" rel="stylesheet" media="screen"/>
|
||||
<link href="css/signIn.css?version={$VERSION}" rel="stylesheet" media="screen"/>
|
||||
@@ -52,6 +56,12 @@
|
||||
</div>
|
||||
</xsl:if>
|
||||
|
||||
<xsl:if test="$RESET_PASSWORD_SUCCESSFUL = 'TRUE'">
|
||||
<div class="alert alert-danger">
|
||||
<xsl:text>If an account exists for the email address provided, you will receive an email containing a temporary password and a link to reset your password.</xsl:text>
|
||||
</div>
|
||||
</xsl:if>
|
||||
|
||||
<div class="form-group">
|
||||
<div class="input-group">
|
||||
<span class="input-group-text">
|
||||
@@ -72,9 +82,13 @@
|
||||
|
||||
</form>
|
||||
|
||||
<form action="{$BTN_RESET_PASSWORD}" name="reset-password" method="post" id="reset-password">
|
||||
<input type="hidden" id="reset_user_name" name="user_name"/>
|
||||
</form>
|
||||
|
||||
<div class="d-grid gap-2 col-11 mx-auto pb-3">
|
||||
<button class="btn btn-primary btn-sm btnSignIn">Sign In</button>
|
||||
<!--<a href="main.php?action=resetpassword" class="btn btn-secondary btn-sm btnForgot">Forgot Password</a>-->
|
||||
<button class="btn btn-secondary btn-sm btnForgot">Forgot/Reset Password</button>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
@@ -86,7 +100,7 @@
|
||||
<footer id="footer">
|
||||
|
||||
<div class="col text-center mt-3">
|
||||
<small class="text-muted pb-0">Unauthorized Access is Prohibitted</small>
|
||||
<small class="text-muted pb-0">Unauthorized Access is Prohibited</small>
|
||||
</div>
|
||||
|
||||
</footer>
|
||||
|
||||
Reference in New Issue
Block a user