Password generation/reset tool for WP:@ mail addresses
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

180 lines
3.9 KiB

2 years ago
  1. <?php
  2. function wmde_randomStr(
  3. $length,
  4. $keyspace = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ')
  5. {
  6. $pieces = [];
  7. $max = mb_strlen($keyspace, '8bit') - 1;
  8. for ($i = 0; $i < $length; ++$i) {
  9. $pieces []= $keyspace[random_int(0, $max)];
  10. }
  11. return implode('', $pieces);
  12. }
  13. function wmde_createPasswordResetSecret($community_id)
  14. {
  15. $rstr = wmde_randomStr(32);
  16. $sql = "INSERT INTO community_reset (community_reset_id, secret, valid_until) VALUES('$community_id','$rstr',NOW() + INTERVAL 1 DAY)";
  17. $rc = nuRunQuery($sql,[], true);
  18. if ($rc<0 )
  19. return false;
  20. return $rstr;
  21. }
  22. function wmde_deleteOldSecrets()
  23. {
  24. $sql = "DELETE from community_reset WHERE valid_until < NOW() ";
  25. nuRunQuery($sql);
  26. }
  27. function wmde_deleteSecret($secret)
  28. {
  29. $sql = "DELETE from community_reset WHERE secret = :secret ";
  30. nuRunQuery($sql,['secret'=>$secret]);
  31. }
  32. function wmde_getCommunityId( $email, $private = false )
  33. {
  34. if (!$private){
  35. $sql = "SELECT community.community_id FROM community LEFT JOIN community_mail ON
  36. community_mail.cmailkey = community.community_id WHERE
  37. community_mail.cmail = :cmail OR community.email = :email";
  38. $sqlargs = [':cmail'=>$email,':email'=>$email];
  39. }
  40. else {
  41. $sql = "SELECT community.community_id FROM community
  42. WHERE community.email = :email";
  43. $sqlargs = [':email'=>$email];
  44. }
  45. // echo "Cpommunity Query = $sql - $email\n";
  46. $t = nuRunQuery($sql, $sqlargs);
  47. // var_dump($t);
  48. $a = db_fetch_array($t);
  49. if ($a) {
  50. return $a['community_id'];
  51. }
  52. return null;
  53. }
  54. function showReset()
  55. {
  56. global $nuDB;
  57. $title = "WP:@ Passwort anfordern";
  58. include "email.tpl";
  59. /*<HTML>
  60. <body>
  61. <form method="POST">
  62. <label for="email" name="Email" value="E-Mail">E-Mail:</label>
  63. <input type = "email" name="email"/>
  64. <input type = "submit" value="Senden"/>
  65. </form>
  66. </body>
  67. </HTML>*/
  68. }
  69. function getpw()
  70. {
  71. global $nuDB;
  72. $sql = "SELECT * FROM community WHERE email = :email";
  73. $t = nuRunQuery($sql,[':email' => 'tube@surfpoeten.de']);
  74. var_dump($t);
  75. $a = db_fetch_array($t);
  76. var_dump($a);
  77. }
  78. function wmde_getWikiMails($community_id)
  79. {
  80. $sql = "SELECT cmail FROM community LEFT JOIN community_mail ON
  81. community_mail.cmailkey = community.community_id WHERE
  82. community.community_id = :community_id";
  83. $t = nuRunQuery($sql,[':community_id' => $community_id]);
  84. $mails = array();
  85. while ( $a = db_fetch_array($t) )
  86. {
  87. array_push($mails,$a['cmail']);
  88. }
  89. return $mails;
  90. }
  91. function wmde_setPass($community_id,$password)
  92. {
  93. $pass = password_hash($password,PASSWORD_BCRYPT );
  94. $sql = "UPDATE community SET pass='$pass' WHERE community_id = :id";
  95. // echo "SQL: $sql\n";
  96. $t = nuRunQuery($sql,[':id' => $community_id],true);
  97. // var_dump($t);
  98. return $t;
  99. }
  100. function wmde_getCommunityIdBySecret($secret)
  101. {
  102. $sql = "SELECT community_reset_id FROM community_reset WHERE secret = :secret";
  103. // AND valid_until > NOW() ";
  104. $t = nuRunQuery($sql, ['secret' => $secret]);
  105. // echo "the t $secret\n";
  106. // var_dump($t);
  107. $a = db_fetch_array($t);
  108. // echo "the a\n";
  109. // var_dump($a);
  110. if ($a) {
  111. return $a['community_reset_id'];
  112. }
  113. return null;
  114. }
  115. function wmde_setPassByMail($email,$pass)
  116. {
  117. $id = wmde_getCommunityId($email);
  118. if (!$id)
  119. return false;
  120. return wmde_setPass($id,$pass);
  121. }
  122. function wmde_sendPasswordResetMail($email)
  123. {
  124. $community_id = wmde_getCommunityId($email,false);
  125. // var_dump($community_id);
  126. // var_dump($email);
  127. if (!$community_id)
  128. return false;
  129. $secret = wmde_createPasswordResetSecret($community_id);
  130. if (!$secret ) {
  131. return false;
  132. }
  133. include "mailtext.tpl";
  134. $sender='noc@wikipedia.de';
  135. $sendmail = "/usr/sbin/sendmail";
  136. $text = "To: $email\n";
  137. $text.= "From: Wikimedia Team IT <noc@wikipedia.de>\n";
  138. $text.= "MIME-Version: 1.0\n";
  139. $text.= "Content-Transfer-Encoding: 8bit\n";
  140. $text.= "Content-Type: text/plain; charset=utf-8\n";
  141. $text.= "Subject: $mail_subject\n\n";
  142. $text.= $mail_text;
  143. $cmd = "echo '$text' | $sendmail -f noc@wikipedia.de $email";
  144. exec ($cmd);
  145. return $secret;
  146. }