isPost()) throw new Exception("Only POST requests allowed here"); $email = $request->get('login'); $passwd = $request->get('password'); if (empty($email)) throw new Exception("No email supplied"); if (empty($passwd)) throw new Exception("No password supplied"); $sql = sprintf("SELECT id,email,name FROM sys_user WHERE email = %s AND passwd = %s", $this->db->quote($email), $this->db->quote(md5($email.'+'.$passwd))); $row = $this->db->fetchObject($sql); if ($row === false) throw new Exception("Logindaten falsch"); $_SESSION = ['userid' => $row->id, 'email' => $row->email, 'name' => $row->name]; $response->setLocation($this->app->getBaseURL()); } public function logoutAction($request, $response) { $_SESSION = []; $response->setLocation($this->app->getBaseURL()); } public function ajaxLostpw($request, $response, $data) { $user = new Sys_User($data['email'], 'email'); if ($user->id()) { $user->generateKey(); $request = Application::get()->getRequest(); $url = sprintf('%s://%s%s', $request->getScheme(), $request->getHttpHost(), Application::get()->getBaseURL()); $url .= 'account/lostpw?'.$user->get('pwkey'); $body = Template::render('account/lostpwmail', ['name' => $user->get('name'), 'email' => $user->get('email'), 'url' => $url, ]); $mail = new Mail(); $mail->env_from(MAIL_FROM); $mail->set('From', mb_encode_mimeheader(utf8_decode(sprintf("%s <%s>", MAIL_FROM_NAME, MAIL_FROM)),'latin1')); $mail->set('To', $user->get('email')); $mail->set('Subject', mb_encode_mimeheader(utf8_decode("Passwort setzen"),'latin1')); $mail->send($body); } } public function lostpwAction($request, $response) { $response->setData(Template::render('page/lostpw', ['action' => $this->app->getBaseURL().'account/setpw', 'pwkey' => $request->getServer('QUERY_STRING'), ])); } public function ajaxSetpw($request, $response, $data) { if (!strlen($data['password']) || $data['password'] != $data['password2'] || strlen($data['password']) < 8) throw new Exception("Passwort ungültig"); $sql = sprintf("SELECT id FROM sys_user WHERE email = %s AND pwkey = %s AND pwkey_valid <= now()", $this->db->quote($data['login']), $this->db->quote($data['pwkey'])); $id = $this->db->fetchValue($sql); if (!$id) throw new Exception('Zugangsdaten ungültig'); $user = new Sys_User($id); if (!$user->setPassword($data['password'])) throw new Exception('Das Passwort konnte nicht gesetzt werden'); $response->setData(['goto' => $this->app->getBaseURL()]); } }