misuzu/src/Users/recovery.php

<?php
define('MSZ_USER_RECOVERY_TOKEN_LENGTH', 6); // * 2

function user_recovery_token_sent(int $userId, string $ipAddress): bool
{
    $tokenSent = db_prepare('
        SELECT COUNT(`verification_code`) > 0
        FROM `msz_users_password_resets`
        WHERE `user_id` = :user
        AND `reset_ip` = INET6_ATON(:ip)
        AND `reset_requested` > NOW() - INTERVAL 1 HOUR
        AND `verification_code` IS NOT NULL
    ');

    $tokenSent->bindValue('user', $userId);
    $tokenSent->bindValue('ip', $ipAddress);

    return $tokenSent->execute() ? (bool)$tokenSent->fetchColumn() : false;
}

function user_recovery_token_validate(int $userId, string $token): bool
{
    $validateToken = db_prepare('
        SELECT COUNT(`user_id`) > 0
        FROM `msz_users_password_resets`
        WHERE `user_id` = :user
        AND `verification_code` = :code
        AND `verification_code` IS NOT NULL
        AND `reset_requested` > NOW() - INTERVAL 1 HOUR
    ');

    $validateToken->bindValue('user', $userId);
    $validateToken->bindValue('code', $token);

    return $validateToken->execute() ? (bool)$validateToken->fetchColumn() : false;
}

function user_recovery_token_generate(): string
{
    return bin2hex(random_bytes(MSZ_USER_RECOVERY_TOKEN_LENGTH));
}

function user_recovery_token_create(int $userId, string $ipAddress): string
{
    $code = user_recovery_token_generate();

    $insertResetKey = db_prepare('
        REPLACE INTO `msz_users_password_resets`
            (`user_id`, `reset_ip`, `verification_code`)
        VALUES
            (:user, INET6_ATON(:ip), :code)
    ');
    $insertResetKey->bindValue('user', $userId);
    $insertResetKey->bindValue('ip', $ipAddress);
    $insertResetKey->bindValue('code', $code);

    return $insertResetKey->execute() ? $code : '';
}

function user_recovery_token_invalidate(int $userId, string $token): void
{
    $invalidateCode = db_prepare('
        UPDATE `msz_users_password_resets`
        SET `verification_code` = NULL
        WHERE `verification_code` = :code
        AND `user_id` = :user
    ');

    $invalidateCode->bindValue('user', $userId);
    $invalidateCode->bindValue('code', $token);
    $invalidateCode->execute();
}
Moved password recovery code into its own file. 2018-10-08 14:59:58 +02:00			`<?php`
			`define('MSZ_USER_RECOVERY_TOKEN_LENGTH', 6); // * 2`

			`function user_recovery_token_sent(int $userId, string $ipAddress): bool`
			`{`
			`$tokenSent = db_prepare('`
			SELECT COUNT(`verification_code`) > 0
			FROM `msz_users_password_resets`
			WHERE `user_id` = :user
			AND `reset_ip` = INET6_ATON(:ip)
			AND `reset_requested` > NOW() - INTERVAL 1 HOUR
			AND `verification_code` IS NOT NULL
			`');`

			`$tokenSent->bindValue('user', $userId);`
			`$tokenSent->bindValue('ip', $ipAddress);`

			`return $tokenSent->execute() ? (bool)$tokenSent->fetchColumn() : false;`
			`}`

			`function user_recovery_token_validate(int $userId, string $token): bool`
			`{`
			`$validateToken = db_prepare('`
			SELECT COUNT(`user_id`) > 0
			FROM `msz_users_password_resets`
			WHERE `user_id` = :user
			AND `verification_code` = :code
			AND `verification_code` IS NOT NULL
			AND `reset_requested` > NOW() - INTERVAL 1 HOUR
			`');`

			`$validateToken->bindValue('user', $userId);`
			`$validateToken->bindValue('code', $token);`

			`return $validateToken->execute() ? (bool)$validateToken->fetchColumn() : false;`
			`}`

			`function user_recovery_token_generate(): string`
			`{`
			`return bin2hex(random_bytes(MSZ_USER_RECOVERY_TOKEN_LENGTH));`
			`}`

			`function user_recovery_token_create(int $userId, string $ipAddress): string`
			`{`
			`$code = user_recovery_token_generate();`

			`$insertResetKey = db_prepare('`
			REPLACE INTO `msz_users_password_resets`
			(`user_id`, `reset_ip`, `verification_code`)
			`VALUES`
			`(:user, INET6_ATON(:ip), :code)`
			`');`
			`$insertResetKey->bindValue('user', $userId);`
			`$insertResetKey->bindValue('ip', $ipAddress);`
			`$insertResetKey->bindValue('code', $code);`

			`return $insertResetKey->execute() ? $code : '';`
			`}`

			`function user_recovery_token_invalidate(int $userId, string $token): void`
			`{`
			`$invalidateCode = db_prepare('`
			UPDATE `msz_users_password_resets`
			SET `verification_code` = NULL
			WHERE `verification_code` = :code
			AND `user_id` = :user
			`');`

			`$invalidateCode->bindValue('user', $userId);`
			`$invalidateCode->bindValue('code', $token);`
			`$invalidateCode->execute();`
			`}`