Início / Optitravel / Security / Password encrypt

PasswordRecover

This class has the function of managing the generation and verification of tokens and password recovery links as well as updating the password in the clients_users table. It receives the system database per parameter in the constructor.

• PasswordRecover
• Class Path
• Methods
  • public function generateRecoverLink($clientUserId)
  • public function verifyRecoverToken($token)
  • public function updatePassword($clientUserId, $password, $token)
  • public function expireRecoverToken($token)
  • private function createRecoverToken($token, $clientUserId)
  • private function checkTokenAvaiability($token)
  • private function generateToken

Class Path

includes/classes/security/class_password_recover.php

Methods

public function generateRecoverLink($clientUserId)

This is a public method that receives a integer per parameter. This function generates a random token by the function generateToken and then verifies if the token already exists, if not it saves the token in the database using the createRecoverToken function and returns the recover link.

public function generateRecoverLink($clientUserId){

    $tokenRecords = 1;
    $token = '';
    while ($tokenRecords > 0) {
        $token = $this->generateToken();
        $tokenRecords = $this->checkTokenAvaiability($token);
    }
    if ($this->createRecoverToken($token, $clientUserId)) {
        return 'recuperar_password.php?code='.$token;
    } else {
        return '';
    }

}

public function verifyRecoverToken($token)

This is a public method that receives a string per parameter. This function makes a searches in the system database for the token received by param and return the row as an array.

public function verifyRecoverToken($token){

    try {
        $query = "SELECT * from recover_token where token = '{$token}' ";
        $resultado = $this->db_cliente->Execute($query) or die($this->db_cliente->ErrorMsg());
        return array(
            'expired' => $resultado->fields('expired'),
            'clientUserId' => $resultado->fields('clientUserId'),
            'token' => $resultado->fields('token'),
            'userId' => $resultado->fields('clientUserId')
        );

    } catch (\Throwable $th) {
        return $th->getMessage();
    }  

} 

public function updatePassword($clientUserId, $password, $token)

This is a public method that receives a integer and 2 strings per parameter. This function updates the client password in the system database and sets the recover token as expired using the function expireRecoverToken.

public function updatePassword($clientUserId, $password, $token){

    try {
        $stmt = $this->db_cliente->prepare("UPDATE clients_users set password = ?, plain_pwd = ? where id = ? ");
        $bindVariables = array(0 => $password, 1 => 0, 2 => $clientUserId);
        if ($this->db_cliente->Execute($stmt,$bindVariables)) {
            $this->expireRecoverToken($token);
            return true;
        }else {
            return false;
        }

    } catch (\Throwable $th) {
        return $th->getMessage();
    }   

}

public function expireRecoverToken($token)

This is a public method that receives a string per parameter. This function updates the expired field to 1 in the recover_token table and return the result of the update operation.

private function expireRecoverToken($token){

    try {
        $stmt = $this->db_cliente->prepare("UPDATE recover_token set expired = 1 where token = ? ");
        $bindVariables = array(0 => $token);
        return $this->db_cliente->Execute($stmt,$bindVariables);

    } catch (\Throwable $th) {
        return $th->getMessage();
    }  

}

private function createRecoverToken($token, $clientUserId)

This is a public method that receives an integer and a string per parameter. This function inserts a new recover token in the system database and return the result of the update operation.

private function createRecoverToken($token, $clientUserId){

    try {
        $stmt = $this->db_cliente->prepare("INSERT INTO recover_token(token, clientUserId, expired) 
        VALUES (?, ?, ?)");
        $bindVariables = array(0 => $token, 1 => $clientUserId, 2 => 0);
        return $this->db_cliente->Execute($stmt,$bindVariables);

    } catch (\Throwable $th) {
        return $th->getMessage();
    }  

}

private function checkTokenAvaiability($token)

This is a private method that receives a string per parameter. This function searches the table recover_token for a specific token and returns the number of occurrences of that token.

private function checkTokenAvaiability($token){

    try {
        $query = "SELECT * from recover_token where token = '{$token}' ";
        $resultado = $this->db_cliente->Execute($query) or die($this->db_cliente->ErrorMsg());
        return $resultado->recordCount();
    } catch (\Throwable $th) {
        return $th->getMessage();
    }

}

private function generateToken

This is a private method that does not receive parameters. Generates a random alphanumeric string with 20 characters long,concatenate it with a timestamp and return it.

private function generateToken(){

    $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!_-';
    $charactersLength = strlen($characters);
    $token = '';
    for ($i = 0; $i < 20; $i++) {
        $token .= $characters[random_int(0, $charactersLength - 1)];
    }
    $now = new DateTime();
    $token .= $now->format('dmYHis');
    return $token;

}

---

↑ (Última atualização: 05/11/2024)