FileTrackingSystem/mailer.php at main · SHRbharat/FileTrackingSystem · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
<?php
session_start();
ini_set('display_errors', 1); //display errors on screen

require 'assets/PHPMailer/src/Exception.php';
require 'assets/PHPMailer/src/PHPMailer.php';
require 'assets/PHPMailer/src/SMTP.php';

use PHPMailer\PHPMailer\SMTP;
use PHPMailer\PHPMailer\PHPMailer;

class MailerAction {
    private $db;

	public function __construct() {
   		include 'db_connect.php';
    	$this->db = $conn;
	}
	function __destruct() {
	    $this->db->close();
	}

    function generateOTP() {
        return str_pad(mt_rand(0, 999999), 6, '0', STR_PAD_LEFT);
    }

    function send_otp() {
        extract($_POST);
        $user_id = "";

        //find user_id and email check
        $qry = $this->db->query("select id from users where email = '".$email."' and active = 1");
        if($qry->num_rows != 1){
            //email not registered
            return 1;
        }else{
            //email is registered
            $qry = $qry->fetch_assoc();
            $user_id = $qry['id'];

            //check if first time login or not
            $qry = $this->db->query("select user_id from new_user where user_id = '".$user_id."'");
            if($qry->num_rows > 0){
                //new user
                //need to set his password first
                return 2;
            }else{
                //not a new user ---> prepare to send otp  ( handle otp resends)
                $otp = $this->generateOTP();


                $mail = new PHPMailer(true);
                $mail->isSMTP();
                $mail->Host = 'smtp.gmail.com';
                $mail->SMTPAuth = true;
                $mail->Port = 465;
                $mail->Username = '';  //sender
                $mail->Password = '';
                $mail->SMTPSecure = PHPMailer::ENCRYPTION_SMTPS;
                $mail->setFrom(''); //sender
                $mail->addAddress($email); //receiver
                $mail->isHTML(true);
                $mail->Subject = 'Password Reset OTP';
                $mail->Body = "FTS - KNIT | Your OTP for password reset is: ".$otp;

                try{
                    if($mail->send() && $this->storeOTP($email,$otp)){
                        $_SESSION['recovery_email'] = $email;
                        return 0;
                    }else{
                        return 3;
                    }
                }catch(Exception $e){
                    return 3;
                }
            }
        }

        return 4;
    }

    function storeOTP($email, $otp) {
        $expiration = date('Y-m-d H:i:s', strtotime('+10 minutes'));

        //check for otp resends
        $qry = $this->db->query("select * from password_reset where email = '".$email."'");
        if($qry->num_rows > 0){
            //otp resend
            $qry = $this->db->prepare("UPDATE password_reset SET otp = ? , expiration_time = ?");
            $qry->bind_param("ss", $otp, $expiration);
        }else{
            $qry = $this->db->prepare("INSERT INTO password_reset (email, otp, expiration_time) VALUES (?, ?, ?)");
            $qry->bind_param("sss", $email, $otp, $expiration);
        }

        return $qry->execute();
    }

    function verify_otp() {
        extract($_POST);
        $email =  $_SESSION['recovery_email'];

        $qry = $this->db->prepare("SELECT * FROM password_reset WHERE email = ? AND otp = ?");
        // $qry = $this->db->prepare("SELECT * FROM password_reset WHERE email = ? AND otp = ? AND expiration_time >= NOW()");
        $qry->bind_param("ss",$email, $otp);
        $qry->execute();
        $result = $qry->get_result();

        if($result->num_rows > 0){
            //otp matched
            $qry = $this->db->query("delete from password_reset WHERE email = '".$email."'");
            if($qry){
                return 0;
            }
            return 2;
        }else{
            return 101;
        }
    }

    function reset_password() {
        extract($_POST);
        $email = $_SESSION['recovery_email'];
        $password = md5($_password);
        $qry = $this->db->prepare("update users set password = ? where email = ? and active = 1");
        $qry->bind_param("ss",$password,$email);
        $qry->execute();

        if($qry->execute()){
            return 0;
        }
        return 1;
    }


}


$action = $_GET['action'];

$crud = new MailerAction();
if($action == 'send_otp'){
	$save = $crud->send_otp();
	if($save)
		echo $save;
}

if($action == 'verify_otp'){
	$save = $crud->verify_otp();
	if($save)
		echo $save;
}

if($action == 'reset_password'){
	$save = $crud->reset_password();
	if($save)
		echo $save;
}