From 0c98f13eee10a61cabdc13e7aa75916d50b8b078 Mon Sep 17 00:00:00 2001
From: Philip Häusler <msquare@notrademark.de>
Date: Thu, 26 Dec 2013 13:34:48 +0100
Subject: user password recovery

---
 includes/model/User_model.php | 46 ++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 45 insertions(+), 1 deletion(-)

(limited to 'includes/model/User_model.php')

diff --git a/includes/model/User_model.php b/includes/model/User_model.php
index 884aeae8..523685df 100644
--- a/includes/model/User_model.php
+++ b/includes/model/User_model.php
@@ -30,10 +30,40 @@ function User_by_api_key($api_key) {
   return $user[0];
 }
 
+/**
+ * Returns User by email.
+ *
+ * @param string $email          
+ * @return Matching user, null or false on error
+ */
+function User_by_email($email) {
+  $user = sql_select("SELECT * FROM `User` WHERE `email`='" . sql_escape($email) . "' LIMIT 1");
+  if ($user === false)
+    return false;
+  if (count($user) == 0)
+    return null;
+  return $user[0];
+}
+
+/**
+ * Returns User by password token.
+ *
+ * @param string $token          
+ * @return Matching user, null or false on error
+ */
+function User_by_password_recovery_token($token) {
+  $user = sql_select("SELECT * FROM `User` WHERE `password_recovery_token`='" . sql_escape($token) . "' LIMIT 1");
+  if ($user === false)
+    return false;
+  if (count($user) == 0)
+    return null;
+  return $user[0];
+}
+
 /**
  * Generates a new api key for given user.
  *
- * @param User $user
+ * @param User $user          
  */
 function User_reset_api_key(&$user) {
   $user['api_key'] = md5($user['Nick'] . time() . rand());
@@ -43,4 +73,18 @@ function User_reset_api_key(&$user) {
   engelsystem_log("API key resetted.");
 }
 
+/**
+ * Generates a new password recovery token for given user.
+ *
+ * @param User $user          
+ */
+function User_generate_password_recovery_token(&$user) {
+  $user['password_recovery_token'] = md5($user['Nick'] . time() . rand());
+  $result = sql_query("UPDATE `User` SET `password_recovery_token`='" . sql_escape($user['password_recovery_token']) . "' WHERE `UID`='" . sql_escape($user['UID']) . "' LIMIT 1");
+  if ($result === false)
+    return false;
+  engelsystem_log("Password recovery for " . $user['Nick'] . " started.");
+  return $user['password_recovery_token'];
+}
+
 ?>
\ No newline at end of file
-- 
cgit v1.2.3-54-g00ecf